1. Field
The present disclosure pertains to the field of information processing, and more specifically, to security in information processing systems.
2. Description of Related Art
Passwords, private or confidential information, and other secrets are used by and stored in many information processing systems. Therefore, many techniques have been developed to attempt to store secrets in a system memory of an information processing system such that they cannot be discovered or altered. However, many of these techniques may be vulnerable to cold-boot or hardware-based attacks. For example, an attacker having physical access to a system may isolate or remove system memory chips from the rest of the system to circumvent the protections provided by a memory controller, a chipset, software running on a processor, or any other system components, and then directly read out their contents to discover passwords, keys, protected content, and other secret information stored in them.
Even if the value of the secret is hashed before being stored in the system memory, the system may still be vulnerable to attack. For example, a hashed value of a system login password, instead of the system login password itself, may be stored in a system memory. Then, a login password input by a user may be hashed and compared to the hashed value stored in the system memory before allowing the user to access the system. In this situation, although an attacker cannot read the login password from the system memory, if he is able to read the hashed value, he may be able to use a dictionary attack or other approach on a different system to obtain a value that, when hashed, results in a match that allows him to gain access to the system.