* Huszár Viktor Dénes <hvd@xxxxxx> wrote: > Anders is right, filling the memory with 0s once the shut down > procedure starts is only to keep away the rookies. A professional > cold boot attack would be cooling down the DRAMS, power off the > machine, putting the DRAMS in the other computer and booting with > the imaging tool. If you power down a system utilizing loop-AES, all key material is sanitized after encrypted partitions are unmounted because the corresponding loop-devices are detached. There is an execption tho, have a look at http://mareichelt.de/pub/texts.loop-aes.php#faq25 So there's practically no need to wipe the memory, regarding loop-AES key material. Otoh, it wouldn't hurt either. It might be a nice thing to have if one wants all traces of system activity gone ASAP and not wanting to wait for memory to decay after shutdown. Think of PGP/GPG password(s), f.e. > However, my question is what Markus wrote, why do you suggest > Serpent instead of AES cipher? Serpent has a more complex key schedule and an attack of a somewhat-decayed memory image containing the key is less likely to succeed than with an AES cipher; error correction only works to some extend. It's mentioned in the paper, IIRC. Otoh, Serpent is 2-6 times slower than AES. But with a moderately modern setup and increasing computing power that carries less and less weight. Example: By embedding the real key used for root encryption in a cloud of 100 keys slows down the attacker. And when one mounts /home and embedds that key also in a cloud of 100 keys, it jumps right in the face of the hyped features of the cold-boot attack. Again, it doesn't defend against the attack, it just lets you have fun with the attacker. Speaking of fun, just think of using a live-CD, spam the memory with several hundred random keys, and none works. :-) -- left blank, right bald loop-AES FAQ: http://mareichelt.de/pub/texts.loop-aes.php#faq
Attachment:
pgp8Lf7LAMW4j.pgp
Description: PGP signature
