22 February 2008 @ 10:49Cold Boot Attacks on Encryption Keys
A group of Princeton computer scientists has published a paper(pdf) demonstrating a method for accessing a computer’s memory to gain access to encryption keys. Contrary to popular belief, RAM contents are not immediately erased once a computer is shut down. It can take 2.5 to 35 seconds for the data to fade away. This time can be extended by exposing the RAM chip to extremely cold temperatures.
Microsoft’s BitLocker, Apple’s FileVault, TrueCrypt and dm-crypt all seem to be vulnerable to this method of attack.
There seems to be no easy fix for these problems. Fundamentally, disk encryption programs now have nowhere safe to store their keys. Today’s Trusted Computing hardware does not seem to help; for example, we can defeat BitLocker despite its use of a Trusted Platform Module.(#)