rm | Cleaning up recycle bin
Kurt Buff - GSEC, GCIH
kurt.buff at gmail.com
Mon Feb 24 16:56:33 UTC 2020
On Mon, Feb 24, 2020 at 9:07 AM Jerry <jerry at seibercom.net> wrote:
>
> On Mon, 24 Feb 2020 09:38:46 -0600, Valeri Galtsev stated:
> >It depends on what kind of attack you are trying to defend from. If it
> >is theft of your hard drive from your cold powered off machine, then
> >this will help (not 100% solve it, just brute force drive decryption
> >attack is too expensive or slow). If, however, it is physical machine
> >security that you are trying to solve, encrypting drive not
> >necessarily will help. The following is the speculation about how the
> >attack can be performed. Bad guy has physical access to your machine
> >when it is up and running. He opens the case, splashes liquid nitrogen
> >onto your RAM, pulls RAM modules, plugs them into his device. Low
> >temperature ensures the content of RAM is not lost while physically
> >swapping it over to bad guy's device, and that device ensures the
> >content of RAM is not lost (pretty much the same way as dynamic RAM is
> >used always). And the guy takes the hard drive. Encryption/decryption
> >happens on the fly on running machine (otherwise yanking the power
> >will allow on to have decrypted drive), and therefore the
> >encryption/decryption key(s) must me somewhere in the RAM when machine
> >runs. And the bad guy has it all now: the whole content of the RAM
> >(with the keys), and [encrypted] hard drive. He has your information.
>
> Can you document an actual event when this scenario occurred?
>
> --
> Jerry
Citations here:
https://en.wikipedia.org/wiki/Cold_boot_attack
Kurt
More information about the freebsd-questions
mailing list