I stumbled across this paper from the 2007 Chaos Communication Camp which describes a method for extracting the cryptographic keys used by either dm-crypt or cryptoloop.
Technically, the cryptographic keys need to reside in memory while your encrypted disk is in use, so, obviously, if an attacker has access to your physical RAM, they will be able to obtain these keys and decrypt the volume at any future point in time. There were a couple of less-than-obvious takeaways, however.
The first is that there are a multitude of avenues for accessing a machine’s memory. Anyone able to obtain root access could access /dev/mem remotely, but many systems (especially laptops) will actually write the memory’s contents to disk during extended hibernation. Virtualization software, such as VMWare, will do exactly the same when the virtual machine is suspended. Finally (and this was news to me), the Firewire standard provides devices DMA access. You could imagine a device specifically designed for the purpose of connecting to a running machine. It would copy the machine’s ram to a small hard disk, a “finished” LED would light up, and the attacker would pocket it and exit the building. The operating system wouldn’t even know that anything had happened.
The second big takeaway is that it’s relatively simple to search for these keys in a full memory dump. The method is slightly different for dm-crypt than it is for cryptoloop, but it basically involves a pattern search for certain characteristics in the C data scructure that holds the key. There are a couple of scripts included in the appendix for those of you who’d like to try this out.
If you use disk encryption on a laptop to protect your data from theft while you are traveling, take note. Disable hibernation mode to prevent RAM from being written to disk and do not leave your machine running while unattended, even if logged out.
Cryptographic key recovery from Linux memory dumps – Link (pdf)
ADVERTISEMENT