Author

Topic: Private keys in RAM (Read 1270 times)

newbie
Activity: 3
Merit: 0
April 23, 2014, 06:11:04 AM
#12
my 2c. if possible use a physical storage device like a SAM module or in case of servers an HSM. storing in ram makes them vulnerable. Keyloggers and ramscrapers are just the tip of the iceberg.
hero member
Activity: 714
Merit: 500
Martijn Meijering
April 23, 2014, 05:15:48 AM
#11
Interesting OpenSSL patch by Akamai related to this, via @csoandy on Twitter:

http://marc.info/?l=openssl-users&m=139723710923076&w=2

Turns out this patch doesn't work at all, several experts panned it.
sr. member
Activity: 350
Merit: 250
April 23, 2014, 04:28:31 AM
#10
It's entirely possible that either a program with necessary privilege to read the memory location holding the key, or hardware utilizing DMA, can grab a private key from RAM.
member
Activity: 60
Merit: 10
April 13, 2014, 05:35:59 AM
#9
make it faster is the most improtant thing
hero member
Activity: 784
Merit: 1000
April 13, 2014, 04:47:55 AM
#8
Would it be easier to just make sure your signed tx always get on the chain first?
hero member
Activity: 714
Merit: 500
Martijn Meijering
April 12, 2014, 07:36:55 AM
#7
Interesting OpenSSL patch by Akamai related to this, via @csoandy on Twitter:

http://marc.info/?l=openssl-users&m=139723710923076&w=2
hero member
Activity: 812
Merit: 1022
No Maps for These Territories
April 10, 2014, 04:40:41 AM
#6
Private keys anyways should be in RAM only for a few fractions of a second: read them from HDD, decrypt them, sign whatever you need to sign (message, transaction...), zero them out again and done.
With the Bitcoin Core wallet this is already the case. The encrypted keys are stored in RAM, but they are only decrypted when necessary and zeroed afterwards (given that you use wallet encryption, of course). The memory used for storing keys is also locked, to avoid it from being swapped to disk.
legendary
Activity: 2618
Merit: 1007
April 10, 2014, 04:38:10 AM
#5
Private keys anyways should be in RAM only for a few fractions of a second: read them from HDD, decrypt them, sign whatever you need to sign (message, transaction...), zero them out again and done.
hero member
Activity: 812
Merit: 1022
No Maps for These Territories
April 10, 2014, 04:34:31 AM
#4
For operating systems that support a secure execution environment it'd make sense to move generating/encrypting/decrypting private keys and signing there. I'm not sure how useable this is in practice at this point. This could use TPM or HSMs if available.

And AFAIK some of the Android wallets use the OS-specific secure key storage for wallet keys.

Moving those operations to a separate, isolated process would already be a start. There are certainly baby steps to be made.
legendary
Activity: 2618
Merit: 1007
April 10, 2014, 03:19:56 AM
#3
The real solution is simply to not get malware and update often, IMO.
If you did NOT update to OpenSSL 1.0.1 (thus updating rarely/late) you were not hit by heartbleed...
You might be exposed to other (less severe) security issues that way though.
hero member
Activity: 714
Merit: 500
Martijn Meijering
April 09, 2014, 07:43:17 AM
#2
Well, that too of course, but 2/3 of the web was vulnerable to this one, whether they updated regularly or not. Layered defence is good.
hero member
Activity: 714
Merit: 500
Martijn Meijering
April 09, 2014, 04:43:01 AM
#1
After the heartbleed scare I've been thinking if perhaps we shouldn't make an effort to store private keys more securely. This isn't a new issue of course, and there are lots of existing techniques and best practices I'm only dimly aware of, including things like PKCS #11 and HSMs. I know work is also being done on Bitcoin-specific hardware solutions like Trezor.

Maybe we all need to move to hardware-based solutions in the future, but maybe there is also room for software-only solutions. Right now most people don't use specialised crypto hardware, and I was wondering if it would help if signing operations were at least located in a separate process with an independent address space. There is a library called SoftHSM which is a software-only implementation of PKCS #11. I think it's supposed to be linked directly to the application, but maybe it can be used as a starting point.

So, what do you think? Would this be a useful near-term improvement, or an undesirable half solution that discourages people from using dedicated hardware, if we believe that's the real solution?
Jump to: