Re: Security Flaw in Popular Disk Encryption Technologies

From: Pieter de Boer <pieter@xxxxxxxxxxxxxx>
Date: Sat, 23 Feb 2008 20:03:59 +0100

Jeremy Chadwick wrote:

It's interesting that you classified this as a "feature" (in quotes),
because there's nothing "modern" about said "feature". This issue has
existed since the beginning of RAM chip engineering; I can even confirm
this "feature" exists on old video game consoles such as the Nintendo
and Super Nintendo (where there were strict guidelines put in place by
Nintendo, requiring developers to initialise certain areas of memory
and certain memory-mapped I/O registers during hard or soft resets).

I shouldnt've used the word 'modern', then.

Proper software should be memset() or bzero()'ing memory space it
mallocs. I've gotten in the habit of doing this for years, purely as a
safety net. If said software doesn't do this, it's very likely
succeptable.

That is not relevant to the issue. The issue is that the keys are in memory when the encrypted filesystem is in use. The keys can be read by pulling and reinserting the power plug and restarting into a tool that can dump memory (or by placing the memory modules in another system). The keys to encrypted volumes can be found in this dump, leading to a compromise of the data.

--
Pieter

_______________________________________________
freebsd-hackers@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@xxxxxxxxxxx"

Follow-Ups:
- Re: Security Flaw in Popular Disk Encryption Technologies
  - From: Tim Clewlow

References:
- Security Flaw in Popular Disk Encryption Technologies
  - From: Atom Smasher
- Re: Security Flaw in Popular Disk Encryption Technologies
  - From: Pieter de Boer
- Re: Security Flaw in Popular Disk Encryption Technologies
  - From: Jeremy Chadwick

Prev by Date: Re: Security Flaw in Popular Disk Encryption Technologies
Next by Date: Re: find -lname and -ilname implemented
Previous by thread: Re: Security Flaw in Popular Disk Encryption Technologies
Next by thread: Re: Security Flaw in Popular Disk Encryption Technologies
Index(es):
- Date
- Thread

Relevant Pages

Re: Extreamly large Hashtable
... >>>I'm assuming that if it is in memory it will be faster then looking ...
>>performance (unless it means that the keys' equals() and ... >>references
to the objects, ... Even if the Map.Entry overhead is more ... (comp.lang.java.programmer)
Re: Encrypting passwords stored in memory
... > A recent security audit has raised the issue that these passwords ... >
can be seen if a memory dump of the process is taken or it is ... I've built systems with
encryption keys ... Instead use byte arrays, preferably multiple of them located
in different ... (sci.crypt)
Re: Security Flaw in Popular Disk Encryption Technologies
... does that mean that geli properly wipes keys from RAM when a laptop is turned off?
... This attack has to be defended against in hardware; it exploits a 'feature' of modern
day RAM chips, which can not be controlled by software. ... As encrypted volumes simply require
keys to be in memory to be able to use the volumes, the encryption software is vulnerable
to this attack. ... (freebsd-hackers)
Re: Efficient processing of large nuumeric data file
... the test for whether a key is in the dict. ... Keep an eye on your program's
memory consumption as it runs. ... I'd probably use the unix "sort" utility to sort
the input (that ... each group of keys (see itertools.groupby for a convenient way to do
... (comp.lang.python)
Re: Security Flaw in Popular Disk Encryption Technologies
... "detach - Detach the given providers, which means remove the devfs entry and clear
the keys from memory." ... does that mean that geli properly wipes keys from RAM when a
laptop is turned off? ... This attack has to be defended against in hardware; it exploits
a 'feature' of modern day RAM chips, which can not be controlled by software. ... As encrypted
volumes simply require keys to be in memory to be able to use the volumes, the encryption software
is vulnerable to this attack. ... (freebsd-hackers)