[gentoo-user] Can RAM render useless the encryption of the / and swap partitions?

[gentoo-user] Can RAM render useless the encryption of the / and swap partitions?

[Liviu Andronic]

Hello security gurus, this one's for you:

After shutdown, is it possible to recover the data stored on the
Random Access Memory? Be it an ancient mounted ramdisk, a tmpfs mount
point or normal data kept in memory by programs.

In many ressources on the net (the Gentoo Wiki and Forums, other
Security related HOWTOs), people suggest the use of tmpfs for the /tmp
mount point. They say that since the temporary files are completely
stored in RAM and on the eventually encrypted swap partition, it is
secure. However, I have doubts as to the veracity of this fact.

For one part, one week ago my Computer Sciences professor said that
"deleting the files in the evening doesn't help you at all, since the
data is stored on your RAM and the police knows about it". He was
talking about Windows, but - if true - this should also hold true for
Linux. This got me curious.

Then, on the Gentoo Wiki
(http://gentoo-wiki.com/SECURITY_Anonymizing_Unix_Systems), Van
Hauser, the author of THC's secure-delete package, says "It [the RAM]
can hold very sensitive information like the email you wrote before
pgp'ing it, passwords, anything. To ensure, that the memory is
cleaned, use the smem utility." And later on: "Now one problem is
left. Even with normal RAM a well funded organisation can get the
contents after the system is powered off. With the modern SDRAM it's
even worse, where the data stays on the RAM permanently until new data
is written. For this, I introduced a small tool for the secure_delete
package 2.1, called "smem" which tries to clean the memory. This one
should be called on shutdown. " These comments triggered off this
thread.

Consider that someone uses an encrypted swap and an encrypted root,
with non-default cryptographic options. Also, in this discussion,
please consider the case of a well founded organization, say the
police or a three-lettered organization.

Now, here's the worst case scenario. In the evening, you want to
create a poster "NO Putins for Prime-Minister". You have everything
encrypted on your system, so you feel OK. You fire up OpenOffice (just
to complicate things) and write the text, then GIMP and open the image
you want to use. Then you copy the text (say using cplipman, on Xfce)
to GIMP. You do modify the beautiful image to make it beautifuler. And
save your gorgeous poster on the encrypted hard disk.

Using such programs will most surely leave you with the following:
somewhere somehow temporary files of your .odt document, deleted
temporary files of the .odt document, the hard disk copy of your
poster, and more or less the same information in your RAM. On the
former ones you feel OK: you've got an encrypted root and an encrypted
swap. There's no breach (_is there?_).

So, to continue the worst case scenario, in the morning you find
yourself confiscated together with your laptop by a three-lettered
organization. For a moment, disregard the human rights problem.

First question: What about the RAM? After system shutdown, does the
RAM still store your recent data and can it be recovered ??

A second, more science fiction one (although I did stumble on the
following link:
http://hardware.slashdot.org/article.pl?sid=06/04/10/1451200): Can
someone encrypt at a software level the data stored on RAM?

Third: Is smem -ll efficient? The man page (Gentoo edited, I imagine)
states "Beware: BETA!  smem is still beta."

Fourth: How can one deal with the data stored on RAM, and that before shutdown?

Thanks in advance if you can answer at least some of these questions.

Regards,
Liviu
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Can RAM render useless the encryption of the / and swap partitions?

[Alan McKinnon]

On Thursday 04 October 2007, Liviu Andronic wrote:
> And later on: "Now one problem is
> left. Even with normal RAM a well funded organisation can get the
> contents after the system is powered off. With the modern SDRAM it's
> even worse, where the data stays on the RAM permanently until new
> data is written.

Pray tell, how does RAM manage to retain data when the power is off? 
It's either six transistors or one transistor and a cap per cell = not 
persistent.

I don't know of any magic persistent RAM that's fast enough for use as 
main RAM. Flash disks are of course another story but you do appear to 
be talking about system RAM

alan

-- 
Optimists say the glass is half full,
Pessimists say the glass is half empty,
Developers say wtf is the glass twice as big as it needs to be?

