Comment on Follow-up question to mounting encrypted drives
MigratingtoLemmy@lemmy.world 1 year agoThank you, I realise that what I’m asking for might not be physically possible. I’m certain that RAM loses all of its contents after a loss of power, but would it be possible to pad the RAM before/during the shutdown process to make sure that nobody gets the key?
aard@kyu.de 1 year ago
Yes, but: somebody trying to attack your machine that way would cut the power and try to freeze your memory modules. So that mitigation wouldn’t trigger.
If you think you really need to guard against that attack you’d have to look into physical security: At room temperature there’s a pretty short window available for saving the contents. So if you manage to remove access of possibly used cooling agents to the memory modules you already made things quite tricky.
Now if you can make removing the memory modules hard as well, and prevent booting anything but what you want to be booted there’s a decent chance it’ll be impossible to recover memory contents.
If that still isn’t good enough you’d have to look into providing a means of physical destruction of the memory modules triggered by a backup power source inside the case on unexpected power loss.
MigratingtoLemmy@lemmy.world 1 year ago
Thank you for the comprehensive answer. I will go through it again and attempt to implement some of these mitigations.
Thanks again, I saved your comment
aard@kyu.de 1 year ago
Take into account that your average police raid will not attempt that - they just don’t have the means for that.
If you have managed to become an important enough target that either specialists get called in, or you’ve managed to become target of three letter agencies or the equivalent in your country you will have been targeted by other attacks to gain access to your data, both software and hardware - and if you have to ask that kind of question here you’re very unlikely to successfully defend against them.
MigratingtoLemmy@lemmy.world 1 year ago
Thanks for your reply. Fortunately, I am not a person under such scrutiny, and the only reason I ask this is because I’m paranoid.