Hello otr-dev, I've been doing some minor research into cold boot attacks. I found OTR quite susceptible to this type of attack. I propose that the code is updated to zero-out or garble the allocated memory used for storing the IM conversations prior to freeing it back to the OS. This would mimic TrueCrypt's strategy to mitigating success of such an attack.
See TrueCrypt's acknowledgement here: http://www.truecrypt.org/docs/?s=unencrypted-data-in-ram > "Keep in mind that most programs do not clear the memory area (buffers) in > which they store unencrypted (portions of) files [...] This means that after > you exit such a program, unencrypted data it worked with may remain in memory > (RAM) until the computer is turned off (and, according to some researchers, > even for some time after the power is turned off*)." > "When a non-system TrueCrypt volume is dismounted, TrueCrypt erases its > master keys (stored in RAM)." _______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
