From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1If4WK-0003O3-5a for garchives@archives.gentoo.org; Tue, 09 Oct 2007 02:08:28 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.1/8.14.0) with SMTP id l991urZ9011492; Tue, 9 Oct 2007 01:56:53 GMT Received: from mail.askja.de (mail.askja.de [83.137.103.136]) by robin.gentoo.org (8.14.1/8.14.0) with ESMTP id l991pg5t005002 for ; Tue, 9 Oct 2007 01:51:42 GMT Received: from xdsl-213-196-214-61.netcologne.de ([213.196.214.61] helo=zone.wonkology.org) by mail.askja.de with esmtpsa (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.67) (envelope-from ) id 1If4G6-0004kc-AL for gentoo-user@lists.gentoo.org; Tue, 09 Oct 2007 03:51:42 +0200 Received: from weird.wonkology.org (weird.wonkology.org [::ffff:192.168.1.4]) by zone.wonkology.org with esmtp; Tue, 09 Oct 2007 03:51:38 +0200 id 0003022C.470ADEAA.00006F3E From: Alex Schuster Organization: Wonkology To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Can RAM render useless the encryption of the / and swap partitions? Date: Tue, 9 Oct 2007 03:51:35 +0200 User-Agent: KMail/1.9.7 References: <68b1e2610710032342j1b47ff5g8f868d8fcc0179ef@mail.gmail.com> <200710041857.51348.alan@linuxholdings.co.za> <68b1e2610710041133q2908483cu7877a6b197460922@mail.gmail.com> In-Reply-To: <68b1e2610710041133q2908483cu7877a6b197460922@mail.gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200710090351.35685.wonko@wonkology.org> X-Archives-Salt: 5f250ec5-806b-4056-b23b-8775e98c8d9a X-Archives-Hash: 524d557941bb0f686b5031f5e84c853b Liviu Andronic writes: > So, my eternal question, is it realistic for the "lost" RAM data to be > recovered? That is, after system shutdown, does the data still > physically reside on the RAM and can someone with a decent technology > and know-how recover it? In other words, is this a serious breach in > any encrypted system? I am pressy sure there was a posting here aw hile ago by someone who did not lioke LUKS encryption, and he argued with a link to a speech at the CCC camp, a hacker convention. But I cannot find it any more. I found a blog entry about it, but it is in German only [1]. In short, it states that even after a reset RAM is quite intact, because it is not being initialized at system start any more in these days. And, according to the speaker, most of the RAM may even survives for as long as 30 seconds after powering off! At least on a ThinkPad T30 notebook (stated in the presentation, the second attached file in [2]). Quite surprising to me. Another thing is Firewire, or hot-pluggable PCI cards (and everything else which accesses RAM via DMA). This allows to read the RAM of the running system by simply plugging in a firewire device. So, resetting the system and booting another one, or plugging in a firewire device, allows to get a memory dump. Scary, huh? [1] http://stefan.ploing.de/2007-08-10-ccc-camp-2-tag [2] https://events.ccc.de/camp/2007/Fahrplan/events/2002.en.html Alex -- gentoo-user@gentoo.org mailing list