[Discuss] Cold Boot Attacks on Encryption Keys

[blu at nedharvey.com (Edward Ned Harvey (blu))]

> From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss-
> bounces+blu=nedharvey.com at blu.org] On Behalf Of Tom Metro
> 
> I'd be curious to know if anyone has deployed something like TrueCrypt
> on a sizable cluster of machines. How did they handle reboots?

Truecrypt requires password intervention at boot.
Bitlocker (and some others) rely on TPM and therefore do not require password at boot.

Just for background information, anyone who doesn't know:  The TPM provides a lot of different functions.  Amongst them is tamper-resistant key storage.  Imagine an entire computer on a single chip, and it's all filled with concrete and hot glue so you can't easily take it apart to access the CPU or RAM or storage directly.  You have a communication bus into the system, and it responds to only a few commands.  Amongst them, you can tell the chip, which is integrated into your motherboard bios, "Look at my bios configuration, look at all the unencrypted sectors of my boot disk, look at which disk I'm booting, perform a checksum on all those things, and decrypt the following encrypted key, *only* if all of these remain unchanged from the state that we previously agreed upon..."

The most obvious solution to me, is to have an authentication server (AD/Ldap/Kerberos) which boots using TPM.  Authenticate and encrypt everything using your PKI.  As always, there are modes of attack, but it all revolves around "the $5 wrench," to extract a user's password from them, or some user writing their password on a post-it note, or exploitable vulnerabilities in the OS, etc.