All of lore.kernel.org
 help / color / mirror / Atom feed
* [dm-crypt] Help/Question
@ 2014-01-14  1:25 Timothy Alexander
  2014-01-14  7:06 ` Arno Wagner
  0 siblings, 1 reply; 2+ messages in thread
From: Timothy Alexander @ 2014-01-14  1:25 UTC (permalink / raw)
  To: dm-crypt

Hello,

I have a question. Is LUKS viable to a cold boot attack. TrueCrypt is, 
but I'm not sure about LUKS. If it is, is there any discussion of 
encrypting keys in RAM (assuming the computer is immediately turned off, 
hibernating, or a container is unmounted).

Thank you,

Timothy

-------------------------------------------------

VFEmail.net - http://www.vfemail.net
ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!  
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!  

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [dm-crypt] Help/Question
  2014-01-14  1:25 [dm-crypt] Help/Question Timothy Alexander
@ 2014-01-14  7:06 ` Arno Wagner
  0 siblings, 0 replies; 2+ messages in thread
From: Arno Wagner @ 2014-01-14  7:06 UTC (permalink / raw)
  To: dm-crypt

I assume you mean "vulnerable"....

All software-based encryption is vulnerable to cold-boot
attacks, LUKS is no exception. There is nothing that can 
be done about it, and hence there is no discussion.

An attacker can also simply go the full way and not cold
boot, but remove the RAM modules and read them externally.
This has been shown to work for a removal time in the 
minute range.

Unless very carefully implemented, hardware encryption is 
vulnerable too. And, of course, anybody with access to 
running hardware with openend crypto containers can just 
try to break into it.

Arno

On Tue, Jan 14, 2014 at 02:25:56 CET, Timothy Alexander wrote:
> Hello,
> 
> I have a question. Is LUKS viable to a cold boot attack. TrueCrypt
> is, but I'm not sure about LUKS. If it is, is there any discussion
> of encrypting keys in RAM (assuming the computer is immediately
> turned off, hibernating, or a container is unmounted).
> 
> Thank you,
> 
> Timothy
> 
> -------------------------------------------------
> 
> VFEmail.net - http://www.vfemail.net
> ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands!
> $24.95 ONETIME Lifetime accounts with Privacy Features!  15GB disk!
> No bandwidth quotas!
> Commercial and Bulk Mail Options!
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult.  --Tony Hoare

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-01-14  7:06 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-01-14  1:25 [dm-crypt] Help/Question Timothy Alexander
2014-01-14  7:06 ` Arno Wagner

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.