bofors Posted February 22, 2008 Share Posted February 22, 2008 Abstract Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We use cold reboots to mount attacks on popular disk encryption systems — BitLocker, FileVault, dm-crypt, and TrueCrypt — using no special devices or materials. We experimentally characterize the extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay. Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them. http://citp.princeton.edu/memory/ Link to comment https://www.insanelymac.com/forum/topic/89328-cold-boot-attacks-on-encryption-keys/ Share on other sites More sharing options...
cmdshft Posted February 22, 2008 Share Posted February 22, 2008 Interesting, but to be perfectly honest, this may only apply to laptops in most scenarios. Unless you've a thrifty burglar in your neighborhood who can manage to sneak a big workstation out of your house and can find a safe location to power it back on before the data is fully destroyed... I don't think this is much to worry about, really. I personally never have to worry about stuff like this. Link to comment https://www.insanelymac.com/forum/topic/89328-cold-boot-attacks-on-encryption-keys/#findComment-637923 Share on other sites More sharing options...
Ayanami Posted February 22, 2008 Share Posted February 22, 2008 Go ahead. Steal my $100 laptop. Steal the data off it. You know what you're gonna get? A few gigs worth of 80's new wave music and some temporary internet files from a handful of adult websites. Enjoy! Seriously.... I'm with you Hara. Not worried. Big corporations on the other hand might be a bit unnerved. Link to comment https://www.insanelymac.com/forum/topic/89328-cold-boot-attacks-on-encryption-keys/#findComment-638353 Share on other sites More sharing options...
bwhsh8r Posted February 22, 2008 Share Posted February 22, 2008 government entities might also be slightly concerned Ayanami. and if you only have that stuff, then why bother to encrypt? p.s. glad to see you back bofors Link to comment https://www.insanelymac.com/forum/topic/89328-cold-boot-attacks-on-encryption-keys/#findComment-638401 Share on other sites More sharing options...
cmdshft Posted February 23, 2008 Share Posted February 23, 2008 The reason I think this is a minimal worry is because it's a process which has to be done in a few seconds/minutes. Plus, it relies on DRAM, which is laptop memory, so I really doubt someone is going to waste their time to yank your laptop and be able to retrieve all the data they need and return it to you quickly. Plus, you've got to be just plain stupid to let something like that out of your sight... Link to comment https://www.insanelymac.com/forum/topic/89328-cold-boot-attacks-on-encryption-keys/#findComment-638786 Share on other sites More sharing options...
rollcage Posted February 25, 2008 Share Posted February 25, 2008 I know they said with BitLocker and FileVault, the options to be able to also use a USB hardware key or a security card prevent those attacks from being used. http://www.nytimes.com/2008/02/22/technology/22chip.html About paragraphs 21-23. Link to comment https://www.insanelymac.com/forum/topic/89328-cold-boot-attacks-on-encryption-keys/#findComment-643197 Share on other sites More sharing options...
Recommended Posts