On 10/5/07, Hans-Werner Hilse <[EMAIL PROTECTED]> wrote: > > So, my eternal question, is it realistic for the "lost" RAM data to be > > recovered? That is, after system shutdown, does the data still > > physically reside on the RAM and can someone with a decent technology > > and know-how recover it? In other words, is this a serious breach in > > any encrypted system? > > No, it isn't. Well, I didn't had the full circuit design of today's > DRAMs in mind, and yes, since there's the resistor, the capacitor will > lose its load (very) soon (/me scratches his head, wasn't there > something asymptotically in that graph? But in any way, it would be a > difference of very few electrons on the sides of the capacitor) -- > that's not a security breach. > > But: We are talking about _powering_ _off_ the DRAM. You are talking > about shutting down. That might be two different things and completely > depend on hardware design. Make shure that RAM's gonna get powered off > and you're save. So pulling the plug should give you a warm good > feeling in that regard. Doing a "sudo halt", however, _might_ have > other consequences and we cannot make a general assumption on that. > Even pulling the plug might have problems: There's such thing as > battery-buffered RAM (although I think they've used it mainly in the > pre-Flash era). > > The thing is: You never can guarantee security, that's absolutely > impossible (well, of course you can, but you would automatically be > wrong). You can do all your best, but that's about it. Having security > is a thing you can falsify, but never verify, since theorys can't be > verified without dogmas (and there are no accepted dogmas that would > help here).
Thank you for your answer, Hans. This is more or less the information that I was looking for. So, on a laptop, after "halt"-ing the system, one should make sure to remove the battery and also pull the plug from the outlet. As far as I understand, this should more or less take care of the data stored in the RAM, _or_ give you the feeling that you did your best. If one enjoys being paranoid, one may also run "smem" on system shutdown. All this, of course, needs to be in combination with _at least_ an encrypted swap and tmpfs mounted on /tmp. One last reserve that I have towards this scheme is the information in the man page of smem (part of the secure-delete package, suite of utilities written by van Hauser from THC [ http://freeworld.thc.org/releases.php ]): "smem is designed to delete data which may lie still in your memory (RAM) in a secure manner which can not be recovered by thiefs, law enforcement or other threats. Note that with the new SDRAMs, data will not wither away but will be kept static - it is easy to extract the necessary information! The wipe algorythm is based on the paper "Secure Deletion of Data from Magnetic and Solid-State Memory" presented at the 6th Usenix Security Symposium by Peter Gutmann, one of the leading civilian cryptographers." This is either a very efficient advertising campaign for his utility, or he actually knows what he is talking about. For one part, the paper [ http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html ] dedicates two chapters to the data kept in the RAM. However, considering that the paper is dated 1996, and the secure-delete man page was last updated in 2003, there is also the possibility that this information is outdated. Again, thanks all for their input. Regards, Liviu -- [EMAIL PROTECTED] mailing list
