WebApp Sec mailing list archives
Re: Securing encrypted data in RAM vs MSSQL
From: Ivan Krstic <krstic () fas harvard edu>
Date: Wed, 07 Jul 2004 02:06:52 +0100
Lucas Holt wrote: > [...] When the power goes out, you lose the
data if its in ram. [...]
Yes and no, depending on how much you want to nitpick. See Gutmann's classic "Secure Deletion of Data from Magnetic and Solid-State Memory" [1] for a thorough treatment. Also good are sections 9.3.1-9.3.4 in Ferguson, Schneier, "Practical Cryptography" (Indianapolis, Wiley Publishing, 2003).
Usually, this is of no concern, but if one's dealing with particularly sensitive information, it becomes vital to keep in mind memory is *not* safe. If one really insists of keeping very important things (keys, etc) in memory safely, the only solution I'm aware of is the use of a Boojum, as mentioned by Ferguson, Schneier [2].
[1] http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html[2] Crescenzo, Ferguson, Impagliazzo, Jakobsson. "How to Forget a Secret". In Meinel, Tisson, editors, STACS 99, vol. 1563 of "Lecture Notes in Computer Science", pp. 500-509. Springer Verlag, 1999.
Cheers, Ivan.
Current thread:
- RE: Securing encrypted data in RAM vs MSSQL, (continued)
- RE: Securing encrypted data in RAM vs MSSQL Stan Guzik (Jul 01)
- Re: Securing encrypted data in RAM vs MSSQL Toro, Daniel (Jul 01)
- RE: Securing encrypted data in RAM vs MSSQL Bénoni MARTIN (Jul 01)
- RE: Securing encrypted data in RAM vs MSSQL Yvan Boily (Jul 01)
- RE: Securing encrypted data in RAM vs MSSQL Dean Saxe (Jul 01)
- RE: Securing encrypted data in RAM vs MSSQL Bénoni MARTIN (Jul 01)
- RE: Securing encrypted data in RAM vs MSSQL Mark Curphey (Jul 01)
- RE: Securing encrypted data in RAM vs MSSQL Dave Andrews (Jul 01)
- RE: Securing encrypted data in RAM vs MSSQL Philip Wagenaar (Jul 02)
- Re: Securing encrypted data in RAM vs MSSQL Lucas Holt (Jul 06)
- Re: Securing encrypted data in RAM vs MSSQL Ivan Krstic (Jul 06)
- RE: Securing encrypted data in RAM vs MSSQL Philip Wagenaar (Jul 02)
- RE: Securing encrypted data in RAM vs MSSQL Stan Guzik (Jul 01)
- RE: Securing encrypted data in RAM vs MSSQL Michael Silk (Jul 02)
- Re: Securing encrypted data in RAM vs MSSQL exon (Jul 02)
- RE: Securing encrypted data in RAM vs MSSQL Bénoni MARTIN (Jul 02)
- Re: Securing encrypted data in RAM vs MSSQL Ivan Krstic (Jul 02)