[Noisebridge-discuss] Cold Boot Attacks on Disk Encryption
Jacob Appelbaum
jacob at appelbaum.net
Tue Mar 4 18:18:16 UTC 2008
Kristian Erik Hermansen wrote:
> On Tue, Mar 4, 2008 at 9:46 AM, Jacob Appelbaum <jacob at appelbaum.net> wrote:
>> Yeah, we noticed the release of the software. It's funny, the usb
>> scraper with syslinux is probably the easiest of all. His memory
>> footprint for that looks kinda large.
>
> Yeah, and it'll whack a bunch of useful memory in the process. I'm
> thinking best bet would be something like a slim/micro Linux kernel
> with uclibc and busybox. I don't know what you guys used because it
> wasn't shown in the paper. You could take it even further with
> minimization, but this is the easiest slimming first step. Perhaps a
> few new kernel patches could do it with a very slim footprint...
Using the linux kernel is a bad idea. If you're using it to do forensics
on a linux system it becomes clear why this is so...
Give a linux system a reboot into single user mode and cat /dev/mem
after a population of memory. You'll see your string but you probably
won't see a lot of kernel memory from the previous boot...
-jake
More information about the Noisebridge-discuss
mailing list