Alan McKinnon
alan at linuxholdings dot co dot za
+27 82, double three seven, one nine three five
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Can RAM render useless the encryption of the / and swap partitions?

[Hans-Werner Hilse]

Hi,

On Thu, 4 Oct 2007 15:47:53 +0200 Alan McKinnon
<alan@linuxholdings.co.za> wrote:

> On Thursday 04 October 2007, Liviu Andronic wrote:
> > And later on: "Now one problem is
> > left. Even with normal RAM a well funded organisation can get the
> > contents after the system is powered off. With the modern SDRAM it's
> > even worse, where the data stays on the RAM permanently until new
> > data is written.
> 
> Pray tell, how does RAM manage to retain data when the power is off? 
> It's either six transistors or one transistor and a cap per cell =
> not persistent.

In theory, for the one transistor and one cap case, you have a loaded
cap that will take "forever" losing its load, won't it? But in
practice, I think, that's not realistic.

> I don't know of any magic persistent RAM that's fast enough for use
> as main RAM. Flash disks are of course another story but you do
> appear to be talking about system RAM

There actually are new RAM types being made for solid-state storage.
But this is in a proof-of-concept stage, I think.

Maybe Liviu's professor had those magnetic drum memory units in mind
when saying that?

Anyway, cleaning memory on a power-off shut down doesn't make much
sense. However, it makes sense to clean up memory after having critical
data in it -- e.g. a reboot doesn't necessarily clean up RAM. And I'm
not sure if some mainboards even keep the RAM powered in certain
situations -- at least, they can as long as the power is not really
switched off (e.g. machine only in ATX soft-off mode).

-hwh
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Can RAM render useless the encryption of the / and swap partitions?

[Volker Armin Hemmann]

On Donnerstag, 4. Oktober 2007, Hans-Werner Hilse wrote:
> Hi,
>
> On Thu, 4 Oct 2007 15:47:53 +0200 Alan McKinnon
>
> <alan@linuxholdings.co.za> wrote:
> > On Thursday 04 October 2007, Liviu Andronic wrote:
> > > And later on: "Now one problem is
> > > left. Even with normal RAM a well funded organisation can get the
> > > contents after the system is powered off. With the modern SDRAM it's
> > > even worse, where the data stays on the RAM permanently until new
> > > data is written.
> >
> > Pray tell, how does RAM manage to retain data when the power is off?
> > It's either six transistors or one transistor and a cap per cell =
> > not persistent.
>
> In theory, for the one transistor and one cap case, you have a loaded
> cap that will take "forever" losing its load, won't it? But in
> practice, I think, that's not realistic.

in practice, the ram has to refreshed every few cycles (on reason why it is 
slow) because it is loosing its load so fast.

In practice, after power is cut, everything in ram is lost.

But not the stuff in swap....
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Can RAM render useless the encryption of the / and swap partitions?

[Liviu Andronic]

On 10/4/07, Volker Armin Hemmann <volker.armin.hemmann@tu-clausthal.de> wrote:
> in practice, the ram has to refreshed every few cycles (on reason why it is
> slow) because it is loosing its load so fast.
>
> In practice, after power is cut, everything in ram is lost.
>
> But not the stuff in swap....

Considering that swap is encrypted, is it realistic for this "lost"
RAM data to be recovered? Again, take the case of a well funded
organization.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Can RAM render useless the encryption of the / and swap partitions?

[Alan McKinnon]

On Thursday 04 October 2007, Hans-Werner Hilse wrote:
> Hi,
>
> On Thu, 4 Oct 2007 15:47:53 +0200 Alan McKinnon
>
> <alan@linuxholdings.co.za> wrote:
> > On Thursday 04 October 2007, Liviu Andronic wrote:
> > > And later on: "Now one problem is
> > > left. Even with normal RAM a well funded organisation can get the
> > > contents after the system is powered off. With the modern SDRAM
> > > it's even worse, where the data stays on the RAM permanently
> > > until new data is written.
> >
> > Pray tell, how does RAM manage to retain data when the power is
> > off? It's either six transistors or one transistor and a cap per
> > cell = not persistent.
>
> In theory, for the one transistor and one cap case, you have a loaded
> cap that will take "forever" losing its load, won't it? But in
> practice, I think, that's not realistic.

