rm | Cleaning up recycle bin
Jerry
jerry at seibercom.net
Mon Feb 24 16:06:27 UTC 2020
On Mon, 24 Feb 2020 09:38:46 -0600, Valeri Galtsev stated:
>It depends on what kind of attack you are trying to defend from. If it
>is theft of your hard drive from your cold powered off machine, then
>this will help (not 100% solve it, just brute force drive decryption
>attack is too expensive or slow). If, however, it is physical machine
>security that you are trying to solve, encrypting drive not
>necessarily will help. The following is the speculation about how the
>attack can be performed. Bad guy has physical access to your machine
>when it is up and running. He opens the case, splashes liquid nitrogen
>onto your RAM, pulls RAM modules, plugs them into his device. Low
>temperature ensures the content of RAM is not lost while physically
>swapping it over to bad guy's device, and that device ensures the
>content of RAM is not lost (pretty much the same way as dynamic RAM is
>used always). And the guy takes the hard drive. Encryption/decryption
>happens on the fly on running machine (otherwise yanking the power
>will allow on to have decrypted drive), and therefore the
>encryption/decryption key(s) must me somewhere in the RAM when machine
>runs. And the bad guy has it all now: the whole content of the RAM
>(with the keys), and [encrypted] hard drive. He has your information.
Can you document an actual event when this scenario occurred?
--
Jerry
More information about the freebsd-questions
mailing list