[dm-crypt] Quick dm-crypt questions
arno at wagner.name
Tue Oct 28 12:13:51 CET 2014
On Tue, Oct 28, 2014 at 10:15:22 CET, Cpp wrote:
> I've got two questions abour dm-crypt/LUKS.
> - Does dm-crypt/LUKS employ any RAM anti-forensics?
No. And not really needed anyways. This is for
disk encryption, not for building a HSM (Hardware
Security Module). Keys get wiped unmapping though.
> In particular,
> what is the danger of a master key being "burnt-in" into the RAM, if a
> certain container is mounted for an extended period of time (a few
> years)? Is the master key being periodically moved around in RAM (this
> acts like a screen-saver or rather a RAM-saver) or does it reside at a
> static location after the container is mounted?
That is potentially a concern with SRAM. DRAM may or may not be
subject to similar effects, but they are not as easy to detect or
use. Basically, you will have to lower refresh-rates until bits
fail and carefully monitor which ones will fail. Even that may
not be conclusive at all, as cells are different. The
thing with SRAM is that both transistors in the flip-flop
are very similar, as they are very close together. An SRAM cell
may tend to come up in the state it has held for a long time.
A DRAM cell will always come up the same way, regardless of
what value it held, namely with capacitor empty.
AFAIK, the it is not even clear whether this still is an
issue in modern SRAMs. The only references I found on googeling
are describing this effect in the presence of a lot of
ionizing radiation for SRAM and I did not find a single
source for a similar effect for DRAM.
Here is a current reference on that, the literature may give
you more info:
Note that the radiation doses this work looks at start at
100R and go up to 100kR. About 200R are reliably deadly for
There are also devices like the DS3640 that claim to prevent this,
but it would not be the first time that a manufacturer advertises
"preventing" things that are not there in the first place:
BTW, you do _not_ move the key around to fight this. That
would not help. You complement all bits regularly instead.
> - Is it possible to separate the LUKS header from the encrypted data?
> Normally when a partition is luksFormat-ted it will generate a LUKS
> header on that partition at the very beginning of space. But I was
> wondering, if it's possible to have only the encrypted data on the
> partition, and move the LUKS header somewhere else i.e. a file on a
> USB stick?
See man-page and FAQ items 5.19 and 6.2. In the case of FLASH
disks, it is actually a good idea to do so.
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
A good decision is based on knowledge and not on numbers. -- Plato
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
More information about the dm-crypt