22 February 2008 @ 10:49Cold Boot Attacks on Encryption Keys

A group of Princeton computer scientists has published a paper(pdf) demonstrating a method for accessing a computer’s memory to gain access to encryption keys. Contrary to popular belief, RAM contents are not immediately erased once a computer is shut down. It can take 2.5 to 35 seconds for the data to fade away. This time can be extended by exposing the RAM chip to extremely cold temperatures.

Microsoft’s BitLocker, Apple’s FileVault, TrueCrypt and dm-crypt all seem to be vulnerable to this method of attack.

There seems to be no easy fix for these problems. Fundamentally, disk encryption programs now have nowhere safe to store their keys. Today’s Trusted Computing hardware does not seem to help; for example, we can defeat BitLocker despite its use of a Trusted Platform Module.(#)

via ars

Share this:
  • E-mail this story to a friend!
  • Print this article!
  • Wists
  • del.icio.us
  • Reddit
  • Digg
  • StumbleUpon
  • Slashdot
  • Technorati
  • SphereIt
  • Sphinn
  • Google
  • Facebook
  • NewsVine
  • Furl
  • YahooMyWeb
  • TwitThis
  • Shop Apple
  • Shop Dell

 

Related posts

  • No related posts.

by Jon | Posted in exploits, security

Link to this post

HTML
BBCode

Add a Comment

Show who you are with a Gravatar.

 

Sign up for PayPal and start accepting credit card payments instantly.

Get fed!

rss icon subscribe to Geek stuff

rss icon Geek stuff in your inbox

Add the "Geek stuff" Google Gadget to your homepage

Add the "Daily Deals" Google Gadget to your homepage

Pages

Featured Tee

UneeTee.com

One Day, One Artist, One cool T-shirt

$3000 Kick Off by Uneetee
Guys - $13
Girls - $13

Apparel

Search Amazon

Search Amazon.com
Search Amazon.co.uk

Advert

Web hosting by ICDSoft