Matt Posted February 24, 2008 Report Share Posted February 24, 2008 A team of security researchers on Thursday reported serious vulnerabilities in disk encryption products including Microsoft's BitLocker, Apple's FileVault, and the open-source TrueCrypt. Because memory contents are not deleted when the computer is rebooted, someone can gain access to the contents of the encrypted volume by restarting it and extracting the encryption keys.http://www.news.com/2300-1029_3-6230933-1.html Quote Link to post Share on other sites
isteve Posted February 25, 2008 Report Share Posted February 25, 2008 So couldn't this be defeated by just shutting off your computer or just login out of all accounts. Quote Link to post Share on other sites
Matt Posted February 25, 2008 Author Report Share Posted February 25, 2008 Someone correct me if I'm wrong, but I think that it states that since this is all being done early on in the bootup, the memory would still be intact.That's how I read it at least Quote Link to post Share on other sites
jcl Posted February 25, 2008 Report Share Posted February 25, 2008 (edited) So couldn't this be defeated by just shutting off your computer or just login out of all accounts.No. The Princeton team discovered that the contents of DRAM can be recovered after it's powered off. At room temperate the data persists for up to a minute or so. Cooling the chips with an air duster extends that to around ten minutes. Liquid nitrogen extends it to at least an hour.So, you can grab the machine, reboot into a friendly system, and recover the decryption keys. Or you can grab the machine, yank the RAM, cool it, install it in another machine, and recover the keys.There's no obvious way to protect against this attack on standard hardware. Edited February 25, 2008 by jcl Quote Link to post Share on other sites
irregularjoe Posted February 25, 2008 Report Share Posted February 25, 2008 So couldn't this be defeated by just shutting off your computer or just login out of all accounts.No. The Princeton team discovered that the contents of DRAM can be recovered after it's powered off. At room temperate the data persists for up to a minute or so. Cooling the chips with an air duster extends that to around ten minutes. Liquid nitrogen extends it to at least an hour.So, you can grab the machine, reboot into a friendly system, and recover the decryption keys. Or you can grab the machine, yank the RAM, cool it, install it in another machine, and recover the keys.There's no obvious way to protect against this attack on standard hardware.Hmmmm......Guess I need to put my laptop in the oven at 350 degrees for 20 minutes? Quote Link to post Share on other sites
JDoors Posted February 25, 2008 Report Share Posted February 25, 2008 ... There's no obvious way to protect against this attack on standard hardware. You mean like not letting anyone steal your computer for a few minutes after you turn it off?JK! Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.