Hello everyone! Maybe you remember the cold-boot attack described at http://citp.princeton.edu/memory/ claiming memory remanence to leak passwords used in popular disk encryption software. For truecrypt and other suites this might apply, but there was some thing called "key scrubbing" in loop-aes. As a cold-boot attack comprises the passphrase recovery even after a system reset it ought to be even easier to check memory on a running system. So does a simple command listed at http://citp.princeton.edu/memory/exp/ 'sudo strings /dev/mem | less' Since I know the passphrase I recently entered to mount an encrypted volume, I can search for it in memory like this: 'sudo strings /dev/mem | grep *somepass*' Surprisingly nothing happens. A passphrase as entered in cleartext is never returned. Most likely, a reboot won´t make a change for the better. Maybe putting memory modules in cryo stasis allows for recording some bit-patterns. As of now, this boot attack reveals nothing helpful to my eyes. Or could you tell me at what point I acted amiss? Best regards Peter -- Desperate Housewives - das Spiel! Pikante Skandale, schockierende Details unter: http://flat.games.gmx.de - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
