[cryptography] Best practices for paranoid secret buffers

Alfonso De Gregorio adg at crypto.lo.gy
Thu May 8 08:05:53 EDT 2014

On Thu, May 8, 2014 at 2:32 AM, Kevin W. Wall <kevin.w.wall at gmail.com> wrote:
> However, I don't think it's a panacea. Didn't someone have an
> attack where they were able to reconstruct AES encryption keys
> by recovering some fraction of the S-box values? I thought that
> was either Felten, et al, Cold Boot attack or something that
> was discussed in the literature around that time. Maybe I'm
> just blabbering here since I can barely remember what I had
> for lunch two days ago much less recall details of papers that
> I've read from 5 or 6 years ago. Anyhow, I'm sure someone
> on this list knows the details and I probably have it all wrong
> anyway.

Amarcord. Halderman et al. "Lest We Remember: Cold Boot Attacks on
Encryption Keys", in  Proc. 17th USENIX Security Symposium (Sec ’08),
San Jose, CA, July 2008, https://citp.princeton.edu/research/memory/
Later works improved upon Halderman et al. results.

-- alfonso


More information about the cryptography mailing list