From owner-freebsd-hackers@FreeBSD.ORG Sun Feb 24 15:16:56 2008 Return-Path: Delivered-To: hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6F5A916A402 for ; Sun, 24 Feb 2008 15:16:56 +0000 (UTC) (envelope-from mozolevsky@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.173]) by mx1.freebsd.org (Postfix) with ESMTP id E316B13C4D1 for ; Sun, 24 Feb 2008 15:16:55 +0000 (UTC) (envelope-from mozolevsky@gmail.com) Received: by ug-out-1314.google.com with SMTP id y2so480395uge.37 for ; Sun, 24 Feb 2008 07:16:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; bh=hIArNVNz3SGLkU4EpNvFucYvwEQaUUnWfKsdagDZnOE=; b=q8e4pIOnQTaDmoqJr64CXqV8wq9Z6bA45YGLb+xjYGQ+bRimjmb/5sCIF/oF/KQ6X1isWHaHoNgOJ5FYyfWq8FBmNJ5xKmHWg/6KhWz6r825jswPIokjfgcupV5YgNCP71ebrVVwRtSbMBeLt+vRCyCYKQ5WvpiGs5AwUsyT0x4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=XI4KDIy17B5kQDc88xqnaXnLzOD/X9Iya+MhWDiG4tywTSABhH9DtU/E5wJ2dXhWWZWmo8HQ9/HgyTijXnUyYxkmM1v2sqVYSydFLOHjfhVo9ru3PUCrADAsUQvwKZMDM1Fg6gD3GdUth3pZ/sPOhhjNIq7Cgb87/yyVXZ5NdFg= Received: by 10.67.19.17 with SMTP id w17mr1866803ugi.33.1203866214935; Sun, 24 Feb 2008 07:16:54 -0800 (PST) Received: by 10.66.248.11 with HTTP; Sun, 24 Feb 2008 07:16:54 -0800 (PST) Message-ID: Date: Sun, 24 Feb 2008 15:16:54 +0000 From: "Igor Mozolevsky" Sender: mozolevsky@gmail.com To: "Bill Moran" In-Reply-To: <20080224100924.c8e08776.wmoran@collaborativefusion.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <47C06E1F.5020308@thedarkside.nl> <760775.85636.qm@web50306.mail.re2.yahoo.com> <20080223203316.GC38485@lor.one-eyed-alien.net> <20080224100924.c8e08776.wmoran@collaborativefusion.com> X-Google-Sender-Auth: 535fb5d9fc51f832 Cc: hackers@freebsd.org Subject: Re: Security Flaw in Popular Disk Encryption Technologies X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Feb 2008 15:16:56 -0000 On 24/02/2008, Bill Moran wrote: > "Igor Mozolevsky" wrote: > > > > On 23/02/2008, Brooks Davis wrote: > > > > > > > > You should actually read the paper. :) They successfully defeat both > > > of these type of protections by using canned air to chill the ram and > > > transplanting it into another machine. > > > > Easy to get around this attack - store the key on a usb > > stick/cd/whatever and every time the OS needs to access the encrypted > > date the key should be read, data decrypted, then key wiped from the > > memory; or have the daemon erase the key from memory every T minutes > > and re-acquire the key at next access attempt... > > > This is only effective if the sensitive data is infrequently accessed. > If the unit is asleep, then software isn't running and it's not possible > to kick of a timer to clear the memory, so it doesn't even start to > solve that problem. IMO the possibility of such attack is so remote that it doesn't really warrant any special attention, it's just something that should be kept in mind when writing "secure" crypto stuff...