Re: Security Flaw in Popular Disk Encryption Technologies
- From: "Igor Mozolevsky" <igor@xxxxxxxxxxxxxxxx>
- Date: Sun, 24 Feb 2008 15:16:54 +0000
On 24/02/2008, Bill Moran <wmoran@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
"Igor Mozolevsky" <igor@xxxxxxxxxxxxxxxx> wrote:
>
> On 23/02/2008, Brooks Davis <brooks@xxxxxxxxxxx> wrote:
>
> >
> > You should actually read the paper. :) They successfully defeat both
> > of these type of protections by using canned air to chill the ram and
> > transplanting it into another machine.
>
> Easy to get around this attack - store the key on a usb
> stick/cd/whatever and every time the OS needs to access the encrypted
> date the key should be read, data decrypted, then key wiped from the
> memory; or have the daemon erase the key from memory every T minutes
> and re-acquire the key at next access attempt...
This is only effective if the sensitive data is infrequently accessed.
If the unit is asleep, then software isn't running and it's not possible
to kick of a timer to clear the memory, so it doesn't even start to
solve that problem.
IMO the possibility of such attack is so remote that it doesn't really
warrant any special attention, it's just something that should be kept
in mind when writing "secure" crypto stuff...
_______________________________________________
freebsd-hackers@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: Security Flaw in Popular Disk Encryption Technologies
- From: Bill Moran
- Re: Security Flaw in Popular Disk Encryption Technologies
- References:
- Re: Security Flaw in Popular Disk Encryption Technologies
- From: Pieter de Boer
- Re: Security Flaw in Popular Disk Encryption Technologies
- From: Tim Clewlow
- Re: Security Flaw in Popular Disk Encryption Technologies
- From: Brooks Davis
- Re: Security Flaw in Popular Disk Encryption Technologies
- From: Igor Mozolevsky
- Re: Security Flaw in Popular Disk Encryption Technologies
- From: Bill Moran
- Re: Security Flaw in Popular Disk Encryption Technologies
- Prev by Date: loader and ficl/Forth help
- Next by Date: Re: Security Flaw in Popular Disk Encryption Technologies
- Previous by thread: Re: Security Flaw in Popular Disk Encryption Technologies
- Next by thread: Re: Security Flaw in Popular Disk Encryption Technologies
- Index(es):
Relevant Pages
- Re: Security Flaw in Popular Disk Encryption Technologies
... >> of these type of protections by using canned air to chill the ram and ...
> memory; or have the daemon erase the key from memory every T minutes ... IMO the possibility
of such attack is so remote that it doesn't really ... then modern disk encryption
is fine. ... (freebsd-hackers) - Re: [PATCH] fix spurious OOM kills
... protections[]: 0 0 0 ... Out of Memory: Killed process 6944. ...
The last fork gets ENOMEM and does ... > The decision is screwed since the oom killer
was introduced. ... (Linux-Kernel) - Re: PROFESSIONAL floating-point algorithms.
... )> You used the exact same fallacious logic to attack my point of view. ...
forward by tight coupling of humor with instruction. ... I SAID, idiota, that the CPU
changes variables by executing IO ... You only have to write the value *once*, then you can
read it from memory ... (comp.programming) - Re: [PATCH] fix spurious OOM kills
... > went crazy and ate up most of the memory. ... > The ideas which were
proposed to have a possibility to set a "don't kill ... Normal per-cpu: ...
protections[]: 0 0 0 ... (Linux-Kernel) - Re: [PATCH] fix spurious OOM kills
... which eats up all memory the 2.4 ENOMEM bahviour ... The last fork gets ENOMEM
and does ... > The decision is screwed since the oom killer was introduced. ...
protections[]: 0 0 0 ... (Linux-Kernel)
