On Fri, 22 Feb 2008, Peter Hessler wrote: > its not an attack specifically on file encryption, but on the contents > of your memory. Its a hardware attack, not a software attack. > > In OpenBSD, memory locations of passwords and other such keys are zeroed > when they are no longer needed.
But other cryptographic memory -- contents of shift registers, AES tables, and so forth are of necessity not zeroed. If you have some cipher running, and you can recover all its internal state, you don't need the key material to keep it running. I submit without looking at the source that whatever crypto is involved in encrypting/ decrypting a virtual disk is vulnerable to this attack. So is the highly recommended encrypted swap space. > Of course, physical security is always a good idea. For a long time, > we've had the assumption of "someone with physical access to the machine > can do anything with it". But this is the threat model that FDE, whether software or hardware, purports to address. I think the assumption is defeatist and has stifled development. > On 2008 Feb 22 (Fri) at 08:23:51 -0800 (-0800), Danny G wrote: > :Hi. > : > :I was wondering if OpenBSD has a file encryption capability and if so, Yes, see man openssl Disk encryption is more challenging. > :is it venerable to the attack described here: No, it is not shown any respect by this attack, and yes it's vulnerable to it. ;-) > : > :http://citp.princeton.edu/memory/ > : > :Thanks > : > :Danny > : Dave -- The president of the United States is the commander-in-chief of the armed forces. He is not the commander-in-chief of the government, nor is he the commander-in-chief of the country. _______________________________________________ Openbsd-newbies mailing list [email protected] http://mailman.theapt.org/listinfo/openbsd-newbies
