Re: the cold-boot attack - a paper tiger?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dear friends,

it´s a pleasure for me to see this discussion is alive again.
Since the cold-boot attack study released no sources or a working program, I doubted if it really reveals a substantial thread. This part from http://citp.princeton.edu/memory/faq/ says it all:

Q. Are your programs or source code available?
A. Due to the sensitive nature of this research, we have not released programs or source code at this time.

What´s sensitive about it? Such meaningless phrases annoy me. "Recovering" data from somewhere is nothing sensitive, entirely new or 007-like. So as there is no code available to prove claims I remembered some tool to get back deleted files from memory cards and the like. For kubuntu this program is included in the "testdisk" package. Its name is photorec as it usually deals with the reconstruction of pictures on erased/formatted memory cards. It did quite a good job on some SD card of mine, so I wondered what 'photorec /dev/mem' would lead to.
Well, within about 2 minutes photorec "recovers" some 22,200 files from 1.5 GB of DRAM. Very sensitive, right? Anyone can do it anytime and it is all free. Now, my question is:

What distinct string can I look for in these thousands of (text)files to identify key-material of loop-aes?

Remember, the passphrase to unlock the keyfile wasn´t found but isn´t needed if only the 65 decrypted keys can be fetched. Moreover, photorec is a standard part of KNOPPIX. So booting to run-level 3 form CD might unveil highly sensitive data.

Best regards,
Peter
-- 
Psssst! Schon vom neuen GMX MultiMessenger gehört?
Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/


[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux