Bitcoin Forum
December 11, 2017, 06:04:52 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Could private keys in memory be inadvertently sent to swap? (disk)  (Read 743 times)
agent13
Newbie
*
Offline Offline

Activity: 26


View Profile
November 27, 2013, 11:58:09 AM
 #1


If you have Bitcoin-qt open or another client etc, is it possibly Linux might swap the memory (and keys) to swap? (and therefore to disk). Even though you might have wallet.dat encrypted, could the keys inadvertently be dumped to disk? How could this be avoided? Perhaps just have a lot of RAM so swapping is not needed? This could technically even occur with javascript key generators correct? Is it possible to zero-fill the swap partition after exiting the client?

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1512972292
Hero Member
*
Offline Offline

Posts: 1512972292

View Profile Personal Message (Offline)

Ignore
1512972292
Reply with quote  #2

1512972292
Report to moderator
moderate
Member
**
Offline Offline

Activity: 70

nearly dead


View Profile
November 27, 2013, 12:24:16 PM
 #2

Obvious solution: remove your swap partition(s).

Anyway, isn't this the kind of attack that if you happen to be vulnerable to it then you're already vulnerable to a lot of other potentially more dangerous things ?
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2366



View Profile
November 27, 2013, 12:41:10 PM
 #3

is it possibly Linux might swap the memory (and keys) to swap? (and therefore to disk)
We mlock the memory used for private keys, however there could be a mistake someplace or another, so encrypted swap is still advisable— and very easy to do under linux.

Bitcoin will not be compromised
oleganza
Full Member
***
Online Online

Activity: 200


Software design and user experience.


View Profile WWW
November 27, 2013, 12:45:02 PM
 #4

On Mac it'll be just enabling FileVault2 - full disk encryption. And, preferably, using sandboxed apps.

Bitcoin analytics: blog.oleganza.com / 1TipsuQ7CSqfQsjA9KU5jarSB1AnrVLLo
FreedomDealer
Newbie
*
Offline Offline

Activity: 7


View Profile
November 27, 2013, 02:39:37 PM
 #5

A similar problem is a core dump (after a crash, for example), when memory content ends up in log files.
A solution is full disk encryption. On Linux, you can encrypt a partition using LUKS and create your root, swap, home, etc. on top of that as logical volumes using LVM.
moderate
Member
**
Offline Offline

Activity: 70

nearly dead


View Profile
November 27, 2013, 02:47:06 PM
 #6

A similar problem is a core dump (after a crash, for example), when memory content ends up in log files.

As a reminder, in production you shouldn't be producing core dumps. Either disable the generation during kernel compilation or through utilities (like ulimit).
agent13
Newbie
*
Offline Offline

Activity: 26


View Profile
November 28, 2013, 09:36:26 AM
 #7

I like using Ubuntu with Bitcoin-QT. I also play with bitaddress etc offline. The default Ubuntu installer creates a swap partition. It provides an option to encrypt the user folder, but not swap. Might someone have a link to a how-to to resolve this concern?.. ie, encrypt the swap partition? Or, what might be the best way to tackle this in Ubuntu?

Thanks.
StarfishPrime
Sr. Member
****
Offline Offline

Activity: 359


View Profile
November 29, 2013, 03:09:58 PM
 #8

We can expect to see increasingly creative attacks with btc >~1K USD. There are many attack vectors left to be exploited.

Code should never keep unencrypted keys in memory longer than absolutely necessary and overwrite any instances as soon as possible. Scanning multiple GBs for likely keys is trivial. It's not necessarily difficult for malicious code to cause a core dump - not all OS's are created equal.

One thing we can definitely be sure of - the "best" minds of the eastern bloc are already working on it.

                         
    ¦                     
  ¦    ¦¦¦               
¦¦  ¦¦¦¦                 
                             ¦¦  ¦¦¦¦
                          ¦ ¦¦ ¦¦¦¦                     
                         ¦¦¦¦¦¦¦¦
                        ¦¦¦¦¦¦¦
                        ¦¦¦¦¦¦
                  ¦¦¦  ¦¦¦¦¦¦
                   ¦ ¦¦¦¦¦¦

                    ¦¦  ¦ ¦¦¦¦
                    ¦¦    ¦¦¦¦
                    ¦¦  ¦ ¦¦¦¦
                   ¦¦¦  ¦ ¦¦¦¦¦
                ¦¦¦¦    ¦ ¦¦¦¦¦¦¦¦
             ¦¦¦¦¦    ¦ ¦¦ ¦¦¦¦¦¦¦¦¦¦
          ¦¦¦¦¦       ¦  ¦   ¦¦¦¦¦¦¦¦¦¦¦
        ¦¦¦¦         ¦        ¦¦¦¦¦¦¦¦¦¦¦¦
     ¦¦¦¦          ¦      ¦    ¦¦¦¦¦¦¦¦¦¦¦¦¦¦
    ¦¦¦         ¦¦         ¦   ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
   ¦¦        ¦¦         ¦¦  ¦   ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
  ¦¦       ¦          ¦ ¦¦   ¦  ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
 ¦¦¦     ¦¦          ¦   ¦    ¦  ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
¦¦¦     ¦          ¦      ¦   ¦¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
¦¦¦    ¦        ¦¦         ¦¦  ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
¦¦¦   ¦¦     ¦¦         ¦   ¦  ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
¦¦¦   ¦     ¦¦         ¦¦¦   ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
 ¦¦   ¦¦    ¦        ¦    ¦  ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
 ¦¦    ¦   ¦        ¦¦    ¦  ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
  ¦¦    ¦  ¦¦       ¦     ¦  ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
   ¦¦    ¦  ¦      ¦      ¦  ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
    ¦¦¦   ¦ ¦¦     ¦¦     ¦  ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
     ¦¦¦   ¦ ¦¦     ¦¦    ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
       ¦¦¦¦  ¦ ¦¦    ¦  ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
          ¦¦¦¦¦¦  ¦¦  ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
             ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
                        ¦¦

.
TorCoin.....
¦
¦
¦
¦
  Fully Anonymous TOR-integrated Crypto
               ¦ Windows     ¦ Linux     ¦ GitHub     ¦ macOS
     ¦
     ¦
     ¦
     ¦
.
   ANN THREAD
     ¦
     ¦
     ¦
     ¦
[/center]
Peter Todd
Legendary
*
expert
Offline Offline

Activity: 1106


View Profile
November 29, 2013, 06:19:58 PM
 #9

A similar problem is a core dump (after a crash, for example), when memory content ends up in log files.

As a reminder, in production you shouldn't be producing core dumps. Either disable the generation during kernel compilation or through utilities (like ulimit).

Note that under Linux you can in fact do selective core-dumps that skip some sections of memory.

This is usually used when an application has large sections that are not relevant for debugging, but could prove useful to keep private keys out of disk as well.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!