LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Interview: Kristen Carlson Accardi

LWN.net Weekly Edition for July 24, 2008

Tracing: no shortage of options

Interview: Wind River's John Bruggeman

LWN.net Weekly Edition for July 17, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Cold Reboot Attacks on Disk Encryption

Cold Reboot Attacks on Disk Encryption

Posted Mar 3, 2008 6:40 UTC (Mon) by njs (subscriber, #40338)
In reply to: Cold Reboot Attacks on Disk Encryption by kevinbsmith
Parent article: Cold Reboot Attacks on Disk Encryption 

Searching all of memory for a given bitstring is indeed very quick -- a few seconds.  But,
err, if you already know what the bitstring for the key is, why are you searching for it?

What you'd really be searching for would be the data structure that's holding the key -- the
OS has some way to figure out which random-looking bitstring in those gigabytes of memory is
really the key, so you can too, by finding the right data structures and chasing the right
pointers.  AFAICT that means that the techniques you're suggesting won't work -- if the key is
split into multiple pieces, then don't look for the pieces, look for the data structure that
lists off where all of the pieces are so they can be found again by the OS.

(Log in to post comments)

Cold Reboot Attacks on Disk Encryption

Posted Mar 8, 2008 13:55 UTC (Sat) by kevinbsmith (subscriber, #4778) [Link] 

You missed the point. If you know that a key exists somewhere in RAM, it is fast and simple to
read a key's worth of data starting at every byte in the system, and attempt a decode of every
one until you find one that works. Brute force with one giga of attempts. No knowledge of OS,
language, data structures, or app code is required, aside from knowing the encryption
algorithm and key size (which is usually easy to find). Dead simple. And quite effective.

Splitting the key, or having an encrypted key with its key elsewhere in RAM would foil that
attack. At that point, the cracker would have to know something about the specific app and
craft a custom attack, which makes the attack quite a lot more difficult/expensive.

It's like locking your car so the stereo thief breaks into the unlocked car instead. It won't
block a highly motivated/funded attacker, but will keep out some script kiddies. If the cost
of splitting the key is near zero, it might be a good benefit/cost tradeoff.

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.