[dm-crypt] keys from RAM dumps, hibernation files

Lars Winterfeld lars.winterfeld at tu-ilmenau.de
Thu Nov 13 15:21:26 CET 2014


today, the German news site heise leaked a list of password hacking
software, that the German police buys and is particular happy with. One
of those tools is the "Elcomsoft Forensic Disk Decryptor" promising
access to BitLocker, PGP and TrueCrypt volumes:

What they say about their method is only that it "acquires protection
keys from RAM dumps, hibernation files". Now I wonder, how does this
attack work exactly and how vulnerable is cryptsetup against it in a
linux environment?

Suppose THEY have the device in their hands.

I guess the attack is easiest when I suspended to disk, because all
information needed for decryption (of the mounted crypt volumes) is
stored in plain on the disk?

When I suspend to RAM and they wake the device up again, they need to
hack the login screen? (It was screwed up in Ubuntu in the last version,
but that is not an issue here.) Nevertheless, they might press
Ctrl+Alt+Entf to reboot, insert a CD or flash drive, boot from that,
while the RAM was still powered all the time and read the necessary
information (...?) from the RAM?

What about later, when the volume is luksClosed? Are there left-overs of
previous suspend files (e.g. on swap), that can be used for an attack?

I guess there is a conceptional problem: if the device comes back from
sleep without having to re-type the password, something allowing access
to the encrypted volume needs to be stored in plain? Would it increase
the security if everyone is required to re-type the password (or provide
the key-file again etc.)?

Best wishes,

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20141113/e8b0ed1b/attachment.asc>

More information about the dm-crypt mailing list