From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <hurga@tigress.com>
Received: from hydrogen.yatho.de (hydrogen.yatho.de [85.199.154.53])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mail.saout.de (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Mon, 14 Mar 2011 23:22:24 +0100 (CET)
Date: Mon, 14 Mar 2011 23:16:55 +0100
From: Hanno Foest <hurga-crypt@tigress.com>
Message-ID: <20110314221654.GE7787@tigress.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Subject: Re: [dm-crypt] Memory location of the encryption key
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On Tue Feb 15 10:54:35 CET 2011, Milan Broz wrote:

[Cold Boot attacks]
> Moreover, this attacks also include "platform reset" attack when you
> simply reset device and store memory image, because the power was
> still present, there is no memory loss (except few pages for image
> tool).

Hi, sorry for the late reply... but I've been wondering if these attacks
- rebooting the device into some kind of imaging tool for retrieving the
  memory image with the encryption key - can't be prevented by storing
the key in a place in memory where it would be inevitably overwritten by
the contents of the boot media.

Obviously this wouldn't stop the kind of attacks where the cooled RAM is
being read in some kind of external device, but it would surely make
attacks more expensive.

Hanno