You might want to take a look at eNova (http://www.enovatech.net/)
who are pointing at interesting hardware using their crypto
technology.
=
the idea of closed-source hardware-based crypto disk drive may
appeal to some, but i've seen too many similar things fail through
Martin Laabs wrote:
Preventing the physical access to the memory modules
could be done with a light sensor or a simple switch
at the computer case.
Easily to circumvent, too.
If you implement also a temperature-
sensor near the memory-modules you could prevent cooling
them down
Achim Patzner wrote:
Am 25.02.2008 um 23:48 schrieb Uwe Doering:
Since it hasn't been mentioned so far: There are hard disk drives that
do encryption on the firmware level, so you don't have to store keys
on the OS level.
I wouldn't go that far as there isn't (better: I didn't find)
enough
Am 25.02.2008 um 23:48 schrieb Uwe Doering:
Since it hasn't been mentioned so far: There are hard disk drives
that do encryption on the firmware level, so you don't have to store
keys on the OS level.
I wouldn't go that far as there isn't (better: I didn't find)
enough documentation on
Am 26.02.2008 um 12:45 schrieb Uwe Doering:
You might want to take a look at eNova (http://www.enovatech.net/)
who are pointing at interesting hardware using their crypto
technology.
Interesting approach as well. Thanks for the pointer. However,
given that notebooks are the most
On Sat, Feb 23, 2008 at 02:08:54PM +1300, Atom Smasher wrote:
article below. does anyone know how this affects eli/geli?
from the geli man page: detach - Detach the given providers, which means
remove the devfs entry and clear the keys from memory. does that mean
that geli properly wipes
Hi,
Maybe someone could implement a memory section
that is overwritten by the bios after reboot.
Then all the sensitive keys could be stored there.
This would prevent an attack that just boots from
another media and dump the whole memory out of i.e.
an USB-stick.
Preventing the physical access
Quoting Eygene Ryabinkin [EMAIL PROTECTED]:
*) New function OPENSSL_cleanse(), which is used to cleanse a section of
memory from it's contents. This is done with a counter that will
place alternating values in each byte. This can be used to solve
two issues: 1) the removal of calls
Gregory, good day.
Tue, Feb 26, 2008 at 07:42:17PM +0100, [EMAIL PROTECTED] wrote:
Quoting Eygene Ryabinkin [EMAIL PROTECTED]:
*) New function OPENSSL_cleanse(), which is used to cleanse a section of
memory from it's contents. This is done with a counter that will
place
On Tue, 26 Feb 2008 22:49:37 +0300
Eygene Ryabinkin [EMAIL PROTECTED] wrote:
Yes, Geoff just responded to my private question: it was Peter
Gutmann, who pointed him to the thing you're talking about. There
is a paper by Peter,
On Tue, 26 Feb 2008, Achim Patzner wrote:
You might want to take a look at eNova (http://www.enovatech.net/) who
are pointing at interesting hardware using their crypto technology.
=
the idea of closed-source hardware-based crypto disk drive may appeal to
some, but i've seen
On 24/02/2008, Bill Moran [EMAIL PROTECTED] wrote:
Igor Mozolevsky [EMAIL PROTECTED] wrote:
[snip]
IMO the possibility of such attack is so remote that it doesn't really
warrant any special attention, it's just something that should be kept
in mind when writing secure crypto stuff...
In response to Igor Mozolevsky [EMAIL PROTECTED]:
On 24/02/2008, Bill Moran [EMAIL PROTECTED] wrote:
Igor Mozolevsky [EMAIL PROTECTED] wrote:
[snip]
Fact is, data is sensitive to different degrees. It's also valuable
to different degrees.
If you're worried about your personal
On 25/02/2008, Bill Moran [EMAIL PROTECTED] wrote:
In response to Igor Mozolevsky [EMAIL PROTECTED]:
Crypto is merely a way of obfuscating data, and we all know the truth
about security by obscurity, right?
I don't think you correctly understand the concept of security through
On Mon, Feb 25, 2008 at 03:33:30PM +, Igor Mozolevsky wrote:
[text]
Guys, can you take this to chat@ please...
--
Rink P.W. Springer- http://rink.nu
Anyway boys, this is America. Just because you get more votes doesn't
mean you win. - Fox Mulder
Achim Patzner wrote:
article below. does anyone know how this affects eli/geli?
There's fairly little any disk crypto system can do to thoroughly defend
against this.
Hm. Strange. Serious hardware is very well suited to do that (usually
by adding well defended crypto hardware). Keys don't
On 24/02/2008, Bill Moran [EMAIL PROTECTED] wrote:
Igor Mozolevsky [EMAIL PROTECTED] wrote:
On 23/02/2008, Brooks Davis [EMAIL PROTECTED] wrote:
You should actually read the paper. :) They successfully defeat both
of these type of protections by using canned air to chill the
Igor Mozolevsky [EMAIL PROTECTED] wrote:
On 23/02/2008, Brooks Davis [EMAIL PROTECTED] wrote:
You should actually read the paper. :) They successfully defeat both
of these type of protections by using canned air to chill the ram and
transplanting it into another machine.
