Go to advanced search

by RDPUser
Thu Jan 17, 2019 7:04 pm
Forum: Troubleshooting
Topic: OpenVPN can't write logfile to home folder
Replies: 26
Views: 2389

Re: OpenVPN can't write logfile to home folder

If it helps you to have a configuration where openvpn is running instead of exiting to see which user openvpn is running, please execute cd /etc/openvpn sudo openvpn --genkey --secret nokey.txt And take this config log /home/pi/vpn.log remote bla.la.nonexistent8 secret nokey.txt dev tun proto udp Re...
by RDPUser
Thu Jan 17, 2019 6:53 pm
Forum: Troubleshooting
Topic: OpenVPN can't write logfile to home folder
Replies: 26
Views: 2389

Re: OpenVPN can't write logfile to home folder

By the username Pi I suspect you are using Raspbian(?) Are you using openvpn as a service for incoming connections or to connect to a vpn server out on the Internet (provided by a commercial vpn provider)? I have used openvpn in the second way but not in the first - and not on Raspbian. Ubuntu Mate...
by RDPUser
Thu Jan 17, 2019 6:25 pm
Forum: General discussion
Topic: How to contact moderator directly?
Replies: 15
Views: 1078

Re: How to contact moderator directly?

Jamesh, thank you very much for taking all that time and writing these long answers. And also thanks for clearifying that security is very important for you. Of course you're right recent German hack was not because of cold boot attacks. It was just an example for the importance of IT security. Sorr...
by RDPUser
Thu Jan 17, 2019 4:09 pm
Forum: Troubleshooting
Topic: OpenVPN can't write logfile to home folder
Replies: 26
Views: 2389

Re: OpenVPN can't write logfile to home folder

Hallo Ken, thanks for considering, however that is not the issue. /home/pi is untouched. The encrypted location lies somewhere lese. However as long as openvpn can't write to /home/pi the chances are very low that it can write to its intented location. BTW OpenVPN couldn't write to that location nei...
by RDPUser
Thu Jan 17, 2019 3:32 pm
Forum: General discussion
Topic: How to contact moderator directly?
Replies: 15
Views: 1078

Re: How to contact moderator directly?

If it is an issue with the recently closed Zero RAM on startup thread, that one had run its course, there was really nothing else to say on it. We had had at least three reports on it asking for it to be closed. The Pi isn't sold as a secure system, and we have no plans to make it secure to the ext...
by RDPUser
Thu Jan 17, 2019 2:02 pm
Forum: General discussion
Topic: How to contact moderator directly?
Replies: 15
Views: 1078

Re: How to contact moderator directly?

Thanks, great Idea, I'll do that.
by RDPUser
Thu Jan 17, 2019 1:41 pm
Forum: Troubleshooting
Topic: OpenVPN can't write logfile to home folder
Replies: 26
Views: 2389

Re: OpenVPN can't write logfile to home folder

Yeah VPN is doing its task except writing log to the wrong place. I want the log at a secure/encrypted location thats why I need to change the location.
by RDPUser
Thu Jan 17, 2019 1:40 pm
Forum: General discussion
Topic: How to contact moderator directly?
Replies: 15
Views: 1078

How to contact moderator directly?

Hallo,

how can I contact a moderator directly? PM seems not working and I don't want to discuss it, with respect to the moderator, public.

Thanks for help.
by RDPUser
Wed Jan 16, 2019 9:42 pm
Forum: Advanced users
Topic: Raspberry PI cold boot attack protected / Zero out RAM after boot?
Replies: 71
Views: 6552

Re: Raspberry PI cold boot attack protected / Zero out RAM after boot?

