Actions

Cold Boot Attack Defense

From Whonix



Ambox warning pn.svg.png Documentation for this is incomplete. Contributions are happily considered!

TODO: write introduction

  • What is a cold boot attack.
  • What is RAM.
  • Explain DDR2 vs DDR3 RAM.
  • How is RAM different from mass storage.
  • Document how to find out if one is using DDR3 RAM.

[1]

Defending Cold Boot Attacks makes most sense for users of Full Disk Encryption and/or Host Live Mode.

To make memory forensics harder, make sure you shutdown your computer normally [2] and then remove the machine from any power source by pulling the power plug. In the case of notebooks, the battery should be removed after powering off. And the computer should be turned when exposed to higher-risk situations like traveling. [3]

Use DDR3 RAM since it might be resistant to this attack. [4]

Development Discussion[edit]

https://forums.whonix.org/t/is-ram-wipe-possible-inside-whonix/5596 [archive]

Footnotes[edit]

  1. so the Linux kernel's memory erasing features (page_poison, slub_debug or init_on_free) and/or your firmware reset attack mitigation can kick in
  2. And/or the memory should be wiped upon shutdown. This is a theoretical mechanism at present because it is undocumented. https://forums.whonix.org/t/is-ram-wipe-possible-inside-whonix/5596 [archive]
  3. Quote On the Practicability of Cold Boot Attacks [archive]:

    we could not reproduce cold boot attacks against modern DDR3 chips.



text=Jobs in USA
Jobs in USA


Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki


Follow: Twitter.png Facebook.png Iconfinder news 18421.png Rss.png Matrix logo.svg.png 1024px-Telegram 2019 Logo.svg.png Discourse logo.svg Reddit.jpg

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate whonix.png United Federation of Planets 1000px.png

Share: Twitter | Facebook

Love Whonix and want to help spread the word? You can start by telling your friends or posting news [archive] about Whonix on your website, blog or social media.

https link onion link

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.

Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.