From owner-freebsd-hackers@FreeBSD.ORG  Sat Feb 23 23:34:54 2008
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9E74416A402;
	Sat, 23 Feb 2008 23:34:54 +0000 (UTC)
	(envelope-from dimitry@andric.com)
Received: from tensor.andric.com (cl-327.ede-01.nl.sixxs.net
	[IPv6:2001:7b8:2ff:146::2])
	by mx1.freebsd.org (Postfix) with ESMTP id 7B6EF13C457;
	Sat, 23 Feb 2008 23:34:54 +0000 (UTC)
	(envelope-from dimitry@andric.com)
Received: from [IPv6:2001:7b8:3a7:0:d436:4a43:60a1:371c] (unknown
	[IPv6:2001:7b8:3a7:0:d436:4a43:60a1:371c])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by tensor.andric.com (Postfix) with ESMTP id 331593C;
	Sun, 24 Feb 2008 00:34:53 +0100 (CET)
Message-ID: <47C0AD9D.2070701@andric.com>
Date: Sun, 24 Feb 2008 00:34:53 +0100
From: Dimitry Andric <dimitry@andric.com>
User-Agent: Thunderbird 2.0.0.13pre (Windows/20080218)
MIME-Version: 1.0
To: Atom Smasher <atom@smasher.org>
References: <20080223010856.7244.qmail@smasher.org>
In-Reply-To: <20080223010856.7244.qmail@smasher.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: hackers@freebsd.org, Pawel Jakub Dawidek <pjd@FreeBSD.org>
Subject: Re: Security Flaw in Popular Disk Encryption Technologies
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Feb 2008 23:34:54 -0000

On 2008-02-23 02:08, Atom Smasher wrote:
> article below. does anyone know how this affects eli/geli?
> 
> from the geli man page: "detach - Detach the given providers, which means 
> remove the devfs entry and clear the keys from memory." does that mean 
> that geli properly wipes keys from RAM when a laptop is turned off?

This is a physical attack, and there's nothing you can do in software to
prevent it.  Of course geli or other software can attempt to erase the
keys from RAM as soon as it's done using them, but it won't prevent
hijacking them beforehand.

It's the same with all physical attacks: hardware sniffers, keyloggers,
TEMPEST, etc.  You need physical (hardware) protection to secure
against these, not software.