JAXx
aka Stephen
Premium
join:2000-03-31
New York, NY
clubs:
 ·Earthlink Cable Mo..
| memtest86+ and retrieving passwords out of ram
I just read a very interesting thread at BBR (»Disk encryption may not be secure enough) and that references this article (»www.nytimes.com/2008/02/22/techn···L+CjwGwg) and this video (»hackaday.com/2008/02/21/breaking···m-dumps/) that shows how passwords (or anything) can be retrieved out of RAM chips after a computer has been turned off greatly reducing encryption security using programs like truecrypt if you are attacked by pro's.
One potential solution is to overwrite your ram when you power off the computer using a program called memtest86+ (»www.memtest.org/). Does anyone know how to actually make memtest86 do this?
--
JAXx, aka Stephen
~ All my opinions are only my opinions and if anyone else shares them - it's chance ~ |
|
MaxCras
join:2008-09-19
Mount Clemens, MI
·WOW Internet and C..
edit:
October 4th, @03:52PM
| I am not sure how to have memtest "overwrite" the ram, but I would think any of the tests that write random patterns would do the trick.
Also, I am not sure of a way to have memtest run between when you shutdown your OS and the computer powers off, generally memtest is ran off of a cd prior to any OSes starting.
Now, if you reboot your system, and then booted off of the memtest disk, then finally shutdown your system...
However I feel that it would be more hassle that it is worth. |
|
JAXx
aka Stephen
Premium
join:2000-03-31
New York, NY
clubs:
·Earthlink Cable Mo..
| It would be easier to do a memory test (POST) at boot up but in this case the idea is you don't want to leave any passwords in ram after shutting down, so you could shut down, then re-power the computer, do the POST test, and not enter the password and shut it off. Again more work.
--
JAXx, aka Stephen
~ All my opinions are only my opinions and if anyone else shares them - it's chance ~ |
|
deblin
Dark Side of the Moon
Premium,MVM
join:2001-09-01
Middletown, DE
 ·Verizon FIOS
·Comcast Workplace
 ·DSL EXTREME
| reply to JAXx
I wouldn't worry too much about this one.
In order to exploit this and do what you want with the previous contents of the RAM, you'd need physical access to the box to run some other OS than what's currently on there. Otherwise, you're back into the default OS, and one would hope there are already measures in place to prevent a normal user from reading the contents of memory at will.
So if you have physical access to the box, there are much easier ways of doing damage than trying to scour RAM in this manner for a password.
--
He who is not contented with what he has, would not be contented with what he would like to have. -Socrates |
|
dave
Premium,MVM
join:2000-05-04
not in ohio | reply to JAXx
The other solution is to wait a few minutes after powering off your computer. As long as there's no-one hanging around with a flask of liquid nitrogen, you're likely safe. |
|
Vista RTM
join:2006-09-13
ChilliwackBC
|  reply to JAXx
Turning your computer "off" don't actually kill the power to the main board.
Turning your power supply switch off and/or unplugging it from the wall and then holding your front power button for 60 seconds will wipe the ram.
You could take the cmos battery out and do this at the same time to be sure, but turning your computer off alone won't kill the juice.
It still in a live state. |
|
dave
Premium,MVM
join:2000-05-04
not in ohio | I don't believe the RAM is kept alive in 'power off' state.
(If it were, no-one would need 'hibernate to disk') |
|
