Re: Security Flaw in Popular Disk Encryption Technologies
- From: Pieter de Boer <pieter@xxxxxxxxxxxxxx>
- Date: Sat, 23 Feb 2008 19:40:53 +0100
Atom Smasher wrote:
article below. does anyone know how this affects eli/geli?The attack you're referencing is carried out by cold rebooting a system. Simply put: pull power cord, insert power cord. The volumes are never detached, as the shutdown sequence is never run.
from the geli man page: "detach - Detach the given providers, which means remove the devfs entry and clear the keys from memory." does that mean that geli properly wipes keys from RAM when a laptop is turned off?
This attack has to be defended against in hardware; it exploits a 'feature' of modern day RAM chips, which can not be controlled by software. Anything that is in RAM when the attack is carried out, will be compromised. As encrypted volumes simply require keys to be in memory to be able to use the volumes, the encryption software is vulnerable to this attack. I see no reason why GELI/GBDE wouldn't be affected.
A possible counter-measure would be to add wiping features to the RAM modules themselves. When power is lost, the memory could wipe itself. Still not perfect, but would certainly help.
--
Pieter
_______________________________________________
freebsd-hackers@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: Security Flaw in Popular Disk Encryption Technologies
- From: Diomidis Spinellis
- Re: Security Flaw in Popular Disk Encryption Technologies
- From: Jeremy Chadwick
- Re: Security Flaw in Popular Disk Encryption Technologies
- References:
- Security Flaw in Popular Disk Encryption Technologies
- From: Atom Smasher
- Security Flaw in Popular Disk Encryption Technologies
- Prev by Date: Re: find -lname and -ilname implemented
- Next by Date: Re: Security Flaw in Popular Disk Encryption Technologies
- Previous by thread: Security Flaw in Popular Disk Encryption Technologies
- Next by thread: Re: Security Flaw in Popular Disk Encryption Technologies
- Index(es):
Relevant Pages
- Re: Security Flaw in Popular Disk Encryption Technologies
... does that mean that geli properly wipes keys from RAM when a laptop is turned off?
... This attack has to be defended against in hardware; it exploits a 'feature' of modern
day RAM chips, which can not be controlled by software. ... As encrypted volumes simply require
keys to be in memory to be able to use the volumes, the encryption software is vulnerable
to this attack. ... (freebsd-hackers) - Re: Security Flaw in Popular Disk Encryption Technologies
... "detach - Detach the given providers, ... that geli properly wipes keys
from RAM when a laptop is turned off? ... The attack you're referencing is carried out
by cold rebooting a system. ... encrypted volumes simply require keys to be in memory to
be able to use the ... (freebsd-hackers) - Re: Extreamly large Hashtable
... >>>I'm assuming that if it is in memory it will be faster then looking ...
>>performance (unless it means that the keys' equals() and ... >>references
to the objects, ... Even if the Map.Entry overhead is more ... (comp.lang.java.programmer) - Re: Encrypting passwords stored in memory
... > A recent security audit has raised the issue that these passwords ... >
can be seen if a memory dump of the process is taken or it is ... I've built systems with
encryption keys ... Instead use byte arrays, preferably multiple of them located
in different ... (sci.crypt) - Re: Efficient processing of large nuumeric data file
... the test for whether a key is in the dict. ... Keep an eye on your program's
memory consumption as it runs. ... I'd probably use the unix "sort" utility to sort
the input (that ... each group of keys (see itertools.groupby for a convenient way to do
... (comp.lang.python)
