Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 6 Aug 2018 10:36:19 +0800
From:      Erich Dollansky <freebsd.ed.lists@sumeritec.com>
To:        "Valeri Galtsev" <galtsev@kicp.uchicago.edu>
Cc:        "John Levine" <johnl@iecc.com>, freebsd-questions@freebsd.org, "thor" <thor@irk.ru>
Subject:   Re: Erase memory on shutdown
Message-ID:  <20180806103619.3c8b4cf0.freebsd.ed.lists@sumeritec.com>
In-Reply-To: <57043.108.68.162.197.1533514207.squirrel@cosmo.uchicago.edu>
References:  <20180805150241.1E186200349F8E@ary.qy> <4e70e969-14f7-c65d-96d2-dd1610499cd0@irk.ru> <63033.108.68.162.197.1533484522.squirrel@cosmo.uchicago.edu> <20180806073738.6f459398.freebsd.ed.lists@sumeritec.com> <57043.108.68.162.197.1533514207.squirrel@cosmo.uchicago.edu>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi,

On Sun, 5 Aug 2018 19:10:07 -0500 (CDT)
"Valeri Galtsev" <galtsev@kicp.uchicago.edu> wrote:

> On Sun, August 5, 2018 6:37 pm, Erich Dollansky wrote:
> > Hi,
> >
> > On Sun, 5 Aug 2018 10:55:22 -0500 (CDT)
> > "Valeri Galtsev" <galtsev@kicp.uchicago.edu> wrote:
> >  
> >> On Sun, August 5, 2018 10:26 am, thor wrote:  
> >> > https://en.wikipedia.org/wiki/Cold_boot_attack
> >> >  
> >>
> >> The trouble is that erasing RAM on clean shutdown does not prevent
> >> the attacker in the attack as above from still successfully
> >> perform the  
> >
> > so, ECC is also here the only possible answer, at least for parts
> > of it.
> >
> > Still, erasing memory when shutting down helps in some cases. I do
> > this on my machines for small parts when a shutdown is detected. It
> > makes at least the most obvious attacks from that side difficult.  
> 
> Please, correct me if I am wrong in the following:
> 
> If the attacker yanks off the power cord, then cold boots off his
> media, your defense/erasure of memory does not protect you against
> this attack. Right? Your defense only helps if the attacker does
> clean shutdown. Right?
> 
what is the difference between 'some cases' and 'all cases'?

If the owner of a machine is not able to stop physical access to a
machine, there will be other ways to attack it. Shutting down a machine
allows a normal owner of the machine to wait at the location as most
owners are not on the run.

Erich

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180806103619.3c8b4cf0.freebsd.ed.lists>