[Eug-lug] Re: truecrypt 5.0 due out in a few days

[Allen Brown]

> Also somewhat related, there's been a lot of buzz today regarding some
> interesting work retrieving disk encryption keys from DRAM, even after
> the machine has been powered-down and back on again:
>
> 	http://citp.princeton.edu.nyud.net/pub/coldboot.pdf
>
> Turns out DRAMs are a lot more persistent than people may have thought.
> --
> Hal Pomeranz, Founder/CEO      Deer Run Associates      hal at deer-run.com

And SRAMs are more persistent, despite some folks speculations
to the contrary.  (We saw this sort of thing when designing
calculator chips.  That meant we had to have a dedicated circuit
and software to deal with power loss.)

I hope, and expect, Linux to come up with a solution before
Windoze and Mac.  We shall see.

Some folks are saying this will be nearly impossible to fix.  I don't
think so.  We may already have the tools.  Of course, it will require
existing security programs to be modified.  Painful, but far from
impossible.

Can you register a function to be called when the power supply voltage
is dropping?  If so, you can wipe any sensitive variables in your
program.

Another solution would be to add a call to the kernel: Allocate
super volatile memory.  Then when the kernel detects power loss
or shutdown, wipe that area.  Again this requires all security
programs to me modified.

I imagine there are better solutions that these.  They're just what
I came up with.
-- 
Allen Brown
http://brown.armoredpenguin.com/~abrown