On Mon, Sep 26, 2011 at 11:34:05PM -0300, Eduardo Schultze wrote: > Hello, > > I'm a Security Information student at Unisinos College, Brazil. As a paper > during this semester it was me and my colleagues choice to write a paper > about LUKS on Ubuntu 10.4. > > My question is - Is it possible to retrieve the passphrase from RAM memory > after a successful authentication and shutdown? Is this case we would turn > the system on, authenticate, turn off, and then check if the passphrase > would still be in the RAM memory even with the turned off computer. No. The passphrase is not stored and the PBKDF2 iterations prevent reconstructing it. However, you can get the master key. DRAM keeps state only for seconds after turn-off. You can freeze the RAM (I pelive some people around Ross Anderson have done that with some success) to extend that time. > If not, would it be possible to dump the RAM memory and retrieve the > passphrase (now with the system turned on)? > > I looked for these answers at the FAQ section but couldn't find it. They are not there, because they have low relevance in practice. If somebody gets access to the physical machine while the container is unlocked, you should assume they can get access to the data. They would still not get the passphrase. For the memory-dump, you can extrapolate the techniques used in FAQ item "How do I recover the master key from a mapped LUKS container? Or you can just try every 256 bit word from the memory dump. As you do not need iterations if you have the master key, that should be doable pretty fast. Incidentally, that is one of the ways DeCSS (break of DVD encryption) got the key from a software player. As to your paper, good choice! I also suggest you put in a section about LUKS usability (of paramount importance with security software, but often forgotten) and the typical problems people have. The mailing-list archive should provide plenty of examples. Is the paper going to be in english? If so, I would like to get a copy once it is finished. Might be instructive to get an outside view. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
