From owner-freebsd-questions@freebsd.org Mon Aug 6 04:03:57 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4C7CF10686E9 for ; Mon, 6 Aug 2018 04:03:57 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.20.71]) by mx1.freebsd.org (Postfix) with ESMTP id E22F885C3C for ; Mon, 6 Aug 2018 04:03:56 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: by cosmo.uchicago.edu (Postfix, from userid 48) id 5AD4BCB8D4A; Sun, 5 Aug 2018 23:03:56 -0500 (CDT) Received: from 108.68.162.197 (SquirrelMail authenticated user valeri) by cosmo.uchicago.edu with HTTP; Sun, 5 Aug 2018 23:03:56 -0500 (CDT) Message-ID: <62318.108.68.162.197.1533528236.squirrel@cosmo.uchicago.edu> In-Reply-To: <20180806103619.3c8b4cf0.freebsd.ed.lists@sumeritec.com> References: <20180805150241.1E186200349F8E@ary.qy> <4e70e969-14f7-c65d-96d2-dd1610499cd0@irk.ru> <63033.108.68.162.197.1533484522.squirrel@cosmo.uchicago.edu> <20180806073738.6f459398.freebsd.ed.lists@sumeritec.com> <57043.108.68.162.197.1533514207.squirrel@cosmo.uchicago.edu> <20180806103619.3c8b4cf0.freebsd.ed.lists@sumeritec.com> Date: Sun, 5 Aug 2018 23:03:56 -0500 (CDT) Subject: Re: Erase memory on shutdown From: "Valeri Galtsev" To: "Erich Dollansky" Cc: "Valeri Galtsev" , "John Levine" , freebsd-questions@freebsd.org, "thor" Reply-To: galtsev@kicp.uchicago.edu User-Agent: SquirrelMail/1.4.8-5.el5.centos.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Aug 2018 04:03:57 -0000 On Sun, August 5, 2018 9:36 pm, Erich Dollansky wrote: > Hi, > > On Sun, 5 Aug 2018 19:10:07 -0500 (CDT) > "Valeri Galtsev" wrote: > >> On Sun, August 5, 2018 6:37 pm, Erich Dollansky wrote: >> > Hi, >> > >> > On Sun, 5 Aug 2018 10:55:22 -0500 (CDT) >> > "Valeri Galtsev" wrote: >> > >> >> On Sun, August 5, 2018 10:26 am, thor wrote: >> >> > https://en.wikipedia.org/wiki/Cold_boot_attack >> >> > >> >> >> >> The trouble is that erasing RAM on clean shutdown does not prevent >> >> the attacker in the attack as above from still successfully >> >> perform the >> > >> > so, ECC is also here the only possible answer, at least for parts >> > of it. >> > >> > Still, erasing memory when shutting down helps in some cases. I do >> > this on my machines for small parts when a shutdown is detected. It >> > makes at least the most obvious attacks from that side difficult. >> >> Please, correct me if I am wrong in the following: >> >> If the attacker yanks off the power cord, then cold boots off his >> media, your defense/erasure of memory does not protect you against >> this attack. Right? Your defense only helps if the attacker does >> clean shutdown. Right? >> > what is the difference between 'some cases' and 'all cases'? > > If the owner of a machine is not able to stop physical access to a > machine, there will be other ways to attack it. Shutting down a machine > allows a normal owner of the machine to wait at the location as most > owners are not on the run. I do understand every word, but I'm not certain I quite follow what you are saying. On the other hand, I have a feeling that we all are on the same page about physical security. Other nuances of what we do on our machines may be different, and probably will stay without change for each of us. This might be the case when participants of the discussion don't learn any wisdom from each other, and there is nothing wrong about it. Thanks. Valeri > > Erich ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++