Date: Sat, 23 Feb 2008 14:08:54 +1300 (NZDT) From: Atom Smasher <atom@smasher.org> To: hackers@freebsd.org Cc: Pawel Jakub Dawidek <pjd@FreeBSD.org> Subject: Security Flaw in Popular Disk Encryption Technologies Message-ID: <20080223010856.7244.qmail@smasher.org>
next in thread | raw e-mail | index | archive | help
article below. does anyone know how this affects eli/geli?
from the geli man page: "detach - Detach the given providers, which means
remove the devfs entry and clear the keys from memory." does that mean
that geli properly wipes keys from RAM when a laptop is turned off?
--
...atom
________________________
http://atom.smasher.org/
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"The difference between common-sense and paranoia is
that common-sense is thinking everyone is out to get
you. That's normal -- they are. Paranoia is thinking
that they're conspiring."
-- J. Kegler
---------- Forwarded message ----------
Organization: EFF
Date: Fri, 22 Feb 2008 13:08:00 -0600 (CST)
From: EFFector list <editor@eff.org>
Subject: EFFector 21.06: Open Source Advocate, Canadian Copyfighter,
and AT&T Whistleblower Win Pioneer Awards
* Research Team Finds Security Flaw in Popular Disk Encryption
Technologies
Laptops in "Sleep" or "Hibernation" Mode Most Vulnerable to Attack
San Francisco - A team including the Electronic Frontier Foundation,
Princeton University, and other researchers have found a major security
flaw in several popular disk encryption technologies that leaves encrypted
data vulnerable to attack and exposure.
"People trust encryption to protect sensitive data when their computer is
out of their immediate control," said EFF Staff Technologist Seth Schoen,
a member of the research team. "But this new class of vulnerabilities
shows it is not a sure thing. Whether your laptop is stolen, or you simply
lose track of it for a few minutes at airport security, the information
inside can still be read by a clever attacker."
The researchers cracked several widely used disk encryption technologies,
including Microsoft's BitLocker, Apple's FileVault, TrueCrypt, and
dm-crypt. These "secure" disk encryption systems are supposed to protect
sensitive information if a computer is stolen or otherwise accessed.
However, in a paper and video published on the Internet today, the
researchers show that data is vulnerable because encryption keys and
passwords stored in a computer's temporary memory -- or RAM -- do not
disappear immediately after losing power.
"These types of attacks were often thought to be in the realm of the NSA,"
said Jacob Appelbaum, an independent computer security researcher and
member of the research team. "But we discovered that on most computers,
even without power applied for several seconds, data stored in RAM seemed
to remain when power was reapplied. We then wrote programs to collect the
contents of memory after the computers were rebooted."
Laptops are particularly vulnerable to this attack, especially when they
are turned on but locked, or in a "sleep" or "hibernation" mode entered
when the laptop's cover is shut. Even though the machines require a
password to unlock the screen, the encryption keys are already located in
the RAM, which provides an opportunity for attackers with malicious
intent.
The research released today shows that these attacks are likely to be
effective against many other disk encryption systems because these
technologies have many architectural features in common. Servers with
encrypted hard drives are also vulnerable.
"We've broken disk encryption products in exactly the case when they seem
to be most important these days: laptops that contain sensitive corporate
data or personal information about business customers," said J. Alex
Halderman, a Ph.D. candidate in Princeton's computer science department.
"Unlike many security problems, this isn't a minor flaw; it is a
fundamental limitation in the way these systems were designed."
In addition to Schoen, Appelbaum, and Halderman, the research team
included William Paul of Wind River Systems, and Princeton graduate
students Nadia Heninger, William Clarkson, Joseph Calandrino, Ariel
Feldman as well as Princeton Professor Edward Felten, the director of the
Center for Information Technology Policy and a member of EFF's Board of
Directors.
The researchers have submitted the paper for publication and it is
currently undergoing review. In the meantime, the researchers have
contacted the developers of BitLocker, which is included in some versions
of Windows Vista, Apple's FileVault, and the open source TrueCrypt and
dm-crypt products, to make them aware of the vulnerability. One effective
countermeasure is to turn a computer off entirely, though in some cases
even this does not provide protection.
For the full paper "Lest We Remember: Cold Boot Attacks on Encryption
Keys," a demonstration video, and other background information:
http://citp.princeton.edu/memory/
For this release: http://www.eff.org/press/archives/2008/02/21-0
###
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080223010856.7244.qmail>