Join GitHub today
Reboot every 24 hours to periodically wipe memory #805
This is a kludge, but a reasonably effective one. This change reboots
This ensures that the plaintext of submissions can reside in memory for
Dec 16, 2014
1 check passed
referenced this pull request
Jul 16, 2015
I'm going to quote some text from the 2008 paper "Lest We Remember: Cold Boot Attacks on Encryption Keys." Though the paper is focused on the extraction of encryption keys from DRAMs, much of the information relates to exploiting DRAM remenance effects, which could apply to any data.
Basically restating this, it seems that we can conclude that if the App Server has ECC memory or it is set to run a POST on boot, a warm reboot should be completely successful at clearing plaintext data from RAM. If it is compatible w/ ECC memory, a warm reboot may also be sufficient. However, if the App Server is neither ECC RAM compatible, nor does it run a POST on boot, plaintexts may persist through warm reboots.
The Intel D54250WYK you recommend does not support ECC memory, so if you want this kludge to be effective with that machine you should suggest enabling running POST on every startup.
@fowlslegs Good point, thanks for drawing out the relevant details from the cold boot paper. I was aware of those results - my reasoning here is not that a reboot can be used to decay memory, but that the shutdown will cause all processes to terminate (init sends SIGTERM to all processes), and PAX_MEMORY_SANITIZE will sanitize them as they go.
Of course, I should've explained this in the original comment on the PR. I also haven't tested this on hardware, although that would probably be worthwhile and would definitely be fun!