> can't the generated keys
> also be
> placed in memory which the BIOS will overwrite?
A serious attacker will not try to reboot the machine.
They will freeze the DRAM and remove it.
All of this still depends on them interrupting power
while the loop is up. From my reading of the paper, in
their tests they only interrupted power "momentarily".
The longer the RAM stays powered off without lower
temperatures, the less chance keys will be recovered.
You're saying a "kid sister" measure to overwrite the
vestigial keys once the BIOS kicks in is better than
nothing. Maybe it is at that.
What about just physically raising the ambient
temperature of the DRAM (put a heater under it, or
move it to a hot part of the box)? How hot does it
have to be at power interruption before recovery is
unlikely?
Or: Doesn't their paper say types of RAM vary
considerably in this remanence effect? Pick a type
that makes it difficult?
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
