cold boot attacks on disk encryption
Perry E. Metzger
perry at piermont.com
Thu Feb 21 14:51:04 EST 2008
"Ali, Saqib" <docbook.xml at gmail.com> writes:
> This methods requires the computer to be "recently" turned-on and unlocked.
No, it just requires that the computer was recently turned on. It need
not have been "unlocked" -- it jut needed to have keying material in RAM.
> So the only way it would work is that the victim unlocks the disks
> i.e. enter their preboot password and turn off the computer and
> "immediately" handover (conveniently) the computer to the attacker so
> that the attacker remove the DRAM chip and store in nitrogen.
LN2 is pretty trivial to get your hands on, and will remain happy and
liquid in an ordinary thermos for quite some hours or longer. However,
the authors point out that canned air works fine, too.
> And the attacker has to do all this in less then 2 seconds.... :)
No, they may even have minutes depending on the RAM you have.
> Or am I missing something?
People readily assume that rebooting or turning off a computer wipes
RAM. It doesn't. This is just more evidence that it is bad
to assume that the contents of RAM are gone even if you turn off the
machine.
Perry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list