[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
the cold-boot attack - a paper tiger?
Hello everyone!
Maybe you remember the cold-boot attack described at
http://citp.princeton.edu/memory/
claiming memory remanence to leak passwords used in popular disk encryption software. For truecrypt and other suites this might apply, but there was some thing called "key scrubbing" in loop-aes. As a cold-boot attack comprises the passphrase recovery even after a system reset it ought to be even easier to check memory on a running system. So does a simple command listed at
http://citp.princeton.edu/memory/exp/
'sudo strings /dev/mem | less'
Since I know the passphrase I recently entered to mount an encrypted volume, I can search for it in memory like this:
'sudo strings /dev/mem | grep *somepass*'
Surprisingly nothing happens. A passphrase as entered in cleartext is never returned. Most likely, a reboot won´t make a change for the better. Maybe putting memory modules in cryo stasis allows for recording some bit-patterns. As of now, this boot attack reveals nothing helpful to my eyes. Or could you tell me at what point I acted amiss?
Best regards
Peter
--
Desperate Housewives - das Spiel!
Pikante Skandale, schockierende Details unter: http://flat.games.gmx.de
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/