Definitely not realistic - the cap is on the order of a fraction of a pF 
and needs to be refreshed every 50-100mS or so. Once the power is off, 
the cap sees a (relatively) low impedance sink and discharges rather 
quickly

> > I don't know of any magic persistent RAM that's fast enough for use
> > as main RAM. Flash disks are of course another story but you do
> > appear to be talking about system RAM
>
> There actually are new RAM types being made for solid-state storage.
> But this is in a proof-of-concept stage, I think.

<side note> I for one anxiously await the arrival of solid-state disks. 
I have customers who simply *cannot* do backups as the backup takes 
longer than the available window! Disk speed is a very limiting factor

> Maybe Liviu's professor had those magnetic drum memory units in mind
> when saying that?

In all honesty, I've heard some very very strange things from the mouths 
of professors over the years. We don;t really know what this person 
said or intended

>
> Anyway, cleaning memory on a power-off shut down doesn't make much
> sense. However, it makes sense to clean up memory after having
> critical data in it -- e.g. a reboot doesn't necessarily clean up
> RAM. And I'm not sure if some mainboards even keep the RAM powered in
> certain situations -- at least, they can as long as the power is not
> really switched off (e.g. machine only in ATX soft-off mode).

Yes, this is very true

alan




-- 
Optimists say the glass is half full,
Pessimists say the glass is half empty,
Developers say wtf is the glass twice as big as it needs to be?

Alan McKinnon
alan at linuxholdings dot co dot za
+27 82, double three seven, one nine three five
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Can RAM render useless the encryption of the / and swap partitions?

[Volker Armin Hemmann]

On Donnerstag, 4. Oktober 2007, Liviu Andronic wrote:
> On 10/4/07, Volker Armin Hemmann <volker.armin.hemmann@tu-clausthal.de> 
wrote:
> > in practice, the ram has to refreshed every few cycles (on reason why it
> > is slow) because it is loosing its load so fast.
> >
> > In practice, after power is cut, everything in ram is lost.
> >
> > But not the stuff in swap....
>
> Considering that swap is encrypted, is it realistic for this "lost"
> RAM data to be recovered? Again, take the case of a well funded
> organization.

that depends on the encryption. Some algorithms are easy to break. Some are 
not, some will be broken as soon as we get quantum-computers ;)
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Can RAM render useless the encryption of the / and swap partitions?

[Liviu Andronic]

On 10/4/07, Volker Armin Hemmann <volker.armin.hemmann@tu-clausthal.de> wrote:
> > Considering that swap is encrypted, is it realistic for this "lost"
> > RAM data to be recovered? Again, take the case of a well funded
> > organization.
>
> that depends on the encryption. Some algorithms are easy to break. Some are
> not, some will be broken as soon as we get quantum-computers ;)

I'm basing myself mainly on:
http://gentoo-wiki.com/SECURITY_System_Encryption_DM-Crypt_with_LUKS#Encrypting_swap_for_installation
and
http://en.wikipedia.org/wiki/AES_process#Rounds_one_and_two

for the cipher's choice, and for the method used on:
http://www.gentoo.org/proj/en/hardened/disk-cryptography.xml

I have settled down to the following:
-c blowfish -h sha256 for swap
and
-c serpent  -h sha256 for the sensitive data partitions (/home, etc.).
in combination with a "strong" password.

How encrypted does this sound? For today, at least..
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Can RAM render useless the encryption of the / and swap partitions?

[Liviu Andronic]

On 10/4/07, Alan McKinnon <alan@linuxholdings.co.za> wrote:
> On Thursday 04 October 2007, Hans-Werner Hilse wrote:
>>  [..]
> > However, it makes sense to clean up memory after having
> > critical data in it -- e.g. a reboot doesn't necessarily clean up
> > RAM.
>>  [..]
>
> Yes, this is very true

BUT

On 10/4/07, Alan McKinnon <alan@linuxholdings.co.za> wrote:
> Pray tell, how does RAM manage to retain data when the power is off?

