Liviu Andronic writes: > So, my eternal question, is it realistic for the "lost" RAM data to be > recovered? That is, after system shutdown, does the data still > physically reside on the RAM and can someone with a decent technology > and know-how recover it? In other words, is this a serious breach in > any encrypted system?
I am pressy sure there was a posting here aw hile ago by someone who did not lioke LUKS encryption, and he argued with a link to a speech at the CCC camp, a hacker convention. But I cannot find it any more. I found a blog entry about it, but it is in German only [1]. In short, it states that even after a reset RAM is quite intact, because it is not being initialized at system start any more in these days. And, according to the speaker, most of the RAM may even survives for as long as 30 seconds after powering off! At least on a ThinkPad T30 notebook (stated in the presentation, the second attached file in [2]). Quite surprising to me. Another thing is Firewire, or hot-pluggable PCI cards (and everything else which accesses RAM via DMA). This allows to read the RAM of the running system by simply plugging in a firewire device. So, resetting the system and booting another one, or plugging in a firewire device, allows to get a memory dump. Scary, huh? [1] http://stefan.ploing.de/2007-08-10-ccc-camp-2-tag [2] https://events.ccc.de/camp/2007/Fahrplan/events/2002.en.html Alex -- [EMAIL PROTECTED] mailing list
