* Protect against cold boot attacks?
@ 2011-11-23 23:20 Fred .
2011-11-24 20:45 ` Glynn Clements
0 siblings, 1 reply; 2+ messages in thread
From: Fred . @ 2011-11-23 23:20 UTC (permalink / raw)
To: linux-admin
Will
su-c 'sync; echo 3 > /proc/sys/vm/drop_caches'
protect against cold boot attacks?
Is there anything that will protect against cold boot attacks?
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Protect against cold boot attacks?
2011-11-23 23:20 Protect against cold boot attacks? Fred .
@ 2011-11-24 20:45 ` Glynn Clements
0 siblings, 0 replies; 2+ messages in thread
From: Glynn Clements @ 2011-11-24 20:45 UTC (permalink / raw)
To: Fred .; +Cc: linux-admin
Fred . wrote:
> Will
> su-c 'sync; echo 3 > /proc/sys/vm/drop_caches'
> protect against cold boot attacks?
No. Writing to drop_caches releases the memory for subsequent re-use;
it doesn't overwrite it, so anything stored in that memory is still
susceptible to a cold-boot attack.
> Is there anything that will protect against cold boot attacks?
Physical security.
Other than that, it's a matter of degree. Particularly sensitive
information (passwords, encryption keys) should be overwritten by the
application once they are no longer required. Larger amounts of
application data (i.e. documents) can't really avoid being held in
RAM.
--
Glynn Clements <glynn@gclements.plus.com>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-11-24 20:45 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-11-23 23:20 Protect against cold boot attacks? Fred .
2011-11-24 20:45 ` Glynn Clements
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).