|
Posted by =?iso-8859-1?Q?M=E5ns_Rullg=E5 on February 27, 2008, 7:40 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> On Feb 27, 9:29 am, phil-news-nos...@ipal.net wrote:
>
>> I'd also recommend wiping the data with random bits instead of zeros.
>
> Why? To protect against possible even more bizarre, even more
> hypothetical attacks?
Even if there were residual patterns left after overwriting with
zeros, which I doubt, it wouldn't matter. When powered up again, the
memory will read as zeros, assuming it is done before it randomises
again. If this wasn't the case, DRAM wouldn't work at all. Besides,
such traces of previous data would fade much quicker, and the time
window for this attack is small enough as it is.
> This attack is so bizarre, it's barely worth doing much of anything
> about.
Yes, being abducted by aliens seems more likely.
--
Måns Rullgård
mans@mansr.com
|
|
Posted by Rainer Weikusat on February 28, 2008, 4:51 am
If you were Registered and logged in, you could reply and use other advanced thread options
>> On Feb 27, 9:29 am, phil-news-nos...@ipal.net wrote:
>>> I'd also recommend wiping the data with random bits instead of zeros.
>>
>> Why? To protect against possible even more bizarre, even more
>> hypothetical attacks?
>
> Even if there were residual patterns left after overwriting with
> zeros, which I doubt, it wouldn't matter. When powered up again, the
> memory will read as zeros, assuming it is done before it randomises
> again. If this wasn't the case, DRAM wouldn't work at all. Besides,
> such traces of previous data would fade much quicker, and the time
> window for this attack is small enough as it is.
>
>> This attack is so bizarre, it's barely worth doing much of anything
>> about.
>
> Yes, being abducted by aliens seems more likely.
I have just yesterday been required to read through a long marketing
text trying to sell TPM-based 'security solutions' (software) because
it is (claimed to be) immune against reading keys still available from
RAM. Assuming that it is, this is still complete bullshit, because the
protected data itself needs to reside in RAM in decrypted form if it
is supposed to be used by software for anything, so 'reading the
decryption key' isn't even necessary to access the data.
But that's presumably already to technical and to complicated for
quite a few people ...
|
|
Posted by on March 1, 2008, 10:29 pm
If you were Registered and logged in, you could reply and use other advanced thread options
| I have just yesterday been required to read through a long marketing
| text trying to sell TPM-based 'security solutions' (software) because
| it is (claimed to be) immune against reading keys still available from
| RAM. Assuming that it is, this is still complete bullshit, because the
| protected data itself needs to reside in RAM in decrypted form if it
| is supposed to be used by software for anything, so 'reading the
| decryption key' isn't even necessary to access the data.
Yes, the currently decrypted data is exposed. But at least it is limited
to just that data. With the key, the entire disk is exposed.
--
|---------------------------------------/----------------------------------|
| Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
| first name lower case at ipal.net / spamtrap-2008-03-01-2128@ipal.net |
|------------------------------------/-------------------------------------|
|
|
Posted by on February 28, 2008, 12:17 am
If you were Registered and logged in, you could reply and use other advanced thread options
| On Feb 27, 9:29 am, phil-news-nos...@ipal.net wrote:
|
|> I'd also recommend wiping the data with random bits instead of zeros.
|
| Why? To protect against possible even more bizarre, even more
| hypothetical attacks? This attack is so bizarre, it's barely worth
| doing much of anything about.
It's to confuse analysis after the fact. If the wipe is incomplete, it
is easy to see where the wipe ends and the data begins. With random bits
it is harder.
--
|---------------------------------------/----------------------------------|
| Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
| first name lower case at ipal.net / spamtrap-2008-02-27-2316@ipal.net |
|------------------------------------/-------------------------------------|
|
|
Posted by Ertugrul =?UTF-8?B?U8O2eWxlbWV on February 28, 2008, 5:40 am
If you were Registered and logged in, you could reply and use other advanced thread options
phil-news-nospam@ipal.net wrote:
> |> I'd also recommend wiping the data with random bits instead of zeros.
> |
> | Why? To protect against possible even more bizarre, even more
> | hypothetical attacks? This attack is so bizarre, it's barely worth
> | doing much of anything about.
>
> It's to confuse analysis after the fact. If the wipe is incomplete,
> it is easy to see where the wipe ends and the data begins. With
> random bits it is harder.
I wouldn't count on that. That would require that the data itself is
just as random-looking as the PRNG's output, which is almost never the
case, and if it is, then wiping isn't necessary anyway.
The whole concept is flawed. It's not the operating system's
responsibility to decide, which parts of the memory contain sensitive
data. On the other hand, a background daemon, which runs very (!)
nicely, could wipe unused memory. The usefulness of this is
questionable, though, since attacks against the live RAM will be attacks
against running applications anyway.
Regards,
Ertugrul.
--
http://ertes.de/
|
| Similar Threads | Posted | | security software for linux and mac | July 4, 2007, 1:43 pm |
| cp fw-1 ngx: no memory for german umlaute | January 15, 2006, 5:15 am |
| Different tools for the same memory capture | January 4, 2009, 12:26 pm |
| Re: Microsoft Internet Explorer COM Object Instantiation Memory Corruption Vulnerability | December 15, 2005, 10:03 am |
| Wipe Outlook Mail Messages | January 22, 2006, 12:41 pm |
| DoD Harddrive Secure Erase Wipe | April 2, 2008, 9:37 pm |
| Software to wipe disk drives on servers and pc | January 30, 2008, 4:11 pm |
| Linux Help | September 27, 2006, 7:23 pm |
| Linux? Which one is the most friendly? | May 1, 2005, 3:37 pm |
| end of linux-nightmares... approachable | June 17, 2005, 11:27 am |
|
XML site map