On 02/14/2011 02:03 PM, Peter wrote: > I've been reading Gutmann's paper on data remanence, which says that > if some data is kept in the same memory location for very little time > (1 second), the possibility for recovery of this data is very low, > because the data had not yet had the time to change the relevant > physical properties used in cold boot attacks. My question is, does > dm-crypt change the memory location of encryption key every second? > Does dm-crypt rewrite the memory location of the key when removing an > active mapping? What other cold boot attack mitigation techniques the > dm-crypt does? Hi, (I guess you are talking about - quite old - paper named "Data remanence in semiconductor devices", right? Then the mandatory reading is http://citp.princeton.edu/memory/ ) In short - dmcrypt doesn't rewrite key and change location every few seconds and I hope it never will be doing such things. The "hard" version of Cold Boot is using cooling chips to low temperature (-50C and lower) the 1 second is no longer true in this case. Moreover, this attacks also include "platform reset" attack when you simply reset device and store memory image, because the power was still present, there is no memory loss (except few pages for image tool). The only possibility here is physical security of machine with active key in memory. Any obfuscation of key in memory will not help, only it complicates attack a little bit. Maybe you know the story of another full disk encryption system where they are trying to do such crazy things (inverting key in memory every few moments)? When you attack such system using short power down with following reboot and collecting memory image, you sometimes get partially corrupted image (some bits already lost its state). But because there was inverted key stored, it helps you to _recover_ key instead of hide it. I am not saying that it is all wrong... just this known thing applies here: "If you let you machine out of your sight, it is no longer your machine." You simply must provide physical security of machine while mapping is active. (When deactivating mapping the key is wiped of course.) What dm-crypt does instead is to provide controlled way how to freeze dm-crypt device in safe state (no key in memory) without need to completely shutdown system. In userspace you can access this using luksSuspend and luksResume commands. (device is simple suspended and all keys from memory are wiped so that platform reset attack will not succeed here. It is not 100% solution because there can be still some plaintext data in memory but no encryption key). Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