Easy to
On Sun, 24 Feb 2008, Bill Moran wrote:
Or laptop vendors could make secure laptops that always lose memory
on shutdown.
That dosn't really change anything, just don't shutdown the laptop.
Cut an opening in the case and attach a probe to monitor memory access and
wait for the key being
Igor Mozolevsky [EMAIL PROTECTED] wrote:
On 24/02/2008, Bill Moran [EMAIL PROTECTED] wrote:
Igor Mozolevsky [EMAIL PROTECTED] wrote:
On 23/02/2008, Brooks Davis [EMAIL PROTECTED] wrote:
You should actually read the paper. :) They successfully defeat both
of these
Christopher Arnold [EMAIL PROTECTED] wrote:
On Sun, 24 Feb 2008, Bill Moran wrote:
Or laptop vendors could make secure laptops that always lose memory
on shutdown.
That dosn't really change anything, just don't shutdown the laptop.
It reduces the risk greatly when combined with
Good day.
I am posting the follow-up to the -hackers and CC'ing to the
-security, because some more-or-less nasty points were found.
Sat, Feb 23, 2008 at 10:32:02PM +0300, Eygene Ryabinkin wrote:
But there is another concern with bzero(): it is well-known function.
Especially for compilers.
Copyfighter,
and ATT Whistleblower Win Pioneer Awards
* Research Team Finds Security Flaw in Popular Disk Encryption
Technologies
Laptops in Sleep or Hibernation Mode Most Vulnerable to Attack
San Francisco - A team including the Electronic Frontier Foundation,
Princeton University
Atom Smasher wrote:
article below. does anyone know how this affects eli/geli?
from the geli man page: detach - Detach the given providers, which
means remove the devfs entry and clear the keys from memory. does that
mean that geli properly wipes keys from RAM when a laptop is turned off?
On Sat, Feb 23, 2008 at 07:40:53PM +0100, Pieter de Boer wrote:
Atom Smasher wrote:
article below. does anyone know how this affects eli/geli?
from the geli man page: detach - Detach the given providers, which means
remove the devfs entry and clear the keys from memory. does that mean
that
Jeremy Chadwick wrote:
It's interesting that you classified this as a feature (in quotes),
because there's nothing modern about said feature. This issue has
existed since the beginning of RAM chip engineering; I can even confirm
this feature exists on old video game consoles such as the
Pieter de Boer wrote:
Atom Smasher wrote:
article below. does anyone know how this affects eli/geli?
from the geli man page: detach - Detach the given providers, which
means remove the devfs entry and clear the keys from memory. does
that mean that geli properly wipes keys from RAM when a
--- Pieter de Boer [EMAIL PROTECTED] wrote:
Jeremy Chadwick wrote:
It's interesting that you classified this as a feature (in quotes),
because there's nothing modern about said feature. This issue has
existed since the beginning of RAM chip engineering; I can even confirm
this
On Sat, Feb 23, 2008 at 10:32:02PM +0300, Eygene Ryabinkin wrote:
Sat, Feb 23, 2008 at 10:56:20AM -0800, Jeremy Chadwick wrote:
A possible counter-measure would be to add wiping features to the RAM
modules themselves. When power is lost, the memory could wipe itself.
Still
not
On Sat, Feb 23, 2008 at 11:24:22AM -0800, Tim Clewlow wrote:
--- Pieter de Boer [EMAIL PROTECTED] wrote:
Jeremy Chadwick wrote:
It's interesting that you classified this as a feature (in quotes),
because there's nothing modern about said feature. This issue has
existed since
On 23/02/2008, Brooks Davis [EMAIL PROTECTED] wrote:
You should actually read the paper. :) They successfully defeat both
of these type of protections by using canned air to chill the ram and
transplanting it into another machine.
Easy to get around this attack - store the key on a usb
On Sat, Feb 23, 2008 at 02:08:31PM +1300, Atom Smasher wrote:
article below. does anyone know how this affects eli/geli?
There's fairly little any disk crypto system can do to thoroughly defend
against this. The best workaround currently is to turn off your machine
when not in use. This has
Am 23.02.2008 um 22:28 schrieb Igor Mozolevsky:
Or you could carry something that emits a huge EMI pulse to destroy
the data on the disk...
It would be easier to buy a MacBook Air...
Achim
On 2008-02-23 02:08, Atom Smasher wrote:
article below. does anyone know how this affects eli/geli?
from the geli man page: detach - Detach the given providers, which means
remove the devfs entry and clear the keys from memory. does that mean
that geli properly wipes keys from RAM when a
article below. does anyone know how this affects eli/geli?
There's fairly little any disk crypto system can do to thoroughly
defend
against this.
Hm. Strange. Serious hardware is very well suited to do that (usually
by adding well defended crypto hardware). Keys don't have to be stored
in
--- Dimitry Andric [EMAIL PROTECTED] wrote:
On 2008-02-23 02:08, Atom Smasher wrote:
article below. does anyone know how this affects eli/geli?
from the geli man page: detach - Detach the given providers, which means
remove the devfs entry and clear the keys from memory. does that
36 matches
Mail list logo
