Re: regarding the cold-boot attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



You can wipe the free ram by quitting X and running smem, one of the secure_delete utilities by THC.  This should only be of value though if running a standard kernel using unsanitized pipe buffers.

As for setting up multiple loops to create decoy keys in memory: perhaps a simple program that writes hundreds or thousands of "camouflage" keys to memory for use before using loopaes could be handy for the paranoid ...

It would not be hard to knock up, maybe Perl or Python.


--- On Mon, 5/1/09, markus reichelt <ml@xxxxxxxxxxxxx> wrote:

> From: markus reichelt <ml@xxxxxxxxxxxxx>
> Subject: Re: regarding the cold-boot attack
> To: linux-crypto@xxxxxxxxxxxx
> Date: Monday, 5 January, 2009, 4:10 PM
> * Huszár Viktor Dénes <hvd@xxxxxx> wrote:
> 
> > Anders is right, filling the memory with 0s once the
> shut down
> > procedure starts is only to keep away the rookies. A
> professional
> > cold boot attack would be cooling down the DRAMS,
> power off the
> > machine, putting the DRAMS in the other computer and
> booting with
> > the imaging tool.
> 
> If you power down a system utilizing loop-AES, all key
> material is
> sanitized after encrypted partitions are unmounted because
> the
> corresponding loop-devices are detached. There is an
> execption tho,
> have a look at
> http://mareichelt.de/pub/texts.loop-aes.php#faq25
> 
> So there's practically no need to wipe the memory,
> regarding loop-AES
> key material. Otoh, it wouldn't hurt either. It might
> be a nice thing
> to have if one wants all traces of system activity gone
> ASAP and not
> wanting to wait for memory to decay after shutdown. Think
> of PGP/GPG
> password(s), f.e.
> 
> 
> > However, my question is what Markus wrote, why do you
> suggest
> > Serpent instead of AES cipher?
> 
> Serpent has a more complex key schedule and an attack of a
> somewhat-decayed memory image containing the key is less
> likely to
> succeed than with an AES cipher; error correction only
> works to some
> extend. It's mentioned in the paper, IIRC.
> 
> Otoh, Serpent is 2-6 times slower than AES. But with a
> moderately
> modern setup and increasing computing power that carries
> less and
> less weight.
> 
> 
> Example: By embedding the real key used for root encryption
> in a
> cloud of 100 keys slows down the attacker. And when one
> mounts /home
> and embedds that key also in a cloud of 100 keys, it jumps
> right in
> the face of the hyped features of the cold-boot attack.
> 
> Again, it doesn't defend against the attack, it just
> lets you have
> fun with the attacker. Speaking of fun, just think of using
> a
> live-CD, spam the memory with several hundred random keys,
> and none
> works. :-)
> 
> -- 
> left blank, right bald
> loop-AES FAQ:
> http://mareichelt.de/pub/texts.loop-aes.php#faq


      

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/



[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux