Michael Rogers: > On 21/02/13 18:32, Brian Conley wrote: >> Any idea why the researchers would posit that iOS devices may be >> less susceptible? > > iOS has several classes of encrypted storage. For the > NSFileProtectionComplete class, the class key that protects the > individual file keys is erased from memory 10 seconds after the device > is locked. So I guess files encrypted with that class would be > unrecoverable via a cold boot attack if the device had been locked for > 10 seconds. >
Any idea what they mean by erase? Just dereferenced or zeroed or filled with random bytes? I mean, from actual code rather than claims? Some disassembly would be useful here, I wonder if anyone has looked into it? > http://images.apple.com/ipad/business/docs/iOS_Security_May12.pdf > > Android uses a single key to protect all encrypted storage (excluding > apps that use their own encryption, eg SQLCipher), so that key must be > kept in memory whenever the device is running. > > > http://source.android.com/tech/encryption/android_crypto_implementation.html > It seems like one of the few times the use of something like TRESOR would improve: http://www1.informatik.uni-erlangen.de/tresor All the best, Jake -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech