From owner-freebsd-hackers@FreeBSD.ORG Sat Feb 23 21:57:03 2008 Return-Path: Delivered-To: hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 97D5C16A400 for ; Sat, 23 Feb 2008 21:57:03 +0000 (UTC) (envelope-from mozolevsky@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.170]) by mx1.freebsd.org (Postfix) with ESMTP id CDC4213C44B for ; Sat, 23 Feb 2008 21:57:02 +0000 (UTC) (envelope-from mozolevsky@gmail.com) Received: by ug-out-1314.google.com with SMTP id y2so284791uge.37 for ; Sat, 23 Feb 2008 13:57:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; bh=FWk1PVRycHeadssfCosns6VNQeo/FK98VtPgpGHyeOE=; b=VDLlufCh+7D4qB/vXxCXWUATdvGQvVYJxF0DGqpMRR0z7fxpQjKp2xiUFy2qt1vf+Ka0ccUBMbg1hZSja7C5cz7L3U1g7HZukxAkx2bOMmwA2uzgJfh7PvNOgX10OGA98T9a5YpPUnC7Moh8E2iDJW6vvkay6JGpxgYC/nF96hs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=lU7GaEo8nSmhRMmbl/WpOAMIZVLLX7XQlGfG3Mr0im+AbLUxMfGFZc2hGUl5kCtpypA/D42fuBFiodSl5ikWMGycylGGxGesyqf4TsgrveXIrERwliHE82+Wy8OVVA+gitfX0TUPsOiTOdQpwaBHce/jtZaiLD5c4Z237KuH/g4= Received: by 10.67.116.19 with SMTP id t19mr919290ugm.47.1203802138475; Sat, 23 Feb 2008 13:28:58 -0800 (PST) Received: by 10.66.220.6 with HTTP; Sat, 23 Feb 2008 13:28:58 -0800 (PST) Message-ID: Date: Sat, 23 Feb 2008 21:28:58 +0000 From: "Igor Mozolevsky" Sender: mozolevsky@gmail.com To: "Brooks Davis" In-Reply-To: <20080223203316.GC38485@lor.one-eyed-alien.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <47C06E1F.5020308@thedarkside.nl> <760775.85636.qm@web50306.mail.re2.yahoo.com> <20080223203316.GC38485@lor.one-eyed-alien.net> X-Google-Sender-Auth: be3e3d49b4387e0e Cc: hackers@freebsd.org, Tim Clewlow Subject: Re: Security Flaw in Popular Disk Encryption Technologies X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Feb 2008 21:57:03 -0000 On 23/02/2008, Brooks Davis wrote: > > You should actually read the paper. :) They successfully defeat both > of these type of protections by using canned air to chill the ram and > transplanting it into another machine. Easy to get around this attack - store the key on a usb stick/cd/whatever and every time the OS needs to access the encrypted date the key should be read, data decrypted, then key wiped from the memory; or have the daemon erase the key from memory every T minutes and re-acquire the key at next access attempt... Or you could carry something that emits a huge EMI pulse to destroy the data on the disk...