From owner-freebsd-hackers@FreeBSD.ORG  Tue Feb 26 18:46:28 2008
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id DA34E106566B
	for <freebsd-hackers@freebsd.org>; Tue, 26 Feb 2008 18:46:28 +0000 (UTC)
	(envelope-from martin.laabs@mailbox.tu-dresden.de)
Received: from mailout2.zih.tu-dresden.de (mailout2.zih.tu-dresden.de
	[141.30.67.73])
	by mx1.freebsd.org (Postfix) with ESMTP id 9101913C474
	for <freebsd-hackers@freebsd.org>; Tue, 26 Feb 2008 18:46:28 +0000 (UTC)
	(envelope-from martin.laabs@mailbox.tu-dresden.de)
Received: from rmc67-31.zih.tu-dresden.de ([141.30.67.31] helo=server-n)
	by mailout2.zih.tu-dresden.de with esmtp (Exim 4.63)
	(envelope-from <martin.laabs@mailbox.tu-dresden.de>)
	id 1JU4op-0006cY-G0
	for freebsd-hackers@freebsd.org; Tue, 26 Feb 2008 19:46:27 +0100
Received: from martin (p5B0ED270.dip.t-dialin.net [91.14.210.112])
	by server-n (Postfix) with ESMTP id 48B3F100A08E
	for <freebsd-hackers@freebsd.org>; Tue, 26 Feb 2008 19:46:23 +0100 (CET)
To: "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org>
From: "Martin Laabs" <martin.laabs@mailbox.tu-dresden.de>
Content-Type: text/plain; format=flowed; delsp=yes; charset=iso-8859-1
MIME-Version: 1.0
In-Reply-To: <47C345C9.8010901@geminix.org>
References: <20080223010856.7244.qmail@smasher.org>
	<20080223222733.GI12067@redundancy.redundancy.org>
	<31648FC5-26B9-4359-ACC8-412504D3257B@bnc.net>
	<47C345C9.8010901@geminix.org>
Date: Tue, 26 Feb 2008 19:46:22 +0100
Message-ID: <op.t65afkee724k7f@martin>
User-Agent: Opera Mail/9.25 (Linux)
Content-Transfer-Encoding: quoted-printable
X-TUD-Virus-Scanned: mailout2.zih.tu-dresden.de
Subject: Re: Security Flaw in Popular Disk Encryption Technologies
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Feb 2008 18:46:29 -0000

Hi,

Maybe someone could implement a memory section
that is overwritten by the bios after reboot.
Then all the sensitive keys could be stored there.

This would prevent an attack that just boots from
another media and dump the whole memory out of i.e.
an USB-stick.

Preventing the physical access to the memory modules
could be done with a light sensor or a simple switch
at the computer case. If you implement also a temperature-
sensor near the memory-modules you could prevent cooling
them down before removal. (You'd just overwrite the keys
if the temperature falls i.e. below 10=B0C)

Greets,
   Martin L.