Hi Roscoe, you are describing what is/was know ans a secure microcontroller. The approach is reasonable, however for this to work in a general-purpose OS, I think you need application support. If you have that, you can make sure the key material and derived information resides only in locked memory. You can then erase the memory either with the help of the application or in some other way on your trigger. How secure the result will be depends to a large degree on the attack-detection mechanism used. A simple pulling of the plug can be detected relatively easily and PSU reserves give you something like 10-20ms to erase your key. Arno On Wed, Jan 07, 2009 at 09:39:56AM +0800, Roscoe wrote: > Hey all, > > > This particular attack seems to me to be the most likely way to defeat > any reasonably well setup dm-crypt scheme. > > > So, I have the following [likely non-original] idea, which is only > applicable in specific situations. > > That is to have a daemon, that upon some event, automatically erases > all the memory on the machine. > > The event could be a SMS, an email, some case alarm, but most likely > some physical trigger feed into the daemon via a microcontroller > plugged into USB/serial. > (The trigger could be a reed switch on a door, a motion sensor, > pressure gauge, an accelerometer etc..) > > Naturally you would need the computer in question to one a UPS. > > Also there would have to be either some kernel patch to add a > "wipe_all_system_mem()" functionality, or maybe one could leverage > kexec in some manner. > > > What do you guys think, does this sound reasonable? > > > -- Roscoe > > --------------------------------------------------------------------- > dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ > To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx > For additional commands, e-mail: dm-crypt-help@xxxxxxxx > -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
