> [EMAIL PROTECTED] writes: > > > My suggestion is to overwrite memory like 3 times if a programm free's > the > > memory or if a reboot is commanded via the shell. Of course this harms > > "old" boxes but it's still btter then loosing your SSH-Key or whatever > > resists in your ram. > > If someone has physical control of your machine while it is active you > have zero security. Doing a memory overwrite in the background is not > going to help. Accept that. > > If I can remove the case to get access to the memory to freeze it before > chopping power I can also attach bus analyzers that watch and log every > memory access. If I've a log of what was written to memory wiping the > actual memory later does NOT help.
Not at all! RAM keeps the information partly for MINUTES! It not a real race condition or so... it's about physics and electricity. And you're right abotu the Bug analyzer but that's a pretty uncommon devices. I think it's a lot easier to get the RAM and analyze it then to use a Busanalyzer. NOt everybody owns a Bus analyzer but mostly anybody owns a MB compatible to your memory modules... Think about bigger netroks! You do know ANY devices wich has NO ram? Even a simple client-PC wich boots via network has ram. And in universities or so with about 129k users you just can't ensure that NOBODY turns off the PC, gets the RAM, reads ya SSH key and turns the PC on again (just in case you might used it before this brave student..)... You could do this in like 10minutes (max!). If you keep in mind that if you break into a bank the cops have a time window of about 15 minutes what do you seriously exspect in universities? A swat-team in every pc pool? :-/ And a university is just one example. Another is a central manadged global opperating company where you just can't watch the VPN router or whatever 24/7 and where it's common that at least one provider has any issues a month. Of course the problem can't get solved with a 2-line patch or so. But it could be a good start if critical applications like ssh-agent or so would overwrite the memory they used (if no lib* change is planed). As I said already from my point of view a modified free() may would solve the issue (and it would be transparent to ANY software) or a change in the kernel. Kind regards, Sebastian
