From owner-freebsd-questions@freebsd.org  Mon Aug  6 00:10:08 2018
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id D10D31063485
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Mon,  6 Aug 2018 00:10:08 +0000 (UTC)
 (envelope-from galtsev@kicp.uchicago.edu)
Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.20.71])
 by mx1.freebsd.org (Postfix) with ESMTP id 75F207E2DB
 for <freebsd-questions@freebsd.org>; Mon,  6 Aug 2018 00:10:08 +0000 (UTC)
 (envelope-from galtsev@kicp.uchicago.edu)
Received: by cosmo.uchicago.edu (Postfix, from userid 48)
 id 6353ACB8D4A; Sun,  5 Aug 2018 19:10:07 -0500 (CDT)
Received: from 108.68.162.197 (SquirrelMail authenticated user valeri)
 by cosmo.uchicago.edu with HTTP; Sun, 5 Aug 2018 19:10:07 -0500 (CDT)
Message-ID: <57043.108.68.162.197.1533514207.squirrel@cosmo.uchicago.edu>
In-Reply-To: <20180806073738.6f459398.freebsd.ed.lists@sumeritec.com>
References: <20180805150241.1E186200349F8E@ary.qy>
 <4e70e969-14f7-c65d-96d2-dd1610499cd0@irk.ru>
 <63033.108.68.162.197.1533484522.squirrel@cosmo.uchicago.edu>
 <20180806073738.6f459398.freebsd.ed.lists@sumeritec.com>
Date: Sun, 5 Aug 2018 19:10:07 -0500 (CDT)
Subject: Re: Erase memory on shutdown
From: "Valeri Galtsev" <galtsev@kicp.uchicago.edu>
To: "Erich Dollansky" <freebsd.ed.lists@sumeritec.com>
Cc: "Valeri Galtsev" <galtsev@kicp.uchicago.edu>,
 "John Levine" <johnl@iecc.com>, freebsd-questions@freebsd.org,
 "thor" <thor@irk.ru>
Reply-To: galtsev@kicp.uchicago.edu
User-Agent: SquirrelMail/1.4.8-5.el5.centos.7
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Aug 2018 00:10:09 -0000


On Sun, August 5, 2018 6:37 pm, Erich Dollansky wrote:
> Hi,
>
> On Sun, 5 Aug 2018 10:55:22 -0500 (CDT)
> "Valeri Galtsev" <galtsev@kicp.uchicago.edu> wrote:
>
>> On Sun, August 5, 2018 10:26 am, thor wrote:
>> > https://en.wikipedia.org/wiki/Cold_boot_attack
>> >
>>
>> The trouble is that erasing RAM on clean shutdown does not prevent the
>> attacker in the attack as above from still successfully perform the
>
> so, ECC is also here the only possible answer, at least for parts of it.
>
> Still, erasing memory when shutting down helps in some cases. I do this
> on my machines for small parts when a shutdown is detected. It makes at
> least the most obvious attacks from that side difficult.

Please, correct me if I am wrong in the following:

If the attacker yanks off the power cord, then cold boots off his media,
your defense/erasure of memory does not protect you against this attack.
Right? Your defense only helps if the attacker does clean shutdown. Right?

Thanks.

Valeri

>
> Erich

++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++