...and...
On 10/4/07, Volker Armin Hemmann <volker.armin.hemmann@tu-clausthal.de> wrote:
> In practice, after power is cut, everything in ram is lost.


So, my eternal question, is it realistic for the "lost" RAM data to be
recovered? That is, after system shutdown, does the data still
physically reside on the RAM and can someone with a decent technology
and know-how recover it? In other words, is this a serious breach in
any encrypted system?
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Can RAM render useless the encryption of the / and swap partitions?

[Randy Barlow]

Hans-Werner Hilse wrote:
> In theory, for the one transistor and one cap case, you have a loaded
> cap that will take "forever" losing its load, won't it? But in
> practice, I think, that's not realistic.

It's actually not theory vs. practice.  Even in theory, it's not just a 
cap, it's a cap and a resistor.  So you have a time constant, tau = 
R*C.  Since the capacitance is very small (picofarads) and we're not 
talking large resistance either, you end up with a very small time 
constant and that cap leaks its charge very quickly (which is why the 
RAM needs to be refreshed and powered).

-- 
R
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Can RAM render useless the encryption of the / and swap partitions?

[Mick]

[-- Attachment #1: Type: text/plain, Size: 1387 bytes --]

On Thursday 04 October 2007, Volker Armin Hemmann wrote:
> On Donnerstag, 4. Oktober 2007, Liviu Andronic wrote:
> > On 10/4/07, Volker Armin Hemmann <volker.armin.hemmann@tu-clausthal.de>
>
> wrote:
> > > in practice, the ram has to refreshed every few cycles (on reason why
> > > it is slow) because it is loosing its load so fast.
> > >
> > > In practice, after power is cut, everything in ram is lost.
> > >
> > > But not the stuff in swap....
> >
> > Considering that swap is encrypted, is it realistic for this "lost"
> > RAM data to be recovered? Again, take the case of a well funded
> > organization.
>
> that depends on the encryption. Some algorithms are easy to break. Some are
> not, some will be broken as soon as we get quantum-computers ;)

Are we missing the obvious?  The easiest think to 'break' is the weakest link 
in the chain.  In such a *hypothetical* case that would be the person who is 
in possession of the passphrase.  I would expect that such a person would be 
invariably labeled a "hacker" and condemned to eternity . . .

Cracking the encryption algorithm by computation would only be necessary if 
the said person was not able to disclose the key due to absence, or due to an 
inability to recover from the vegetative (or worse) state that the 
questioning methods may have inadvertently induced.

 :P
-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Can RAM render useless the encryption of the / and swap partitions?

[Hans-Werner Hilse]

Hi,

On Thu, 4 Oct 2007 20:33:40 +0200 "Liviu Andronic"
<landronimirc@gmail.com> wrote:

> On 10/4/07, Alan McKinnon <alan@linuxholdings.co.za> wrote:
> > On Thursday 04 October 2007, Hans-Werner Hilse wrote:
> > > However, it makes sense to clean up memory after having
> > > critical data in it -- e.g. a reboot doesn't necessarily clean up
> > > RAM.
> >
> > Yes, this is very true
> 
> BUT
> 
> On 10/4/07, Alan McKinnon <alan@linuxholdings.co.za> wrote:
> > Pray tell, how does RAM manage to retain data when the power is off?
> 
> ...and...
> On 10/4/07, Volker Armin Hemmann
> <volker.armin.hemmann@tu-clausthal.de> wrote:
> > In practice, after power is cut, everything in ram is lost.
> 
> So, my eternal question, is it realistic for the "lost" RAM data to be
> recovered? That is, after system shutdown, does the data still
> physically reside on the RAM and can someone with a decent technology
> and know-how recover it? In other words, is this a serious breach in
> any encrypted system?

No, it isn't. Well, I didn't had the full circuit design of today's
DRAMs in mind, and yes, since there's the resistor, the capacitor will
lose its load (very) soon (/me scratches his head, wasn't there
something asymptotically in that graph? But in any way, it would be a
difference of very few electrons on the sides of the capacitor) --
that's not a security breach.

