From owner-freebsd-questions@freebsd.org Mon Aug 6 13:44:57 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 86A99105941C for ; Mon, 6 Aug 2018 13:44:57 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mout.kundenserver.de (mout.kundenserver.de [217.72.192.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mout.kundenserver.de", Issuer "TeleSec ServerPass DE-2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E5AB878FFD for ; Mon, 6 Aug 2018 13:44:56 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from r56.edvax.de ([92.195.64.203]) by mrelayeu.kundenserver.de (mreue103 [212.227.15.183]) with ESMTPA (Nemesis) id 0MPIxM-1fr3Vm3J7g-004VRv; Mon, 06 Aug 2018 15:43:50 +0200 Date: Mon, 6 Aug 2018 15:43:45 +0200 From: Polytropon To: galtsev@kicp.uchicago.edu Cc: "Erich Dollansky" , John Levine , thor , freebsd-questions@freebsd.org Subject: Re: Erase memory on shutdown Message-Id: <20180806154345.3243e993.freebsd@edvax.de> In-Reply-To: <57043.108.68.162.197.1533514207.squirrel@cosmo.uchicago.edu> References: <20180805150241.1E186200349F8E@ary.qy> <4e70e969-14f7-c65d-96d2-dd1610499cd0@irk.ru> <63033.108.68.162.197.1533484522.squirrel@cosmo.uchicago.edu> <20180806073738.6f459398.freebsd.ed.lists@sumeritec.com> <57043.108.68.162.197.1533514207.squirrel@cosmo.uchicago.edu> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K1:Wva1nP9mK9sZ5MXfoJQzoyh3sheMLa0npP+Wg8VuctNLEtoqC3T 9uI69ZhwIxrelTskNc2lhHzaUrBO6CpGJYQ1I5lE+mcAATnCVy/iiKoxHoEzTZ4wU13e1uk 9kzkQGBW7tDtFZSglDjODlWSGO51yjrSdlHWox2QInHCebPn+x2BKh277lWR6VuwNy8NfWz CHZ1znCTb26X6MGtl60+Q== X-UI-Out-Filterresults: notjunk:1;V01:K0:WRhxyQ8SbHw=:IQFGWsYmPkz9McaBR8aJMR aFf+3Kk02uocki3WPaEZ/WlrrCa7EMcMe5HwsWtC9Xrb9XEA7vGre6PnyU76xpS3wIxh7MmRP DgAVbHL6jPfDUC5oTR8gFhPeMja5qpsoY4ZozdAwd5gZsEjPGnwpOEcvQSkVgyCBR40rTHL+V lGuTbADF9mSOtEVgOpob+ZvxmKjmV0jnSxYCVVJs5GymKeUe4hin0uhOxSR9Ez6TdYI7+/LbC vgxCWUkG4IIjtgKUAUn6I4ZjcGI/KPMelfqAPaRhJxKRdMGgdwwGonEaZ0IEtrcLlAJv00NS2 9lxk/KNP9kWNGCUAYuz1sOVSFViDmWDc7NOvByud2ScbFSPUtUdV/Z/MgVdqB6PCCyRDk22Pj Twrax5zZ0oCK927Fp+dpqnQGAE4N53awAad5bjHB57oUQLE9nBhgHOaCvim1yFYykZ6bUwytP f9R3O7Guvd6K4G1Q4IS9t+80m4iHBIe2/z7HF2mS/j8MJp1LW26/v5yRNs142tYneSl2zDqeS g+sfOFvNqUHO+MfcRhVvYYk0SFhD/RC7695Pc9nHCC4QbYNp92nYCdapK9sDgZLxwrLjXVfG5 0f/sUWQkjKIUcQJepIRJSGcwSJhCSqJ3xxkE9xs+VrwlVRYytGtQ/ZEYLJywujclTicds4TsG jqJcm5Vu5aiFJal3hwJfVG6GyLGMY40nZGAvKVmtCH2yK5HXNFoFDcHxHJ/DZUzmUIiHkGw2h XlWUw2lQGpCLGmvb X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Aug 2018 13:44:57 -0000 On Sun, 5 Aug 2018 19:10:07 -0500 (CDT), Valeri Galtsev wrote: > > On Sun, August 5, 2018 6:37 pm, Erich Dollansky wrote: > > Hi, > > > > On Sun, 5 Aug 2018 10:55:22 -0500 (CDT) > > "Valeri Galtsev" wrote: > > > >> On Sun, August 5, 2018 10:26 am, thor wrote: > >> > https://en.wikipedia.org/wiki/Cold_boot_attack > >> > > >> > >> The trouble is that erasing RAM on clean shutdown does not prevent the > >> attacker in the attack as above from still successfully perform the > > > > so, ECC is also here the only possible answer, at least for parts of it. > > > > Still, erasing memory when shutting down helps in some cases. I do this > > on my machines for small parts when a shutdown is detected. It makes at > > least the most obvious attacks from that side difficult. > > Please, correct me if I am wrong in the following: > > If the attacker yanks off the power cord, then cold boots off his media, > your defense/erasure of memory does not protect you against this attack. > Right? Your defense only helps if the attacker does clean shutdown. Right? Clearing memory at shutdown time won't happen when shutdown time doesn't take place. Many cold boot attacks rely on surprisingly (!) interrupting the power, which implies physical access, and then booting from a custom media, so even clearing memory at startup time doesn't happen. All those precautions only work when physical access is taken out of consideration. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...