The paper you mentioned has some info on possible countermeasures. The best (IMO) is physically securing your RAM. This seems to fit in best with OpenBSD's philosophy, which has never been to put much time into thwarting attacks that require physical access to the box -- if you have that, there are MANY avenues of attack, most of which don't benefit much from immersing components in liquid N_2.
Marti On Thu, Feb 21, 2008 at 3:55 PM, <[EMAIL PROTECTED]> wrote: > Little blog: > http://citp.princeton.edu/memory/ > > Paper: > http://citp.princeton.edu.nyud.net/pub/coldboot.pdf > > Well some months ago I asked (not here.. more directly) if it would be > possible to may overwrite memory serval times in case the Box has nothing > to do. Back then there was like no interest because it was no risk not to > do it. > > It's no bashing thread. I just wanna bring this to the broad attention > that simply turning OFF the PC wont magicaly kill all your PWs wich lay > around in the RAM. :-) > > My suggestion is to overwrite memory like 3 times if a programm free's the > memory or if a reboot is commanded via the shell. Of course this harms > "old" boxes but it's still btter then loosing your SSH-Key or whatever > resists in your ram. > > Furthermore OpenBSD may could overwrite periodicaly unused ram to ensure > such data gets removed. > > The only place where this may could happen is in the Kernel. > Also a modified lib* may help (f.e. modified free()?)? > > I'm no developer but I would be happy to read about solutions, concepts or > ideas even none gets implemented. :-) > > Kind regards, > Sebastian > > -- Systems Programmer, Principal Electrical & Computer Engineering The University of Arizona [EMAIL PROTECTED]
