From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gebser@mousecar.com>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 0_YdfzR48wsx for <dm-crypt@saout.de>;
 Tue, 27 Sep 2011 11:07:55 +0200 (CEST)
Received: from mout.perfora.net (mout.perfora.net [74.208.4.194])
 by mail.saout.de (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Tue, 27 Sep 2011 11:07:55 +0200 (CEST)
Message-ID: <4E819264.2070400@mousecar.com>
Date: Tue, 27 Sep 2011 05:07:48 -0400
From: ken <gebser@mousecar.com>
MIME-Version: 1.0
References: <CACFtf0c_ZU7eLsct1g7Cdyijb0-UG9L8JzJLH0CR90RdQU8WDA@mail.gmail.com>
In-Reply-To: <CACFtf0c_ZU7eLsct1g7Cdyijb0-UG9L8JzJLH0CR90RdQU8WDA@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] Retrieve the Passphrase from RAM Memory
Reply-To: gebser@mousecar.com
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: Eduardo Schultze <duduschultze@gmail.com>, dm-crypt <dm-crypt@saout.de>

These questions first require an understanding of RAM and how it 
functions in any computer.  That said, the short answers to your two 
questions is no, except that recently some researchers have found it 
possible to freeze RAM shortly after a machine was turned off-- within 
seconds-- and thereby preserve it's state and so then retrieve data from 
it.  This is not a procedure most of us could carry out.  And then 
whether the password still is (or ever was) in RAM is another question. 
  Having written a little code in my time, I would sincerely guess not; 
limiting a variable's scope and even overwriting the value of a variable 
are too easy and here obvious *not* to do.  A better answer than mine, 
however, would be found by examining the code.

hth,
ken

-- 
War is a failure of the imagination.
         --William Blake



On 09/26/2011 10:34 PM Eduardo Schultze wrote:
> Hello,
> 
> I'm a Security Information student at Unisinos College, Brazil. As a 
> paper during this semester it was me and my colleagues choice to write a 
> paper about LUKS on Ubuntu 10.4.
> 
> My question is -  Is it possible to retrieve the passphrase from RAM 
> memory after a successful authentication and shutdown? Is this case we 
> would turn the system on, authenticate, turn off, and then check if the 
> passphrase would still be in the RAM memory even with the turned off 
> computer.
> 
> If not, would it be possible to dump the RAM memory and retrieve the 
> passphrase (now with the system turned on)?
> 
> I looked for these answers at the FAQ section but couldn't find it.
> 
> Thanks in advance,
> Eduardo Schultze.
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt