Actions

Cold Boot Attack Defense

From Whonix



Coldbootattack12312421.png

Ambox warning pn.svg.png Documentation for this is incomplete. Contributions are happily considered!

TODO: write introduction

  • What is a cold boot attack.
  • What is RAM.
  • Explain DDR2 vs DDR3 RAM.
  • How is RAM different from mass storage.
  • Document how to find out if one is using DDR3 RAM.

[1]

Defending Cold Boot Attacks makes most sense for users of Full Disk Encryption and/or Host Live Mode.

To make memory forensics harder, make sure you shutdown your computer normally [2] and then remove the machine from any power source by pulling the power plug. In the case of notebooks, the battery should be removed after powering off. And the computer should be turned when exposed to higher-risk situations like traveling. [3]

Use DDR3 RAM since it might be resistant to this attack. [4]

Development Discussion[edit]

https://forums.whonix.org/t/is-ram-wipe-possible-inside-whonix/5596 [archive]

Footnotes[edit]

  2. so the Linux kernel's memory erasing features (page_poison, slub_debug or init_on_free) and/or your firmware reset attack mitigation can kick in
  3. And/or the memory should be wiped upon shutdown. This is a theoretical mechanism at present because it is undocumented. https://forums.whonix.org/t/is-ram-wipe-possible-inside-whonix/5596 [archive]
  4. Quote On the Practicability of Cold Boot Attacks [archive]:

    we could not reproduce cold boot attacks against modern DDR3 chips.

Fosshost is sponsors Kicksecure stage server Whonix old logo.png
Fosshost About Advertisements

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki

Follow: 1024px-Telegram 2019 Logo.svg.png Iconfinder Apple Mail 2697658.png Twitter.png Facebook.png Rss.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Support: 1024px-Telegram 2019 Logo.svg.png Discourse logo.png Matrix logo.svg.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate Whonix.png United Federation of Planets 1000px.png

Twitter-share-button.png Facebook-share-button.png Telegram-share.png link=mailto:?subject=Cold Boot Attack Defense&body=https://www.whonix.org/wiki/Cold_Boot_Attack_Defense link=https://reddit.com/submit?url=https://www.whonix.org/wiki/Cold_Boot_Attack_Defense&title=Cold Boot Attack Defense link=https://news.ycombinator.com/submitlink?u=https://www.whonix.org/wiki/Cold_Boot_Attack_Defense&t=Cold Boot Attack Defense link=https://mastodon.technology/share?message=Cold Boot Attack Defense%20https://www.whonix.org/wiki/Cold_Boot_Attack_Defense&t=Cold Boot Attack Defense

Do you wonder why Whonix ™ will always be free? Check out Why Whonix ™ is Freedom Software.

https link onion link Priority Support | Investors | Professional Support

Whonix | © ENCRYPTED SUPPORT LP | Heckert gnu.big.png Freedom Software / Osi standard logo 0.png Open Source (Why?)

The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.

Retrieved from "https://www.whonix.org/w/index.php?title=Cold_Boot_Attack_Defense&oldid=64093"
By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent.
More information