[dm-crypt] Retrieve the Passphrase from RAM Memory

Roscoe eocsor at gmail.com
Tue Sep 27 13:13:54 CEST 2011


On Tue, Sep 27, 2011 at 8:17 PM, Arno Wagner <arno at wagner.name> wrote:
...
> No. The passphrase is not stored and the PBKDF2 iterations
> prevent reconstructing it.
...

Looking into the PBKDF2 function would also be valuable, I notice the
buffer for T_i is allocated off the stack and doesn't look to be
explicitly wiped. Presumably some but hopefully all of it gets
overwritten as the program runs :)
(I notice the gnupg devs use a burn_stack() function that attempts to
explicitly achieve this).

So much fun to be investigated!


More information about the dm-crypt mailing list