Regarding the Cold Boot attack, it occurred to me that all you would have to do to defeat it is rig the linux kernel (or whatever OS you're using) to just fill the memory with 0's before shutting down completely (assuming a soft shutdown is possible). I'm not a computer programmer, but I would imagine this would solve any problems with keys remaining in memory. Is this a viable option? Or perhaps I'm missing something? --Nicholas On Fri, January 2, 2009 9:00 pm, markus reichelt wrote: > Hi, > > since Jacob talked about his cold-boot attack stunt at 25C3[1,2] (go > watch his talk, he mentions us but not the super-shy dm-crypt people > :-) and I am still in the process of hacking some loop-AES magic into > the recent Slackware (namely its installer), I wrote a script > regarding the attack and attached it (let's hope the mailinglist > software can cope - else you can get it from [3]) > > > From the upcoming text: > > > FAQ 28: Is there a defense against the cold-boot attack? > > In short, there is not. The only way to be safe is to prevent > physical access to the machine in question. > > On the other hand, the attack aims towards aquiring encryption keys. > So why not give the attacker both what he is looking for anyway and > slow him down at the same time? Concerning loop-AES, follow these > guidelines: > > - Disable network,USB,CD-ROM booting in BIOS and boot from harddisk > (with the key residing on an external medium) > > - Use a different cipher than AES, namely Serpent. > > - If you must use the AES cipher, do not use key scrubbing. > > - And most importantly, set up as many encrypted loop-devices as > possible. > > The attacker does not know about the layout of your system, he is > just looking for encryption keys within a memory image he has > obtained through questionable methods. So by spamming the system RAM > with encryption keys you let the attacker sort it all out and do not > make it deliberatly easy for him by just setting up the few encrypted > loop devices you actually use. Trade memory for time. > > While this procedure does not stop the attacker, it surely slows him > down. Maybe this attack is carried out with a relatively short > time-window and this procedure just might buy you the time (or > obscurity) you need - who knows? > > In case you know or have a feeling that your system has been > subjected to the cold-boot attack (f.e. at US customs, a friendly > visit of your DHS agent, ...), ditch your current crypto setup and > recreate it from scratch. > > > You can use this script to set up a number of encrypted loop-devices > automatically on boot, different available ciphers are chosen > somewhat randomly. Feel free to adapt it to your needs. > > first adapt the config. then f.e. use > > loopsetup.sh 33 setup > > in order to set up encrypted loop-devices 33-254 with > aes256,serpent256,twofish256 picked somewhat-randomly > > and if you want to detach encrypted loop-devices again use > > loopsetup.sh 33 destroy > > > > [1] http://events.ccc.de/congress/2008/Fahrplan/events/2922.en.html > [2] > http://ftp.ccc.de/congress/25c3/video_h264_720x576/25c3-2922-en-advanced_memory_forensics_the_cold_boot_attacks.mp4 > [3] http://mareichelt.de/pub/mine/loopsetup.sh > -- > left blank, right bald > loop-AES FAQ: http://mareichelt.de/pub/texts.loop-aes.php#faq - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
