Re: [dm-crypt] Help/Question

[Arno Wagner <arno@wagner.name>]

I assume you mean "vulnerable"....

All software-based encryption is vulnerable to cold-boot
attacks, LUKS is no exception. There is nothing that can 
be done about it, and hence there is no discussion.

An attacker can also simply go the full way and not cold
boot, but remove the RAM modules and read them externally.
This has been shown to work for a removal time in the 
minute range.

Unless very carefully implemented, hardware encryption is 
vulnerable too. And, of course, anybody with access to 
running hardware with openend crypto containers can just 
try to break into it.

Arno

On Tue, Jan 14, 2014 at 02:25:56 CET, Timothy Alexander wrote:
> Hello,
> 
> I have a question. Is LUKS viable to a cold boot attack. TrueCrypt
> is, but I'm not sure about LUKS. If it is, is there any discussion
> of encrypting keys in RAM (assuming the computer is immediately
> turned off, hibernating, or a container is unmounted).
> 
> Thank you,
> 
> Timothy
> 
> -------------------------------------------------
> 
> VFEmail.net - http://www.vfemail.net
> ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands!
> $24.95 ONETIME Lifetime accounts with Privacy Features!  15GB disk!
> No bandwidth quotas!
> Commercial and Bulk Mail Options!
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult.  --Tony Hoare