[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: the cold-boot attack

To: Richard Zidlicky <rz@xxxxxxxxxxxxxx>
Subject: Re: the cold-boot attack
From: Jacob Appelbaum <jacob@xxxxxxxxxxxxx>
Date: Sat, 23 Feb 2008 14:31:35 -0800
Cc: Peter_22@xxxxxx, ml@xxxxxxxxxxxxx, linux-crypto@xxxxxxxxxxxx
In-reply-to: <20080223220337.GB1003@linux-m68k.org>
List-archive: <http://mail.nl.linux.org/linux-crypto/>
List-help: <mailto:ecartis@nl.linux.org?Subject=help>
List-id: <linux-crypto.nl.linux.org>
List-owner: <mailto:ecartis-owner@nl.linux.org>
List-post: <mailto:linux-crypto@nl.linux.org>
List-software: Ecartis version 1.0.0
List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=unsubscribe>
References: <841CA916-6F3A-40C5-A9CF-8BA0DF9B5D9B@nrao.edu> <47BDE546.1080503@appelbaum.net> <20080221225716.GA16333@tatooine.rebelbase.local> <47BE45D3.3010504@appelbaum.net> <20080222104312.150490@gmx.net> <20080223220337.GB1003@linux-m68k.org>
Sender: linux-crypto-bounce@xxxxxxxxxxxx
User-agent: Icedove 1.5.0.14pre (X11/20080208)

Richard Zidlicky wrote:
> Hi,
> 
>> As a reaction to this "attack" I wonder if it might be possible to
>> use level 2 cache of the processor to store keys in highly volatile
>> memory space. 2 or more megabytes on the CPU die might be a last
>> resort. As gpg prevents leaking keys from kernel ram to swap
>> partitions, newer disk encryption might prevent keys to be stored
>> in DRAM cells. Of course, elderly processors might not do this
>> stunt due to lack of level 1/2/3 cache but newer architectures
>> offer ever increasing megabytes. Is that a worthwhile option?
> 
> there is aonether option that is well doable with todays technology.
>  On a multi-CPU machine run a dedicated noninterruptible kernel
> thread on one of the cores which keeps essential parts of the key in
> CPU registers at all times.
> 

I'm curious how you would account for the key schedule information and
other sensitive information.

> Using some of the coprocessors would be another interesting idea but
> much less portable.

Yes, it is less portable but it is tamper resistant and specifically
designed to thwart many types of attacks.

Regards,
Jacob Appelbaum




-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

Follow-Ups:
- Re: the cold-boot attack
  - From: Richard Zidlicky

References:
- the cold-boot attack
  - From: Boyd Waters
- Re: the cold-boot attack
  - From: Jacob Appelbaum
- Re: the cold-boot attack
  - From: markus reichelt
- Re: the cold-boot attack
  - From: Jacob Appelbaum
- Re: the cold-boot attack
  - From: Peter_22
- Re: the cold-boot attack
  - From: Richard Zidlicky

Prev by Date: Re: the cold-boot attack
Next by Date: Re: the cold-boot attack
Previous by thread: Re: the cold-boot attack
Next by thread: Re: the cold-boot attack
Index(es):
- Date
- Thread