Security Flaw in Popular Disk Encryption Technologies

Dimitry Andric dimitry at
Sat Feb 23 23:34:54 UTC 2008

On 2008-02-23 02:08, Atom Smasher wrote:
> article below. does anyone know how this affects eli/geli?
> from the geli man page: "detach - Detach the given providers, which means 
> remove the devfs entry and clear the keys from memory." does that mean 
> that geli properly wipes keys from RAM when a laptop is turned off?

This is a physical attack, and there's nothing you can do in software to
prevent it.  Of course geli or other software can attempt to erase the
keys from RAM as soon as it's done using them, but it won't prevent
hijacking them beforehand.

It's the same with all physical attacks: hardware sniffers, keyloggers,
TEMPEST, etc.  You need physical (hardware) protection to secure
against these, not software.

More information about the freebsd-hackers mailing list