[dm-crypt] Retrieve the Passphrase from RAM Memory
eocsor at gmail.com
Tue Sep 27 12:47:03 CEST 2011
What's your C like? :)
It used to be that cryptsetup would do a lot of `memset(p, 0, n);
free(p)', I always wondered if that memset could optimized away but
never bothered to look.
Are you wanting to retrieve the passphrase or the key? The former is
only required on the system for a short period while luksOpen (amongst
others) is running. That should hopefully not be recoverable
afterwards - though potential bugs like the above mean it may be.
The key is much different as it is always there as long as the mapping
(# dmsetup table --showkeys |grep crypt) exists.
If you pulled the power, I expect the key would still be in RAM. I'd
like to think after a clean shutdown it wouldn't be. Keep in mind that
while the key is most obvious thing to look for, other structures used
by the respective algorithm may be just as useful (I'd start by
looking at the key schedules for which ever ciphers you're interested
On Tue, Sep 27, 2011 at 12:34 PM, Eduardo Schultze
<duduschultze at gmail.com> wrote:
> I'm a Security Information student at Unisinos College, Brazil. As a paper
> during this semester it was me and my colleagues choice to write a paper
> about LUKS on Ubuntu 10.4.
> My question is - Is it possible to retrieve the passphrase from RAM memory
> after a successful authentication and shutdown? Is this case we would turn
> the system on, authenticate, turn off, and then check if the passphrase
> would still be in the RAM memory even with the turned off computer.
> If not, would it be possible to dump the RAM memory and retrieve the
> passphrase (now with the system turned on)?
> I looked for these answers at the FAQ section but couldn't find it.
> Thanks in advance,
> Eduardo Schultze.
> dm-crypt mailing list
> dm-crypt at saout.de
More information about the dm-crypt