[dm-crypt] keys in memory?
arie.kachler at nytimes.com
Fri Jan 14 16:25:10 CET 2011
Thank you for taking the time to clear this up Milan.
Your responses were very helpful.
On Jan 14, 2011, at 3:53 AM, Milan Broz wrote:
> On 01/14/2011 12:56 AM, Arno Wagner wrote:
>>> When a system has been configured and it's using encrypted LUKS
>>> partition(s), are they keys visible in memory?
>> Not necessarily directly, but the cipher key-setup is.
> just small addition to this:
> To be exact for active dm-crypt device:
> - there is plain copy of master key string in the internal struct
> (dmsetup table --showkeys prints that)
> - there is key inside crypto engine, it is usually
> pre-processed key (in AES case it is the whole key schedule
> tables, and this is easily detectable, even if it is partially
> corrupted, see AES keyfinder which uses this trick
> here http://citp.princeton.edu/memory/code/ )
> - because now (2.6.38) we have per-cpu crypto engine, key schedule
> will be probably in all local cpu caches during ongoing encryption.
> - there can be other important info which can help to key recovery,
> like initialised ESSIV tfm etc
> (These locations should be wiped after key wipe message which
> luksSuspend uses btw.)
> All tries to lock this in processor cache, obfuscate it
> in memory etc will not help - it can just make the problem slightly
> harder. (if there is not generic hw helping with that, though)
>> On Linux, the memory image is accessible under /proc/kcore.
> Not in all distributions have this enabled, IIRC RHEL5 has there
> only ELF header, not the whole memory image available.
> But if you are superuser, you can get memory image using simple kernel
> module. Suspended VM stores it in file.
> For the hypervisor is is even simpler.
> dm-crypt mailing list
> dm-crypt at saout.de
More information about the dm-crypt