Re: Encrypted Swap

Ted Unangst (tedu@stanford.edu)
Sat, 18 Aug 2001 07:53:52 -0700 (PDT)


On Sat, 18 Aug 2001, Eric W. Biederman wrote:

> So the attacker has two way to attack your machine. Attempt to break
> in while it is still running. Put in a minimal boot cd and press
> reset and see how much is recovered. Generally breaking should prove
> the more fruitful course, but the fact that reset preseves all of the
> memory, means it simply is not safe for someone to have physical
> access to your machine while the power is on.

if the machine is on, and you can get close to it, it's probably easier
just to use tempest radiation. it will also work at a distance, so it's
more likely to be a threat than grabbing RAM chips. a few points:

1. not everyone is going to bring their James Bond RAM Reader (tm) into
your building to extract data. a hardcore data thief, maybe, but it's not
common equipment. everyone will have access to an IDE or SCSI disk
reader.

2. RAM has a short window of oppurtunity. whatever it turns out to be,
RAM degrades faster than disk. it's not going to last while you drive it
home, unless you have a RAM refresher plugged in the cigarette lighter.

3. encrypted swap is meant for a different threat model. you assume that
the attacker might have access to the box at night or over a weekend,
while you're away. RAM will be off. if you think someone might be trying
to steal your RAM, you need better physical security.

--
"I am a great mayor; I am an upstanding Christian man; I am an
intelligent man; I am a deeply educated man; I am a humble man."
      - M. Barry, Mayor of Washington, DC

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/