If the SD card is glued in then you canonot insert a different SD card to actually take advantage of any RAM persistence. There are measures to remove the glue, so a second level of security is needed. If you are that concerned about security, just use something that has better security. What can y...
by RDPUser
Wed Jan 16, 2019 7:13 pm
Forum: Advanced users
Topic: Raspberry PI cold boot attack protected / Zero out RAM after boot?
Replies: 71
Views: 6552

Re: Raspberry PI cold boot attack protected / Zero out RAM after boot?

and its so easy to circumvent it's not going to increase security overmuch. Can you tell me how easy it is to circument when you have glued the SD-Card and a shake sensor. Shakesensor leads to key erase after noticing shake. This little peace of hardware will cost in total much below 5 $. I'll buil...
by RDPUser
Wed Jan 16, 2019 5:33 pm
Forum: Troubleshooting
Topic: OpenVPN can't write logfile to home folder
Replies: 26
Views: 2389

Re: OpenVPN can't write logfile to home folder

Can somebody help me?
by RDPUser
Wed Jan 16, 2019 5:07 pm
Forum: Advanced users
Topic: Raspberry PI cold boot attack protected / Zero out RAM after boot?
Replies: 71
Views: 6552

Re: Raspberry PI cold boot attack protected / Zero out RAM after boot?

To further pour water on the "bootrom zeroes SDRAM" argument: the bootrom is incapable of setting up the SDRAM. Different chip manufacturers have different bus timings and each of these need to be stored in a table somewhere. In addition, once you start the SDRAM running then you need routines to m...
by RDPUser
Wed Jan 16, 2019 9:39 am
Forum: Advanced users
Topic: Raspberry PI cold boot attack protected / Zero out RAM after boot?
Replies: 71
Views: 6552

Re: Raspberry PI cold boot attack protected / Zero out RAM after boot?

It would work, however you could accidentally destroy your PI. What sounds great, and could work but not reliably: You can integrate a shake detector, a script is running and when detecting shake, dismount command for VeraCrypt Volume is issued, thus preventing getting the key for the volume. Then i...
by RDPUser
Tue Jan 15, 2019 8:31 am
Forum: Advanced users
Topic: Raspberry PI cold boot attack protected / Zero out RAM after boot?
Replies: 71
Views: 6552

Re: Raspberry PI cold boot attack protected / Zero out RAM after boot?

It's a few lines of code BUILT IN TO THE SOC, i.e. hardwired in the silicon itself. So to put that in the current Pi would cost about $500k (the cost of a respin of the die). Of course youre right. Sorry that I dind't mention so that would be to be done for the Pi5 So you've already out it on your ...
by RDPUser
Mon Jan 14, 2019 8:27 pm
Forum: Advanced users
Topic: Raspberry PI cold boot attack protected / Zero out RAM after boot?
Replies: 71
Views: 6552

Re: Raspberry PI cold boot attack protected / Zero out RAM after boot?

Can you explain why this little code change for future devices would cost large sums of money? Because it is almost certain that the design of whatever will become the Pi4 is already at an advanced stage, so it would have to be taken back to an earlier stage and reworked. If the Pi4 is based on exi...
by RDPUser
Mon Jan 14, 2019 7:00 pm
Forum: Advanced users
Topic: Raspberry PI cold boot attack protected / Zero out RAM after boot?
Replies: 71
Views: 6552

Re: Raspberry PI cold boot attack protected / Zero out RAM after boot?

To sum up and please correct me if I'm wrong. 1. We must do the RAM zeroing in the Boot-ROM. 2. Boot ROM is not writeable after production process, so any RAM zeroing security measure would mean new Raspberry-PIs. You're probably currently developing the next Gen Raspberry PI, so it would be possibl...
by RDPUser
Mon Jan 14, 2019 11:54 am
Forum: Advanced users
Topic: Raspberry PI cold boot attack protected / Zero out RAM after boot?
Replies: 71
Views: 6552

Re: Raspberry PI cold boot attack protected / Zero out RAM after boot?

It's a few lines of code that would be on the SD card. Your attacker has just swapped the SD card, so they only need to use an SD card without that change and you have no gain. Yeah, you're right the code on the SD card would bring no gain. Thats why it must be in the bootrom. To change the bootrom...
by RDPUser
Mon Jan 14, 2019 10:29 am
Forum: Advanced users
Topic: Raspberry PI cold boot attack protected / Zero out RAM after boot?
Replies: 71
Views: 6552

Re: Raspberry PI cold boot attack protected / Zero out RAM after boot?

