[arch-general] Encrypted ram disk?
Thomas Bächler
thomas at archlinux.org
Wed Oct 28 13:50:58 EDT 2009
Tamir Daniely schrieb:
>> >From a technical prospective, reading ram post system shutdown or crash is
> definitely possible, the data is preserved for several minutes depending on
> the ram technology, and the time the data can be accessed can be increased
> significantly by cooling or freezing the ram itself.
Yes, this is a problem. It is possible to wipe the encryption key from
memory when hibernation has finished or generally before poweroff, but I
have no idea if this is done in Linux.
What poses a bigger problem is suspending: Your RAM stays powered all
the time and contains your encryption key. cryptsetup has (in its latest
release candidate) gained a feature where you can "suspend" a volume by
killing the encryption key and later "resume" it by reentering the
passphrase. I think it should even be possible to combine this with full
system encryption, using a chroot with static cryptsetup and a minimal
static shell, which would reside either in a tmpfs or on an unencrypted
disk.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20091028/8175c045/attachment.bin>
More information about the arch-general
mailing list