From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wi0-x229.google.com (mail-wi0-x229.google.com [IPv6:2a00:1450:400c:c05::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Fri, 14 Nov 2014 08:31:50 +0100 (CET) Received: by mail-wi0-f169.google.com with SMTP id n3so4231481wiv.4 for ; Thu, 13 Nov 2014 23:31:49 -0800 (PST) Received: from [192.168.2.28] (56.157.broadband5.iol.cz. [88.100.157.56]) by mx.google.com with ESMTPSA id td9sm2259456wic.15.2014.11.13.23.31.48 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 13 Nov 2014 23:31:48 -0800 (PST) Message-ID: <5465AFE2.30902@gmail.com> Date: Fri, 14 Nov 2014 08:31:46 +0100 From: Milan Broz MIME-Version: 1.0 References: <5464BE66.1090508@tu-ilmenau.de> <5464DDBF.7080903@ensslin.cc> In-Reply-To: Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Subject: Re: [dm-crypt] keys from RAM dumps, hibernation files List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On 11/14/2014 12:33 AM, Sven Eschenberg wrote: > On Thu, November 13, 2014 17:35, Michael Enßlin wrote: >> Hi, >> >> LuksClose _should_ wipe all remains of the key from memory. > > Actually unmapping the crypto target in dm-crypt should do that. The > luksClose operation of cryptsetup is one example that initiates unmapping. Yes and it does it. As the same as if you use low-level "dmsetup remove". Anyway, you can try it: I tested it with the AES key finder (cold boot utilities) on memory image from suspended virtual machine (plus you need to find dmcrypt crypt structure with plain key). After luksClose and luksSuspend all previously visible keys in RAM must disappear. Milan