Hi, On Thu, 4 Oct 2007 20:33:40 +0200 "Liviu Andronic" <[EMAIL PROTECTED]> wrote:
> On 10/4/07, Alan McKinnon <[EMAIL PROTECTED]> wrote: > > On Thursday 04 October 2007, Hans-Werner Hilse wrote: > > > However, it makes sense to clean up memory after having > > > critical data in it -- e.g. a reboot doesn't necessarily clean up > > > RAM. > > > > Yes, this is very true > > BUT > > On 10/4/07, Alan McKinnon <[EMAIL PROTECTED]> wrote: > > Pray tell, how does RAM manage to retain data when the power is off? > > ...and... > On 10/4/07, Volker Armin Hemmann > <[EMAIL PROTECTED]> wrote: > > In practice, after power is cut, everything in ram is lost. > > So, my eternal question, is it realistic for the "lost" RAM data to be > recovered? That is, after system shutdown, does the data still > physically reside on the RAM and can someone with a decent technology > and know-how recover it? In other words, is this a serious breach in > any encrypted system? No, it isn't. Well, I didn't had the full circuit design of today's DRAMs in mind, and yes, since there's the resistor, the capacitor will lose its load (very) soon (/me scratches his head, wasn't there something asymptotically in that graph? But in any way, it would be a difference of very few electrons on the sides of the capacitor) -- that's not a security breach. But: We are talking about _powering_ _off_ the DRAM. You are talking about shutting down. That might be two different things and completely depend on hardware design. Make shure that RAM's gonna get powered off and you're save. So pulling the plug should give you a warm good feeling in that regard. Doing a "sudo halt", however, _might_ have other consequences and we cannot make a general assumption on that. Even pulling the plug might have problems: There's such thing as battery-buffered RAM (although I think they've used it mainly in the pre-Flash era). The thing is: You never can guarantee security, that's absolutely impossible (well, of course you can, but you would automatically be wrong). You can do all your best, but that's about it. Having security is a thing you can falsify, but never verify, since theorys can't be verified without dogmas (and there are no accepted dogmas that would help here). -hwh -- [EMAIL PROTECTED] mailing list
