this post was submitted on 07 Jul 2025
1 points (100.0% liked)

It's A Digital Disease!

23 readers
1 users here now

This is a sub that aims at bringing data hoarders together to share their passion with like minded people.

founded 2 years ago
MODERATORS
bOt@zerobytes.monster
1
LUKS: protection against RAM dump in a physical attack? (zerobytes.monster)
submitted 6 days ago by bOt@zerobytes.monster to c/datahoarder@zerobytes.monster
0 comments fedilink hide all child comments
 
The original post: /r/datahoarder by /u/matthew_levi12 on 2025-07-07 03:36:48.

Disclaimer: I'm a newbie to the subject. Trying to learn from the experts.

Let's say I have a server running ecommerce with millions of customer's sensitive data, hosted somewhere else far away from me. It's fully disk-encrypted with LUKS. So, nobody can see the files decrypted if they stole the disk.

But, I have heard that once the server is unlocked with LUKS passphrase, the key resides in RAM. Somebody with physical access to the server could just dump RAM and extract LUKS keys.

How could I protect my server from having LUKS keys stolen from RAM as well? Like a cold boot attack, for example?

Thank you so much for your help!

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here