From owner-freebsd-questions@freebsd.org Mon Aug 6 02:38:13 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 392B81066BF9 for ; Mon, 6 Aug 2018 02:38:13 +0000 (UTC) (envelope-from freebsd.ed.lists@sumeritec.com) Received: from out2-4.antispamcloud.com (out2-4.antispamcloud.com [185.201.17.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A3C3D82A4D for ; Mon, 6 Aug 2018 02:38:12 +0000 (UTC) (envelope-from freebsd.ed.lists@sumeritec.com) Received: from [153.92.8.106] (helo=srv31.niagahoster.com) by mx18.antispamcloud.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1fmVOX-0007WT-2w; Mon, 06 Aug 2018 04:37:39 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sumeritec.com; s=default; h=Content-Transfer-Encoding:Content-Type: MIME-Version:References:In-Reply-To:Message-ID:Subject:Cc:To:From:Date:Sender :Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=oGblWFM0Brin6nN/Nj1Uz6oSIqw9ohGLLRDDd0s+9qc=; b=OorkDyeEBHLcwXMLJfq5bnjfnc KBztv075cuX04/T0Yr+VfWYZw6cRa2oGRDZdnVPTnTiNryvGGhLenDIWQZ8wWmQMPbxlxCF1DmNEM /fPGiQrToiLeBkk/T8rwYrOOq+QuUQbc/M+T7rMaxj416PYRJ4j2ZZWrLR9IpnexEwZuhF5WvZuSS /eq5gimCF9Gy4nPWtCdegKWvIzNKeMB6dlo03DW6nMCC1V1s/0c2ULUFNbvWY6idipBhu7IaCT4TS o+2n+hUPl6uXuykPAudX2jlk7EKlCpav/4VvigKg2UVamgVh7m82wnAEu4L9WoiRAnRxwYk4WsrKW VYrwE95Q==; Received: from [114.125.100.174] (port=19122 helo=X220.sumeritec.com) by srv31.niagahoster.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.91) (envelope-from ) id 1fmVNd-0006qd-DZ; Mon, 06 Aug 2018 09:36:26 +0700 Date: Mon, 6 Aug 2018 10:36:19 +0800 From: Erich Dollansky To: "Valeri Galtsev" Cc: "John Levine" , freebsd-questions@freebsd.org, "thor" Subject: Re: Erase memory on shutdown Message-ID: <20180806103619.3c8b4cf0.freebsd.ed.lists@sumeritec.com> In-Reply-To: <57043.108.68.162.197.1533514207.squirrel@cosmo.uchicago.edu> References: <20180805150241.1E186200349F8E@ary.qy> <4e70e969-14f7-c65d-96d2-dd1610499cd0@irk.ru> <63033.108.68.162.197.1533484522.squirrel@cosmo.uchicago.edu> <20180806073738.6f459398.freebsd.ed.lists@sumeritec.com> <57043.108.68.162.197.1533514207.squirrel@cosmo.uchicago.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-OutGoing-Spam-Status: No, score=-1.0 X-AuthUser: freebsd.ed.lists@sumeritec.com X-Originating-IP: 153.92.8.106 X-AntiSpamCloud-Domain: out.niagahoster.com X-AntiSpamCloud-Username: niaga Authentication-Results: antispamcloud.com; auth=pass (login) smtp.auth=niaga@out.niagahoster.com X-AntiSpamCloud-Outgoing-Class: unsure X-AntiSpamCloud-Outgoing-Evidence: Combined (0.22) X-Recommended-Action: accept X-Filter-ID: EX5BVjFpneJeBchSMxfU5imNZHrEgM2wzS7FIShyFAB602E9L7XzfQH6nu9C/Fh9KJzpNe6xgvOx q3u0UDjvO4tahSjmvbpC6SffUwszkaQoekHjgdN0MN/R//OL2klIQpapxQyr3aXZBxAYcsHeymPv RVMsPDWj/eiDHU9bUGer48C+/LzRqVzELXf1NLUsVj1GwrTRQhZ/qKns5WOSezdTaJafGI+CYWuC M7xZNUAr5pMCM9L7hCJeKtIuVw6OPvAIAMvPzDIKitdp0Mier18I6FsEm9Qm8gzENkQDVyhQj98O h/1UnJiZW4Ej0Leyfup71SJSX9zQUdHLM9BT4x4lKI+w0u4tRdvwMI3/1UZhXvWmHmSFwby0zKpf dCnuNFR+qm8qpsZIXWJsDNfzuDVcbwW2vZRbwlTsaou4YdmAy4ttVo5hfg1RuA36kfDFTDPE+/o6 V5hyODMBsh5sWG4kgtLz+aqG1Sh64ItoIsiFoLZMmkWsaurVZfvqROaDnDtHb8z5dpPkEuJ8Snwq lUrBK2R/GBg9vCpMGFHw53Fr4cNy1JnJbwJHzU/ilAIU0bm2vWdo8usP65i82q1CdZgGrpL44wdx 9eXqjQjbvUopOMQJvQ/Ck3iiU+4DQAj3GNzuDYShTgJXRSnxjodGfg8pcALCO6t79EHseB4MPscw OD05KKuwnw+ScZFuiYcmsdaeC1BLLNyTzok8P7rc9foZ7DiMfbbrbhteoOPScTpuxByiWUpvbkf1 geplb5dFElW4He62UK36cJgZsodAVWlOy+ZEjcSikqflWGK4H7uwZE8mMEcTU/tUBAzDlPmrof1M W/fmJUtVdrkCcLC2SWbjO41FyBEqIaDudcVplPHk4V0BuG2Fe3G6qvOdkPYIiZG7a8YemdKrbDJV Q8g9ALl7ifFHkyaAMXn44Jcv0MTQphP3lFBPIlXFywfcSXgU3jR5NeVaJQBh0uawl0Cg8kc29B8C MgOm1ds1Ktp2dLRmqbSY50+XUt5RM2aRi0FOhMAP+Vqo0mDOjOjMahxwmpVeOGYnG/Abl3llRaIJ yDF7Om4j0ggKwIoD+nrq/t+H X-Report-Abuse-To: spam@quarantine1.antispamcloud.com X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Aug 2018 02:38:13 -0000 Hi, On Sun, 5 Aug 2018 19:10:07 -0500 (CDT) "Valeri Galtsev" wrote: > On Sun, August 5, 2018 6:37 pm, Erich Dollansky wrote: > > Hi, > > > > On Sun, 5 Aug 2018 10:55:22 -0500 (CDT) > > "Valeri Galtsev" wrote: > > > >> On Sun, August 5, 2018 10:26 am, thor wrote: > >> > https://en.wikipedia.org/wiki/Cold_boot_attack > >> > > >> > >> The trouble is that erasing RAM on clean shutdown does not prevent > >> the attacker in the attack as above from still successfully > >> perform the > > > > so, ECC is also here the only possible answer, at least for parts > > of it. > > > > Still, erasing memory when shutting down helps in some cases. I do > > this on my machines for small parts when a shutdown is detected. It > > makes at least the most obvious attacks from that side difficult. > > Please, correct me if I am wrong in the following: > > If the attacker yanks off the power cord, then cold boots off his > media, your defense/erasure of memory does not protect you against > this attack. Right? Your defense only helps if the attacker does > clean shutdown. Right? > what is the difference between 'some cases' and 'all cases'? If the owner of a machine is not able to stop physical access to a machine, there will be other ways to attack it. Shutting down a machine allows a normal owner of the machine to wait at the location as most owners are not on the run. Erich