tech-crypto archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: cold boot attacks on cgd?



On Mon, 25 Feb 2008 18:49:18 -0300
César Catrián Carreño <ccatrian%eml.cc@localhost> wrote:

> Hi list.
> 
> 
> According to this url, http://citp.princeton.edu/memory/ , a crypto
> key can be retrieved from RAM after the computer is shutdown.
> 
> Is CGD vulnerable (storing the key on RAM), to this kind of attack?

Yes.

There is apparently some BIOS magic that can be done to force certain
sections of RAM to be zeroed by the BIOS at boot time.  I don't know
anything more about how to set that flag.  Even if it is set, there's
no defense against someone chilling the RAM, removing it from your
machine, and putting it into their own.


                --Steve Bellovin, http://www.cs.columbia.edu/~smb


Home | Main Index | Thread Index | Old Index