From: Alex Schuster <wonko@wonkology.org>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Can RAM render useless the encryption of the / and swap partitions?
Date: Tue, 9 Oct 2007 03:51:35 +0200 [thread overview]
Message-ID: <200710090351.35685.wonko@wonkology.org> (raw)
In-Reply-To: <68b1e2610710041133q2908483cu7877a6b197460922@mail.gmail.com>
Liviu Andronic writes:
> So, my eternal question, is it realistic for the "lost" RAM data to be
> recovered? That is, after system shutdown, does the data still
> physically reside on the RAM and can someone with a decent technology
> and know-how recover it? In other words, is this a serious breach in
> any encrypted system?
I am pressy sure there was a posting here aw hile ago by someone who did not
lioke LUKS encryption, and he argued with a link to a speech at the CCC
camp, a hacker convention. But I cannot find it any more.
I found a blog entry about it, but it is in German only [1].
In short, it states that even after a reset RAM is quite intact, because it
is not being initialized at system start any more in these days. And,
according to the speaker, most of the RAM may even survives for as long as
30 seconds after powering off! At least on a ThinkPad T30 notebook (stated
in the presentation, the second attached file in [2]). Quite surprising to
me.
Another thing is Firewire, or hot-pluggable PCI cards (and everything else
which accesses RAM via DMA). This allows to read the RAM of the running
system by simply plugging in a firewire device.
So, resetting the system and booting another one, or plugging in a firewire
device, allows to get a memory dump. Scary, huh?
[1] http://stefan.ploing.de/2007-08-10-ccc-camp-2-tag
[2] https://events.ccc.de/camp/2007/Fahrplan/events/2002.en.html
Alex
--
gentoo-user@gentoo.org mailing list
next prev parent reply other threads:[~2007-10-09 2:08 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-04 6:42 [gentoo-user] Can RAM render useless the encryption of the / and swap partitions? Liviu Andronic
2007-10-04 13:47 ` Alan McKinnon
2007-10-04 14:34 ` Hans-Werner Hilse
2007-10-04 15:52 ` Volker Armin Hemmann
2007-10-04 16:04 ` Liviu Andronic
2007-10-04 17:49 ` Volker Armin Hemmann
2007-10-04 18:28 ` Liviu Andronic
2007-10-04 19:48 ` Mick
2007-10-05 20:57 ` Daniel Pielmeier
2007-10-06 4:22 ` Liviu Andronic
2007-10-06 9:04 ` Daniel Pielmeier
2007-10-04 16:57 ` Alan McKinnon
2007-10-04 18:33 ` Liviu Andronic
2007-10-05 11:38 ` Hans-Werner Hilse
2007-10-05 18:57 ` Randy Barlow
2007-10-05 20:44 ` Liviu Andronic
2007-10-09 1:51 ` Alex Schuster [this message]
2007-10-15 21:45 ` Liviu Andronic
2007-10-04 18:53 ` Randy Barlow
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200710090351.35685.wonko@wonkology.org \
--to=wonko@wonkology.org \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox