[OTR-dev] OTR and Cold Boot Attacks
Justin Bull
me at justinbull.ca
Mon Jan 2 19:26:59 EST 2012
Hello otr-dev,
I've been doing some minor research into cold boot attacks. I found
OTR quite susceptible to this type of attack. I propose that the code
is updated to zero-out or garble the allocated memory used for storing
the IM conversations prior to freeing it back to the OS. This would
mimic TrueCrypt's strategy to mitigating success of such an attack.
See TrueCrypt's acknowledgement here:
http://www.truecrypt.org/docs/?s=unencrypted-data-in-ram
> "Keep in mind that most programs do not clear the memory area (buffers) in which they store unencrypted (portions of) files [...] This means that after you exit such a program, unencrypted data it worked with may remain in memory (RAM) until the computer is turned off (and, according to some researchers, even for some time after the power is turned off*)."
> "When a non-system TrueCrypt volume is dismounted, TrueCrypt erases its master keys (stored in RAM)."
More information about the OTR-dev
mailing list