[dm-crypt] keys in memory?

Kachler, Arie arie.kachler at nytimes.com
Fri Jan 14 16:25:10 CET 2011


Thank you for taking the time to clear this up Milan.
Your responses were very helpful.

Arie

On Jan 14, 2011, at 3:53 AM, Milan Broz wrote:

> On 01/14/2011 12:56 AM, Arno Wagner wrote:
>>> When a system has been configured and it's using encrypted LUKS
>>> partition(s), are they keys visible in memory? 
>> 
>> Not necessarily directly, but the cipher key-setup is.
> 
> just small addition to this:
> 
> To be exact for active dm-crypt device:
> 
> - there is plain copy of master key string in the internal struct
> (dmsetup table --showkeys prints that)
> 
> - there is key inside crypto engine, it is usually
> pre-processed key (in AES case it is the whole key schedule
> tables, and this is easily detectable, even if it is partially
> corrupted, see AES keyfinder which uses this trick
> here http://citp.princeton.edu/memory/code/ )
> 
> - because now (2.6.38)  we have per-cpu crypto engine, key schedule
> will be probably in all local cpu caches during ongoing encryption.
> 
> - there can be other important info which can help to key recovery,
> like initialised ESSIV tfm etc
> 
> (These locations should be wiped after key wipe message which
> luksSuspend uses btw.)
> 
> All tries to lock this in processor cache, obfuscate it
> in memory etc will not help - it can just make the problem slightly
> harder. (if there is not generic hw helping with that, though)
> 
>> On Linux, the memory image is accessible under /proc/kcore.
> 
> Not in all distributions have this enabled, IIRC RHEL5 has there
> only ELF header, not the whole memory image available.
> But if you are superuser, you can get memory image using simple kernel
> module. Suspended VM stores it in file.
> For the hypervisor is is even simpler.
> 
> Milan
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt



More information about the dm-crypt mailing list