Cold boot attack susceptibility when using LUKS?

[user0777]

Assuming we use LUKS and encrypt a drive, 
 

according to this thread the decryption key is stored in RAM. Does this mean my server is susceptible to a cold boot attack? (https://en.wikipedia.org/wiki/Cold_boot_attack)

Please forgive me if it's a dumb question.

Edited March 24 by user0777
fix spacing

[itimpi]

6 hours ago, user0777 said:

Does this mean my server is susceptible to a cold boot attack?

Not as I understand such attacks as the key would be lost when the reboot happens.   It has to be reloaded/entered every time the system boots as it is not persisted by Unraid across a reboot.

[user0777]

1 hour ago, itimpi said:

Not as I understand such attacks as the key would be lost when the reboot happens.   It has to be reloaded/entered every time the system boots as it is not persisted by Unraid across a reboot.

Exactly so if you read material on cold boot attacks, stuff that’s in RAM does persist if you pull the power cord to a PC. You could then pull the LUKS key out of RAM. It does indeed seem susceptible

[itimpi]

4 minutes ago, user0777 said:

Exactly so if you read material on cold boot attacks, stuff that’s in RAM does persist if you pull the power cord to a PC. You could then pull the LUKS key out of RAM. It does indeed seem susceptible

Looking at the description in more detail of what it takes to carry out such an attack I suspect that if you have someone with the capability to carry out this sort of attack having physical access to your server then you probably have much larger problems anyway!

[NewDisplayName]

yeah if u have physical access, just dont turn off the pc and you have it anyway... 

Edited March 28 by NewDisplayName

[user0777]

10 minutes ago, NewDisplayName said:

yeah if u have physical access, just dont turn off the pc and you have it anyway... 

 

Isn’t the whole point of LUKS to protect against physical attacks?

[user0777]

According to a thread on hacker news, the only mitigation for cold boot on unraid would be something involving RAM encryption (intel 13th gen and some AMD CPUs have this feature)

 

https://news.ycombinator.com/item?id=38219731

 

 

 

 

[NewDisplayName]

How would you do that? If you dont have the key, the server cant function.

 

edit:

ok where is the key stored to encrypt ram?

 

Edited March 28 by NewDisplayName

[user0777]

I think you’ve misunderstood the meaning of Physical access maybe? Physical access means being in the same room as the server not necessarily while it is unlocked.

[NewDisplayName]

5 hours ago, user0777 said:

I think you’ve misunderstood the meaning of Physical access maybe? Physical access means being in the same room as the server not necessarily while it is unlocked.

Yes, someone could enter while the server is not on, but then how do you usually start the server? you have to have some sort of password, physical, or an automated way to unlock it... right?

[user0777]

No, we are talking about the case when the server is already on but locked.

[NewDisplayName]

10 hours ago, user0777 said:

No, we are talking about the case when the server is already on but locked.

OK. 

 

Now you can just extract the key out of ram. Thats what you mean? And if it were encrypted, you couldnt do that.

 

But dont we have the same problem again, where comes the pw for the encrypted ram?

[user0777]

RAM isn’t encrypted. Unraid stores the decryption key in RAM in plaintext.

Edited March 29 by user0777

[NewDisplayName]

Oh rly, i know, why you tell me this?

 

were talking about encrypted ram here?

 

But anyway, i dont want to continue this discussion.

[user0777]

Encrypted ram is the solution however 99% of unraid users will not have encrypted ram.