From: Heinz Diehl <htd+ml@fritha.org>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] keys from RAM dumps, hibernation files
Date: Fri, 14 Nov 2014 08:06:45 +0100 [thread overview]
Message-ID: <20141114070645.GA2577@fritha.org> (raw)
In-Reply-To: <5464BE66.1090508@tu-ilmenau.de>
On 13.11.2014, Lars Winterfeld wrote:
> What they say about their method is only that it "acquires protection
> keys from RAM dumps, hibernation files". Now I wonder, how does this
> attack work exactly and how vulnerable is cryptsetup against it in a
> linux environment?
Whole disk encryption only protects your data when your computer is
off. Thus, there's no memory dump to catch.
> Suppose THEY have the device in their hands.
> I guess the attack is easiest when I suspended to disk, because all
> information needed for decryption (of the mounted crypt volumes) is
> stored in plain on the disk?
Don't do that. Of course, it depends on the level of security you want
to have, and your threat model.
> When I suspend to RAM and they wake the device up again, they need to
> hack the login screen?
In general, when an adversary can get physical access to your running
machine, all bets are off. You can regard this machine as compromized.
prev parent reply other threads:[~2014-11-14 7:06 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-13 14:21 [dm-crypt] keys from RAM dumps, hibernation files Lars Winterfeld
2014-11-13 16:35 ` Michael Enßlin
2014-11-13 23:33 ` Sven Eschenberg
2014-11-14 7:31 ` Milan Broz
2014-11-14 7:06 ` Heinz Diehl [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141114070645.GA2577@fritha.org \
--to=htd+ml@fritha.org \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox