Unix Fan escreveu: > My understanding of paging isn't as good as the developers, but I do know that memory isn't organized in an entirely sequential fashion.. > > Free memory is organized into "pages", 4096 byte chucks of memory.... > > If my system was shutdown, and someone attempted to recover information from RAM, several obvious obstacles would be: > > 1) Significant portions of the RAM would be corrupt or in an inconsistent state... > 2) Important structures, like the page table could be lost... > > The "key" used by... mount_vnd for instance, wouldn't be in a predictable location.... how would you find it? > > This is a waste of bandwidth... > > > > -Nix Fan. > > I've tested the strings /dev/mem thing on my linux and my truecrypt password was in the line following the command i call to mount it. This isn't one hundred percent sure that always be there, but it was for three times, from "cold" start (i do not know anymore what is cold start :). So i think that a simple program that dumps the whole memory contents, and a simple strings on that, you can try to find things that "make sense" for a password. This attack is feasible for laptops. For desktops i wouldn't be that worried. But i'll sleep well tonight. :)
My 2 cents, -- Giancarlo Razzolini Linux User 172199 Red Hat Certified Engineer no:804006389722501 Moleque Sem Conteudo Numero #002 Slackware Current OpenBSD Stable Ubuntu 7.04 Feisty Fawn Snike Tecnologia em InformC!tica 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]