Comment by astrange

12 years ago

If it just reads the up-to-64KB after that allocation, wouldn't you expect to see the server process segfault before too long?

Of course, servers helpfully just start themselves back up again.

As for scanning for key material, I wonder how to tell that 256-bit random data is the 256-bit random data you want.

3 comments

astrange

Reply
juhanima  12 years ago

When for instance an AES-key is being used by OpenSSL, it is put into a 'struct aes_key_st' which is not random at all but quite easily recognizable when scanning memory.

The Cold Boot attack paper by Halderman, Schoen et al. here

https://citp.princeton.edu/research/memory/

...discusses this in detail in chapter 6, Identifying Keys in Memory.

EDIT: fixed the reference

HappMacDonald  12 years ago

Well, one way is to brute iterate through every potential 256-bit string you dredge out of the canal against the known public key.

If you can dredge up 64kB of fresh data every time, that's 511,744 tests per shovelful which is quite a bit to sift through from a performance perspective but it's also a trivially parallel task.

Additionally, folk might know of even better ways to narrow that down. For example, the data representation in memory might have easy to grep for delimiters.

  • ibmthrowaway218  12 years ago

    65505 tests as I work it out as it's unlikely to be non-byte aligned:-

    256 bits is 32 bytes

    If you get 64kB of payload data back each time then it can only contain 65536-31=65505 different consecutive strings of 32 bytes.