But: We are talking about _powering_ _off_ the DRAM. You are talking
about shutting down. That might be two different things and completely
depend on hardware design. Make shure that RAM's gonna get powered off
and you're save. So pulling the plug should give you a warm good
feeling in that regard. Doing a "sudo halt", however, _might_ have
other consequences and we cannot make a general assumption on that.
Even pulling the plug might have problems: There's such thing as
battery-buffered RAM (although I think they've used it mainly in the
pre-Flash era).

The thing is: You never can guarantee security, that's absolutely
impossible (well, of course you can, but you would automatically be
wrong). You can do all your best, but that's about it. Having security
is a thing you can falsify, but never verify, since theorys can't be
verified without dogmas (and there are no accepted dogmas that would
help here).

-hwh
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Can RAM render useless the encryption of the / and swap partitions?

[Randy Barlow]

Hans-Werner Hilse wrote:
> The thing is: You never can guarantee security, that's absolutely
> impossible (well, of course you can, but you would automatically be
> wrong).

Well, you can put your machine in a closet and never turn it on, ever :)
 Then physical theft is the only possibility, but who's going to miss a
machine that's never used? ;)

-- 
Randy Barlow
http://electronsweatshop.com
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Can RAM render useless the encryption of the / and swap partitions?

[Liviu Andronic]

On 10/5/07, Hans-Werner Hilse <hilse@web.de> wrote:
> > So, my eternal question, is it realistic for the "lost" RAM data to be
> > recovered? That is, after system shutdown, does the data still
> > physically reside on the RAM and can someone with a decent technology
> > and know-how recover it? In other words, is this a serious breach in
> > any encrypted system?
>
> No, it isn't. Well, I didn't had the full circuit design of today's
> DRAMs in mind, and yes, since there's the resistor, the capacitor will
> lose its load (very) soon (/me scratches his head, wasn't there
> something asymptotically in that graph? But in any way, it would be a
> difference of very few electrons on the sides of the capacitor) --
> that's not a security breach.
>
> But: We are talking about _powering_ _off_ the DRAM. You are talking
> about shutting down. That might be two different things and completely
> depend on hardware design. Make shure that RAM's gonna get powered off
> and you're save. So pulling the plug should give you a warm good
> feeling in that regard. Doing a "sudo halt", however, _might_ have
> other consequences and we cannot make a general assumption on that.
> Even pulling the plug might have problems: There's such thing as
> battery-buffered RAM (although I think they've used it mainly in the
> pre-Flash era).
>
> The thing is: You never can guarantee security, that's absolutely
> impossible (well, of course you can, but you would automatically be
> wrong). You can do all your best, but that's about it. Having security
> is a thing you can falsify, but never verify, since theorys can't be
> verified without dogmas (and there are no accepted dogmas that would
> help here).

Thank you for your answer, Hans. This is more or less the information
that I was looking for.

So, on a laptop, after "halt"-ing the system, one should make sure to
remove the battery and also pull the plug from the outlet. As far as I
understand, this should more or less take care of the data stored in
the RAM, _or_ give you the feeling that you did your best. If one
enjoys being paranoid, one may also run "smem" on system shutdown. All
this, of course, needs to be in combination with _at least_ an
encrypted swap and tmpfs mounted on /tmp.

One last reserve that I have towards this scheme is the information in
the man page of smem (part of the secure-delete package, suite of
utilities written by van Hauser from THC [
http://freeworld.thc.org/releases.php ]):
"smem is designed to delete data which may lie still in your memory (RAM)
in a secure manner which can not be recovered by thiefs, law enforcement
or other threats.

Note that with the new SDRAMs, data will not wither away but will be kept
static - it is easy to extract the necessary information!
The wipe algorythm is based on the paper "Secure Deletion of Data from
Magnetic and Solid-State Memory" presented at the 6th Usenix Security
Symposium by Peter Gutmann, one of the leading civilian cryptographers."

This is either a very efficient advertising campaign for his utility,
or he actually knows what he is talking about. For one part, the paper
[ http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html ]
dedicates two chapters to the data kept in the RAM. However,
considering that the paper is dated 1996, and the secure-delete man
page was last updated in 2003, there is also the possibility that this
information is outdated.

