Groups | Search | Server Info | Keyboard shortcuts | Login | Register
Groups > comp.os.linux.security > #82
| From | William Colls <william.colls@rogers.com> |
|---|---|
| Newsgroups | comp.os.linux.security |
| Subject | Re: Securely erase files cached in memory (dm_crypt) |
| Date | 2012-01-09 22:47 -0500 |
| Organization | National Capital Freenet, Ottawa, Ontario, Canada |
| Message-ID | <jegcd5$lo8$1@theodyn.ncf.ca> (permalink) |
| References | <ecdb71e0-2505-40b3-ae21-b8e953645ecb@cf6g2000vbb.googlegroups.com> <87pqetb0lo.fsf@araminta.anjou.terraraq.org.uk> <5f89838b-00b3-4aaa-b826-c437dfc3bba6@p42g2000vbt.googlegroups.com> |
On 01/09/2012 10:04 PM, bmearns wrote: > On Jan 9, 6:02 am, Richard Kettlewell<r...@greenend.org.uk> wrote: >> bmearns<mearn...@gmail.com> writes: >>> I'm setting up a dm_crypt/LUKS volume and I want to make sure that >>> when the volume is suspended/closed, all the decrypted data is >>> securely removed from memory. >> >>> If I understand dm_crypt correctly, all data on the harddisk is >>> encrypted, but pages will be decrypted into RAM on demand. The manpage >>> for cryptsetup specifies that luksSuspend wipes the encryption key >>> from the kernel, but doesn't say anything about data that's already >>> been decrypted. Is this all taken care of by dm_crypt, or do I need to >>> be proactive about removing it, and if so, how? >> >> I can't see anything in the kernel or the tools that would erase cached >> decrypted data, but I may not be looking in the right places. >> >>> Also, do I need to worry about decrypte blocks being put in swap >>> space? >> >> I think you're OK on this one; AFAIK the buffer cache is not swapped. >> (It's hard to see what the point of doing so would be.) >> >> --http://www.greenend.org.uk/rjk/ > > Thanks, Richard. I guess it makes sense that the data would not be > swapped: as far as the kernel knows, any file data it's cached is > already on disk, it would be pointless to put it on another disk by > swapping. > > So now I just have to worry about anything cached in RAM, which is a > bummer, because the whole point of this is to purge all the data > without having to power cycle. > > -Brian I'm no expert in this, but it would seem to me, that once the program is suspended, and the key removed, the program would also de-allocate any memory it is holding, and on any kind of reasonably busy machine, that memory is going to be fairly quickly re-allocted to something else and over written. But I'm really just guessing.
Back to comp.os.linux.security | Previous | Next — Previous in thread | Next in thread | Find similar
Securely erase files cached in memory (dm_crypt) bmearns <mearns.b@gmail.com> - 2012-01-08 08:53 -0800
Re: Securely erase files cached in memory (dm_crypt) Richard Kettlewell <rjk@greenend.org.uk> - 2012-01-09 11:02 +0000
Re: Securely erase files cached in memory (dm_crypt) bmearns <mearns.b@gmail.com> - 2012-01-09 19:04 -0800
Re: Securely erase files cached in memory (dm_crypt) William Colls <william.colls@rogers.com> - 2012-01-09 22:47 -0500
Re: Securely erase files cached in memory (dm_crypt) bmearns <mearns.b@gmail.com> - 2012-01-11 13:51 -0800
Re: Securely erase files cached in memory (dm_crypt) Richard Kettlewell <rjk@greenend.org.uk> - 2012-01-11 22:09 +0000
Re: Securely erase files cached in memory (dm_crypt) bmearns <mearns.b@gmail.com> - 2012-01-11 14:23 -0800
Re: Securely erase files cached in memory (dm_crypt) unruh <unruh@invalid.ca> - 2012-01-12 01:54 +0000
Re: Securely erase files cached in memory (dm_crypt) bmearns <mearns.b@gmail.com> - 2012-01-13 10:21 -0800
Re: Securely erase files cached in memory (dm_crypt) Jim Beard <jdbeard@patriot.net> - 2012-06-14 08:51 -0400
Re: Securely erase files cached in memory (dm_crypt) Robert Nichols <SEE_SIGNATURE@localhost.localdomain.invalid> - 2012-01-12 10:35 -0600
Re: Securely erase files cached in memory (dm_crypt) Alexander Schreiber <als@usenet.thangorodrim.de> - 2012-01-15 23:20 +0100
Re: Securely erase files cached in memory (dm_crypt) Aragorn <stryder@telenet.be.invalid> - 2012-01-16 00:16 +0100
csiph-web