On Fri, 22 Feb 2008, Brett Lymn wrote: > On Thu, Feb 21, 2008 at 05:19:28PM -0600, Marco Peereboom wrote: > > > > Let me give you an engineering opinion: bwahahahahahaha this is > > retarded. > > > > Well, let me give you another engineering opinion based on actual > experience working on a machine with a custom graphics system - it is > not 100% reliable but DRAM can show a surprising amount of remanence > even without power/refresh. We used to see parts of the display come > up even after the machine had been down for hours.
Yeah, I recall this from one of the first computers I had as a child. A recognisable amount of screen contents were briefly visible at power on, even if the machine had been left overnight. It is kind of obvious in hindsight that this could be turned to an attack, but lots of things are only obvious in hindsight :) As far as this related to OpenBSD, the main attack that we care about is against laptops that have been suspended, and there are some concerns there (especially if your threat model includes thieves with LN2). We are already pretty careful about zeroising secrets from RAM on program close or system shutdown. Any failures to do this should be reported as bugs. -d
