[dm-crypt] Quick dm-crypt questions

Arno Wagner arno at wagner.name
Tue Oct 28 12:13:51 CET 2014


On Tue, Oct 28, 2014 at 10:15:22 CET, Cpp wrote:
> Hey,
> 
> I've got two questions abour dm-crypt/LUKS.
> 
> - Does dm-crypt/LUKS employ any RAM anti-forensics? 

No. And not really needed anyways. This is for 
disk encryption, not for building a HSM (Hardware 
Security Module). Keys get wiped unmapping though.

> In particular,
> what is the danger of a master key being "burnt-in" into the RAM, if a
> certain container is mounted for an extended period of time (a few
> years)? Is the master key being periodically moved around in RAM (this
> acts like a screen-saver or rather a RAM-saver) or does it reside at a
> static location after the container is mounted?

That is potentially a concern with SRAM. DRAM may or may not be 
subject to similar effects, but they are not as easy to detect or 
use. Basically, you will have to lower refresh-rates until bits
fail and carefully monitor which ones will fail. Even that may 
not be conclusive at all, as cells are different. The
thing with SRAM is that both transistors in the flip-flop
are very similar, as they are very close together. An SRAM cell
may tend to come up in the state it has held for a long time.
A DRAM cell will always come up the same way, regardless of
what value it held, namely with capacitor empty.

AFAIK, the it is not even clear whether this still is an
issue in modern SRAMs. The only references I found on googeling
are describing this effect in the presence of a lot of
ionizing radiation for SRAM and I did not find a single
source for a similar effect for DRAM.

Here is a current reference on that, the literature may give
you more info:
https://repositories.tdl.org/ttu-ir/bitstream/handle/2346/58641/NAIR-DISSERTATION-2013.pdf

Note that the radiation doses this work looks at start at
100R and go up to 100kR. About 200R are reliably deadly for 
humans.

There are also devices like the DS3640 that claim to prevent this,
but it would not be the first time that a manufacturer advertises
"preventing" things that are not there in the first place:
http://www.maximintegrated.com/en/products/power/supervisors-voltage-monitors-sequencers/DS3640.html

BTW, you do _not_ move the key around to fight this. That
would not help. You complement all bits regularly instead.

> - Is it possible to separate the LUKS header from the encrypted data?
> Normally when a partition is luksFormat-ted it will generate a LUKS
> header on that partition at the very beginning of space. But I was
> wondering, if it's possible to have only the encrypted data on the
> partition, and move the LUKS header somewhere else i.e. a file on a
> USB stick?

See man-page and FAQ items 5.19 and 6.2. In the case of FLASH 
disks, it is actually a good idea to do so.

Arno
-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier


More information about the dm-crypt mailing list