Thread: Should Linux wipe memory more often for better security?
View Single Post
  #10 (permalink)  
Old 02-27-2008, 06:15 PM
shimp
Guest
  
Posts: n/a
Default Re: Should Linux wipe memory more often for better security?
phil-news-nospam@ipal.net wrote:
> In comp.os.linux.development.system Bernd Felsche <bernie@innovative.iinet.net.au> wrote:
> | phil-news-nospam@ipal.net wrote:
> |>shimp <example@nobody.com> wrote:
> |
> |>> It has been known from the beginning that DRAM holds its state a
> |>> while after power is removed. Thats how it works. There is a
> |>> circuit that refreshes it every X milliseconds. But it is a big
> |>> big surprise, at least to me, that data can recovered up to 10
> |>> minutes afterwards!!?
> |
> |>> The only real world ramification I can see is that you should
> |>> completely powerdown your laptop 10 mins before going through a
> |>> security checkpoint. Or unmount crypt stuff and do a memory wipe.
> |
> |>So add a RAM wipe right at the end of the halt sequence (in
> |>addition to other security measures like storing keys in unused
> |>corners of video card SRAM).
> |
> | Scrubbing page tables making a good start. Much quicker than the
> | whole RAM - which could span gigabytes for the well-endowed.
>
> How about a special space set aside in RAM that the kernel is aware of,
> which the storing of keys would make use of in lieu of regular RAM.
> That way the key can get wiped first, and any unencrypted data in the
> rest of RAM can be done later.

Being able to mark pages as 'i need to be wiped' by the kernel would be
cool. Then again the only sure thing is to wipe all memory. Developer
make mistakes, software has design flaws. Best to wipe it all.

>
> How easy would it be to have some addressable memory, even if slower,
> implemented via the PCI bus? A plug in PCI card with some genuine SRAM
> that loses data the instant the power is lost could be used. Even better
> would be to have such a card with crypto hardware in it, so the key never
> needs to be read back in to DRAM once stored in the card when the system
> boots up and the key is provided by the human user.


Hmm that gives me an idea. I bet someone right now today could create a
little battery powered piggyback board that sits between your
motherboard and your RAM modules. It could detect powerdown and do the wipe.

Reply With Quote