From owner-freebsd-hackers@FreeBSD.ORG Sat Feb 23 18:40:56 2008 Return-Path: Delivered-To: hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5B7A616A405 for ; Sat, 23 Feb 2008 18:40:56 +0000 (UTC) (envelope-from pieter@thedarkside.nl) Received: from mail.thelostparadise.com (cl-92.ede-01.nl.sixxs.net [IPv6:2001:7b8:2ff:5b::2]) by mx1.freebsd.org (Postfix) with ESMTP id 2CBE413C4F6 for ; Sat, 23 Feb 2008 18:40:56 +0000 (UTC) (envelope-from pieter@thedarkside.nl) Received: from [192.168.1.10] (s55915f73.adsl.wanadoo.nl [85.145.95.115]) by mail.thelostparadise.com (Postfix) with ESMTP id 9FF5961C3A; Sat, 23 Feb 2008 19:40:54 +0100 (CET) Message-ID: <47C068B5.2090000@thedarkside.nl> Date: Sat, 23 Feb 2008 19:40:53 +0100 From: Pieter de Boer User-Agent: Thunderbird 2.0.0.6 (X11/20071105) MIME-Version: 1.0 To: Atom Smasher References: <20080223010856.7244.qmail@smasher.org> In-Reply-To: <20080223010856.7244.qmail@smasher.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: hackers@freebsd.org Subject: Re: Security Flaw in Popular Disk Encryption Technologies X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Feb 2008 18:40:56 -0000 Atom Smasher wrote: > article below. does anyone know how this affects eli/geli? > > from the geli man page: "detach - Detach the given providers, which > means remove the devfs entry and clear the keys from memory." does that > mean that geli properly wipes keys from RAM when a laptop is turned off? > > The attack you're referencing is carried out by cold rebooting a system. Simply put: pull power cord, insert power cord. The volumes are never detached, as the shutdown sequence is never run. This attack has to be defended against in hardware; it exploits a 'feature' of modern day RAM chips, which can not be controlled by software. Anything that is in RAM when the attack is carried out, will be compromised. As encrypted volumes simply require keys to be in memory to be able to use the volumes, the encryption software is vulnerable to this attack. I see no reason why GELI/GBDE wouldn't be affected. A possible counter-measure would be to add wiping features to the RAM modules themselves. When power is lost, the memory could wipe itself. Still not perfect, but would certainly help. -- Pieter