FWIW just saw a slashdot article on a method attempting to negate cold boot attacks: http://it.slashdot.org/article.pl?sid=09/01/18/2110235 On Tue, Jan 13, 2009 at 8:25 PM, Roscoe <eocsor@xxxxxxxxx> wrote: > On Sun, Jan 11, 2009 at 11:53 PM, Sarah Dean <sdean12@xxxxxxxxxxx> wrote: >> If you're nuking *all* the system's memory, you could end up >> overwriting the process which is doing the overwriting/parts of the >> system which it requires to operate; > > Wiping all RAM that is indeed the tricky part of this plan. That, I > have no idea how to approach but believe it (possibly out of ignorance > and optimism) to be solvable. > > (You wouldn't have to wipe *all* the RAM, if you were sure the parts > you didn't wipe couldn't conceivably contain anything sensitive) > >> ISTM that the most efficient way of preventing cold boot attacks is to >> simply dismount your encrypted volumes on the trigger event. > > Well, my thoughts are that on a system with mounted encrypted > partitions, the sensitive information we are trying to protect is the > contents of that partition. So, wiping the key is good, but if there's > a buffer in RAM (be it caching file system io, or holding your irssi > conversation) holding all your secrets that didn't get wiped, that's > not so good. > > Thus I'd like to wipe it all. > > > -- Roscoe > --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
