Date: Tue, 26 Feb 2008 19:46:22 +0100 From: "Martin Laabs" <martin.laabs@mailbox.tu-dresden.de> To: "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org> Subject: Re: Security Flaw in Popular Disk Encryption Technologies Message-ID: <op.t65afkee724k7f@martin> In-Reply-To: <47C345C9.8010901@geminix.org> References: <20080223010856.7244.qmail@smasher.org> <20080223222733.GI12067@redundancy.redundancy.org> <31648FC5-26B9-4359-ACC8-412504D3257B@bnc.net> <47C345C9.8010901@geminix.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Maybe someone could implement a memory section that is overwritten by the bios after reboot. Then all the sensitive keys could be stored there. This would prevent an attack that just boots from another media and dump the whole memory out of i.e. an USB-stick. Preventing the physical access to the memory modules could be done with a light sensor or a simple switch at the computer case. If you implement also a temperature- sensor near the memory-modules you could prevent cooling them down before removal. (You'd just overwrite the keys if the temperature falls i.e. below 10=B0C) Greets, Martin L.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?op.t65afkee724k7f>