user0777 Posted March 24 Posted March 24 (edited) Assuming we use LUKS and encrypt a drive, according to this thread the decryption key is stored in RAM. Does this mean my server is susceptible to a cold boot attack? (https://en.wikipedia.org/wiki/Cold_boot_attack) Please forgive me if it's a dumb question. Edited March 24 by user0777 fix spacing Quote
itimpi Posted March 24 Posted March 24 6 hours ago, user0777 said: Does this mean my server is susceptible to a cold boot attack? Not as I understand such attacks as the key would be lost when the reboot happens. It has to be reloaded/entered every time the system boots as it is not persisted by Unraid across a reboot. Quote
user0777 Posted March 24 Author Posted March 24 1 hour ago, itimpi said: Not as I understand such attacks as the key would be lost when the reboot happens. It has to be reloaded/entered every time the system boots as it is not persisted by Unraid across a reboot. Exactly so if you read material on cold boot attacks, stuff that’s in RAM does persist if you pull the power cord to a PC. You could then pull the LUKS key out of RAM. It does indeed seem susceptible Quote
itimpi Posted March 24 Posted March 24 4 minutes ago, user0777 said: Exactly so if you read material on cold boot attacks, stuff that’s in RAM does persist if you pull the power cord to a PC. You could then pull the LUKS key out of RAM. It does indeed seem susceptible Looking at the description in more detail of what it takes to carry out such an attack I suspect that if you have someone with the capability to carry out this sort of attack having physical access to your server then you probably have much larger problems anyway! 1 Quote
NewDisplayName Posted March 28 Posted March 28 (edited) yeah if u have physical access, just dont turn off the pc and you have it anyway... Edited March 28 by NewDisplayName Quote
user0777 Posted March 28 Author Posted March 28 10 minutes ago, NewDisplayName said: yeah if u have physical access, just dont turn off the pc and you have it anyway... Isn’t the whole point of LUKS to protect against physical attacks? Quote
Solution user0777 Posted March 28 Author Solution Posted March 28 According to a thread on hacker news, the only mitigation for cold boot on unraid would be something involving RAM encryption (intel 13th gen and some AMD CPUs have this feature) https://news.ycombinator.com/item?id=38219731 Quote
NewDisplayName Posted March 28 Posted March 28 (edited) How would you do that? If you dont have the key, the server cant function. edit: ok where is the key stored to encrypt ram? Edited March 28 by NewDisplayName Quote
user0777 Posted March 28 Author Posted March 28 I think you’ve misunderstood the meaning of Physical access maybe? Physical access means being in the same room as the server not necessarily while it is unlocked. Quote
NewDisplayName Posted March 29 Posted March 29 5 hours ago, user0777 said: I think you’ve misunderstood the meaning of Physical access maybe? Physical access means being in the same room as the server not necessarily while it is unlocked. Yes, someone could enter while the server is not on, but then how do you usually start the server? you have to have some sort of password, physical, or an automated way to unlock it... right? Quote
user0777 Posted March 29 Author Posted March 29 No, we are talking about the case when the server is already on but locked. Quote
NewDisplayName Posted March 29 Posted March 29 10 hours ago, user0777 said: No, we are talking about the case when the server is already on but locked. OK. Now you can just extract the key out of ram. Thats what you mean? And if it were encrypted, you couldnt do that. But dont we have the same problem again, where comes the pw for the encrypted ram? Quote
user0777 Posted March 29 Author Posted March 29 (edited) RAM isn’t encrypted. Unraid stores the decryption key in RAM in plaintext. Edited March 29 by user0777 Quote
NewDisplayName Posted March 29 Posted March 29 Oh rly, i know, why you tell me this? were talking about encrypted ram here? But anyway, i dont want to continue this discussion. Quote
user0777 Posted March 29 Author Posted March 29 Encrypted ram is the solution however 99% of unraid users will not have encrypted ram. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.