Hi, since Jacob talked about his cold-boot attack stunt at 25C3[1,2] (go watch his talk, he mentions us but not the super-shy dm-crypt people :-) and I am still in the process of hacking some loop-AES magic into the recent Slackware (namely its installer), I wrote a script regarding the attack and attached it (let's hope the mailinglist software can cope - else you can get it from [3]) From the upcoming text: FAQ 28: Is there a defense against the cold-boot attack? In short, there is not. The only way to be safe is to prevent physical access to the machine in question. On the other hand, the attack aims towards aquiring encryption keys. So why not give the attacker both what he is looking for anyway and slow him down at the same time? Concerning loop-AES, follow these guidelines: - Disable network,USB,CD-ROM booting in BIOS and boot from harddisk (with the key residing on an external medium) - Use a different cipher than AES, namely Serpent. - If you must use the AES cipher, do not use key scrubbing. - And most importantly, set up as many encrypted loop-devices as possible. The attacker does not know about the layout of your system, he is just looking for encryption keys within a memory image he has obtained through questionable methods. So by spamming the system RAM with encryption keys you let the attacker sort it all out and do not make it deliberatly easy for him by just setting up the few encrypted loop devices you actually use. Trade memory for time. While this procedure does not stop the attacker, it surely slows him down. Maybe this attack is carried out with a relatively short time-window and this procedure just might buy you the time (or obscurity) you need - who knows? In case you know or have a feeling that your system has been subjected to the cold-boot attack (f.e. at US customs, a friendly visit of your DHS agent, ...), ditch your current crypto setup and recreate it from scratch. You can use this script to set up a number of encrypted loop-devices automatically on boot, different available ciphers are chosen somewhat randomly. Feel free to adapt it to your needs. first adapt the config. then f.e. use loopsetup.sh 33 setup in order to set up encrypted loop-devices 33-254 with aes256,serpent256,twofish256 picked somewhat-randomly and if you want to detach encrypted loop-devices again use loopsetup.sh 33 destroy [1] http://events.ccc.de/congress/2008/Fahrplan/events/2922.en.html [2] http://ftp.ccc.de/congress/25c3/video_h264_720x576/25c3-2922-en-advanced_memory_forensics_the_cold_boot_attacks.mp4 [3] http://mareichelt.de/pub/mine/loopsetup.sh -- left blank, right bald loop-AES FAQ: http://mareichelt.de/pub/texts.loop-aes.php#faq
Attachment:
pgp9QGy4ZhIOm.pgp
Description: PGP signature