On 13.11.2014, Lars Winterfeld wrote: > What they say about their method is only that it "acquires protection > keys from RAM dumps, hibernation files". Now I wonder, how does this > attack work exactly and how vulnerable is cryptsetup against it in a > linux environment? Whole disk encryption only protects your data when your computer is off. Thus, there's no memory dump to catch. > Suppose THEY have the device in their hands. > I guess the attack is easiest when I suspended to disk, because all > information needed for decryption (of the mounted crypt volumes) is > stored in plain on the disk? Don't do that. Of course, it depends on the level of security you want to have, and your threat model. > When I suspend to RAM and they wake the device up again, they need to > hack the login screen? In general, when an adversary can get physical access to your running machine, all bets are off. You can regard this machine as compromized. _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