Can anyone actually explain why this is a valid security issue? In order to do any of the above, you need physical access to the device, in which case all bets are off anyway. Yeah, you need physical access and zeroing RAM at boottime would prevent this attack reading out the memory. I mean when we...
by RDPUser
Mon Jan 14, 2019 9:42 am
Forum: Troubleshooting
Topic: OpenVPN can't write logfile to home folder
Replies: 26
Views: 2389

Re: OpenVPN can't write logfile to home folder

Trying to figure it out more. There is no user openvpn on both systems. Folling "working" means that I can write log to /home/pi I've compared groups of nobody, pi and root. There are no differences. On both the official openvpn via sudo apt install openvpn is installed. Working: openvpn --version O...
by RDPUser
Sun Jan 13, 2019 9:25 am
Forum: Advanced users
Topic: Raspberry PI cold boot attack protected / Zero out RAM after boot?
Replies: 71
Views: 6552

Re: Raspberry PI cold boot attack protected / Zero out RAM after boot?

I assume that the Raspberry Pi Foundation intentionally chose an SOC and board design that omits security features in order to avoid any complications importing crypto tech to certain countries. They want the Pi available to everyone, everywhere. Initializing RAM with Zeros before boot won't confli...
by RDPUser
Sat Jan 12, 2019 10:36 pm
Forum: Advanced users
Topic: Raspberry PI cold boot attack protected / Zero out RAM after boot?
Replies: 71
Views: 6552

Re: Raspberry PI cold boot attack protected / Zero out RAM after boot?

When the power is gone RAM is going to get reset on power up. Thanks. That I wanted to know. Zero out and rest on power up is equal. On normal PCs and attacker can clear CMOS and so this option is not save there. Can you provide a documentation link to read about that reset on boot? Why would an at...
by RDPUser
Sat Jan 12, 2019 5:44 pm
Forum: Advanced users
Topic: Raspberry PI cold boot attack protected / Zero out RAM after boot?
Replies: 71
Views: 6552

Re: Raspberry PI cold boot attack protected / Zero out RAM after boot?

Thanks for your fast answer. Your cold boot attack can't work on a ARM processor in a RPi. Can you explain a bit more why it can't work on ARM in a RPi? Acording to https://en.wikipedia.org/wiki/Cold_boot_attack#Full_memory_encryption there must be uses special ARM processors to encrypt RAM and make...
by RDPUser
Sat Jan 12, 2019 1:04 pm
Forum: Advanced users
Topic: Raspberry PI cold boot attack protected / Zero out RAM after boot?
Replies: 71
Views: 6552

Raspberry PI cold boot attack protected / Zero out RAM after boot?

Hallo, you might heard of Cold boot attack https://en.wikipedia.org/wiki/Cold_boot_attack In short: You reset PC and immediately after you boot and image of your own and read out RAM. With raspberry PI you would pull out SD-Card, insert yours with dumping RAM content to SD, then shortly cut power an...
by RDPUser
Mon Jan 07, 2019 8:03 pm
Forum: Troubleshooting
Topic: OpenVPN can't write logfile to home folder
Replies: 26
Views: 2389

Re: OpenVPN can't write logfile to home folder

I'm confused because $ ps -aux | grep openvpn root 8475 0.0 0.4 8424 4244 ? Ss 16:55 0:06 /usr/sbin/openvpn --daemon ovpn-vpnverbindung --status /run/openvpn/vpnverbindung.status 10 --cd /etc/openvpn --config /etc/openvpn/vpnverbindung.conf --writepid /run/openvpn/vpnverbindung.pid pi 25204 0.0 0.0 ...
by RDPUser
Mon Jan 07, 2019 3:32 pm
Forum: Troubleshooting
Topic: OpenVPN can't write logfile to home folder
Replies: 26
Views: 2389

OpenVPN can't write logfile to home folder

I'm using OpenVPN as a service. When in the config file log /var/log/vpn.log everything works fine, but thats not where I want the log When using log /home/pi/vpn.log openvpn logs to syslog and tells Warning: Error redirecting stdout/stderr to --log file: /home/pi/vpn.log: Permission denied (errno=1...

Go to advanced search