Would be nice to have, but is technologically infeasible. The attack relies on hard-reset. This stops everything in its tracks. No additional code can be executed. Arno On Thu, Feb 21, 2008 at 10:40:23PM +0100, noah wrote: > http://citp.princeton.edu/memory/ > The idea is not new, but still, it's possible to recover encryption > keys from RAM chips for many disk encryption systems, including > dm-crypt, some time after a power off. The time ranges from a couple > of seconds to minutes, and can be further increased by cooling down > the RAM chips with off-the-shelf canned air. > > Wouldn't it be desirable to have dm-crypt scrub the keys in use on > reboot and/or panic()? > At least as an option. *hint, hint*. > > -- noah > > --------------------------------------------------------------------- > dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ > To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx > For additional commands, e-mail: dm-crypt-help@xxxxxxxx > -- Arno Wagner, Dipl. Inform., CISSP --- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
