| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 01 Jul 2009 13:40:08 -0700 From: Jeremy Maitin-Shepard <jeremy@...emyms.com> To: Jens Gustedt <Jens.Gustedt@...ia.fr> Cc: tuxonice-devel@...ts.tuxonice.net, linux-kernel@...r.kernel.org Subject: Re: [TuxOnIce-devel] RFC: Suspend-to-ram cold boot protection by encrypting page cache Jens Gustedt <Jens.Gustedt@...ia.fr> writes: > Hello Jeremy, >> Of course, hibernating to encrypted swap protects against this risk, but >> having to resort to this effectively limits the usefulness of >> suspend-to-ram. [snip] > If you also want to do hibernation, the setup is a bit more complex, > but very much doable for an average linux user nowadays, AFAIKS > support exists in the major distributions. This works equally well > with both hibernation implementations. I use this since several years > now and I am much satisfied with the setup. The goal is to have a state in which sensitive data cannot be compromised even if the machine is stolen. I am assuming that all of the data on the hard drive is sensitive and that it is encrypted using e.g. dm-crypt. Powering off the machine or hibernating to encrypted swap indeed leaves the machine in such a state. However, resuming from hibernation may take longer than desired. Thus the goal of having some other state from which it is faster to resume but the machine is still safe. Entering S3 normally (which is actually basically equivalent to simply leaving the machine on and doing nothing from a security perspective) most certainly does not leave the machine in a safe state, since sensitive data may still be in RAM, and it may be possible to read this data using a cold boot attack.[1] The idea I am proposing is to do something similar to what is done when hibernating to encrypted swap: sensitive data in memory is encrypted in place rather than encrypted as it is written to disk, which would presumably be much faster than hibernating. [1] http://en.wikipedia.org/wiki/Cold_boot_attack -- Jeremy Maitin-Shepard -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists