Not entirely. When I originally read about the cold boot attack, the articles I was reading put it into the context of "even if you turn off your computer, someone could come along several minutes later and retrieve encryption keys from your RAM (oh noes!)". I grasp the other issue of someone power-cycling a computer while loop devices are mounted (or gpg keys in memory, or whatever you like) :) But thank you, now I'm on the same page. --Nicholas On Sun, January 4, 2009 8:56 pm, Anders Andersson wrote: > Well, you missed checking what "cold boot" means, for example. Quoting from Wikipedia: > > "A hard reboot (also known as a cold reboot, cold boot or cold start) is when power to a computer is cycled (turned off and then on) or a special reset signal to the processor is triggered (from a front panel switch of some sort). This restarts the computer without first > performing any shut-down procedure." > > The last sentence is what's important here. > > Kind regards, > Anders > > > On Sun, Jan 4, 2009 at 8:08 PM, Nicholas <nicholas@xxxxxx> wrote: >> Regarding the Cold Boot attack, it occurred to me that all you would have >> to do to defeat it is rig the linux kernel (or whatever OS you're using) to just fill the memory with 0's before shutting down completely (assuming >> a soft shutdown is possible). I'm not a computer programmer, but I would >> imagine this would solve any problems with keys remaining in memory. Is this a viable option? Or perhaps I'm missing something? >> >> --Nicholas >snip!< - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