Again, thanks all for their input. Regards,
Liviu
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Can RAM render useless the encryption of the / and swap partitions?

[Daniel Pielmeier]

Volker Armin Hemmann schrieb:
> In practice, after power is cut, everything in ram is lost.
> 
> But not the stuff in swap....

I don't know if this was mentioned already but it is probably useful.

There is an option in baselayout's rc file to erase the swap at
shutdown. Take a look at /etc/conf.d/rc under RC_SWAP_ERASE.

Regards,

Daniel
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Can RAM render useless the encryption of the / and swap partitions?

[Liviu Andronic]

Hello,

On 10/5/07, Daniel Pielmeier <daniel.pielmeier@googlemail.com> wrote:
> There is an option in baselayout's rc file to erase the swap at
> shutdown. Take a look at /etc/conf.d/rc under RC_SWAP_ERASE.

As far as I understand, this is far from secure. You want at least
some degree of security, you need cryptography. See:
http://gentoo-wiki.com/SWAP_ERASE_on_halt .

Regards,
Liviu
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Can RAM render useless the encryption of the / and swap partitions?

[Daniel Pielmeier]

Liviu Andronic schrieb:
> On 10/5/07, Daniel Pielmeier <daniel.pielmeier@googlemail.com> wrote:
>> There is an option in baselayout's rc file to erase the swap at
>> shutdown. Take a look at /etc/conf.d/rc under RC_SWAP_ERASE.
> 
> As far as I understand, this is far from secure. You want at least
> some degree of security, you need cryptography. See:
> http://gentoo-wiki.com/SWAP_ERASE_on_halt .

I don't use it myself, just thought it may be helpful.

I have checked newer baselayout versions for this option before and i
wondered why it wasn't there, so now i know the reason. Thanks!
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Can RAM render useless the encryption of the / and swap partitions?

[Alex Schuster]

Liviu Andronic writes:

> So, my eternal question, is it realistic for the "lost" RAM data to be
> recovered? That is, after system shutdown, does the data still
> physically reside on the RAM and can someone with a decent technology
> and know-how recover it? In other words, is this a serious breach in
> any encrypted system?

I am pressy sure there was a posting here aw hile ago by someone who did not 
lioke LUKS encryption, and he argued with a link to a speech at the CCC 
camp, a hacker convention. But I cannot find it any more.

I found a blog entry about it, but it is in German only [1].

In short, it states that even after a reset RAM is quite intact, because it 
is not being initialized at system start any more in these days. And, 
according to the speaker, most of the RAM may even survives for as long as 
30 seconds after powering off! At least on a ThinkPad T30 notebook (stated 
in the presentation, the second attached file in [2]). Quite surprising to 
me.
Another thing is Firewire, or hot-pluggable PCI cards (and everything else 
which accesses RAM via DMA). This allows to read the RAM of the running 
system by simply plugging in a firewire device.
So, resetting the system and booting another one, or plugging in a firewire 
device, allows to get a memory dump. Scary, huh?

[1] http://stefan.ploing.de/2007-08-10-ccc-camp-2-tag
[2] https://events.ccc.de/camp/2007/Fahrplan/events/2002.en.html

	Alex
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Can RAM render useless the encryption of the / and swap partitions?

[Liviu Andronic]

On 10/9/07, Alex Schuster <wonko@wonkology.org> wrote:
> according to the speaker, most of the RAM may even survives for as long as
> 30 seconds after powering off! At least on a ThinkPad T30 notebook (stated
[..]
> Another thing is Firewire, or hot-pluggable PCI cards (and everything else
> which accesses RAM via DMA). This allows to read the RAM of the running
> system by simply plugging in a firewire device.
> So, resetting the system and booting another one, or plugging in a firewire
> device, allows to get a memory dump. Scary, huh?

On the scary note, I've recently stumbled on this paper by Peter
Gutmann, from the IBM T.J.Watson Research Center, published in 2001 at
a Usenix conference: Data Remanence in Semiconductor Devices [1]. Not
much reassuring either ~_-.

[1] http://www.usenix.org/events/sec01/gutmann.html

Liviu
-- 
gentoo-user@gentoo.org mailing list