[guardian-dev] Fwd: [OTR-dev] OTR and Cold Boot Attacks

Hans-Christoph Steiner hans at guardianproject.info
Wed Feb 1 11:28:48 EST 2012


This is something we should also deal with in Gibberbot, but I don't think its urgent. Cold boot attacks are still rare and difficult, and its very hard to script physical actions like grabbing a phone, freezing it, etc. ;)

I guess the core idea is to write over the unencrypted message contents in memory once the data has gotten to where it needs to go.

That reminds me, we should have a "no logging at all" pref in Gibberbot so that unencrypted messages are never stored anywhere.  It'll be annoying, because if you switch away from Gibberbot and it gets killed by Android, when you come back, the messages will all be gone.

.hc

Begin forwarded message:

> From: "Byrd, Brendan" <Byrd.B at insightcom.com>
> Date: February 1, 2012 10:09:08 AM EST
> To: Rob Smits <rdfsmits at cs.uwaterloo.ca>, "otr-dev at lists.cypherpunks.ca" <otr-dev at lists.cypherpunks.ca>
> Subject: Re: [OTR-dev] OTR and Cold Boot Attacks
> 
> Modifying Pidgin isn't out of the question, but a bug report would need to be added there.
> 
> --
> Brendan Byrd <byrd.b at insightcom.com>
> System Integration Analyst (NOC Web Developer)
> 
> 
> -----Original Message-----
> From: otr-dev-bounces at lists.cypherpunks.ca [mailto:otr-dev-bounces at lists.cypherpunks.ca] On Behalf Of Rob Smits
> Sent: Saturday, January 07, 2012 7:00 PM
> To: otr-dev at lists.cypherpunks.ca
> Subject: Re: [OTR-dev] OTR and Cold Boot Attacks
> 
> Hi Justin,
> 
> Unfortunately there are some complications with fixing this completely. 
> 
> In terms of libotr, it would be pretty simple to garble the memory it allocates for decrypted messages before freeing it (in otrl_message_free).
> However libotr can't guarantee that the contents weren't copied elsewhere. 
> 
> In terms of pidgin-otr, we are out of luck. It will in fact make a copy of the contents of a decrypted message and provide this copy to pidgin.
> Pidgin-otr then has no way to know when pidgin will free this memory.
> Without modifying pidgin I don't think there is a way around this.
> 
> Regards,
> Rob
> 
>> -----Original Message-----
>> From: otr-dev-bounces at lists.cypherpunks.ca [mailto:otr-dev- 
>> bounces at lists.cypherpunks.ca] On Behalf Of Justin Bull
>> Sent: January-02-12 7:27 PM
>> To: otr-dev at lists.cypherpunks.ca
>> Subject: [OTR-dev] OTR and Cold Boot Attacks
>> 
>> Hello otr-dev,
>> 
>> I've been doing some minor research into cold boot attacks. I found 
>> OTR quite susceptible to this type of attack. I propose that the code 
>> is
> updated to
>> zero-out or garble the allocated memory used for storing the IM 
>> conversations prior to freeing it back to the OS. This would mimic
> TrueCrypt's
>> strategy to mitigating success of such an attack.
>> 
>> See TrueCrypt's acknowledgement here:
>> http://www.truecrypt.org/docs/?s=unencrypted-data-in-ram
>> 
>>> "Keep in mind that most programs do not clear the memory area 
>>> (buffers)
>> in which they store unencrypted (portions of) files [...] This means 
>> that
> after
>> you exit such a program, unencrypted data it worked with may remain in 
>> memory (RAM) until the computer is turned off (and, according to some 
>> researchers, even for some time after the power is turned off*)."
>> 
>>> "When a non-system TrueCrypt volume is dismounted, TrueCrypt erases 
>>> its
>> master keys (stored in RAM)."
>> _______________________________________________
>> OTR-dev mailing list
>> OTR-dev at lists.cypherpunks.ca
>> http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
> 
> 
> _______________________________________________
> OTR-dev mailing list
> OTR-dev at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
> _______________________________________________
> OTR-dev mailing list
> OTR-dev at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-dev



----------------------------------------------------------------------------

Computer science is no more related to the computer than astronomy is related to the telescope.      -Edsger Dykstra




More information about the Guardian-dev mailing list