cold boot attacks on disk encryption
Len Sassaman
rabbi at abditum.com
Thu Feb 21 15:14:03 EST 2008
On Thu, 21 Feb 2008, Perry E. Metzger wrote:
>
> "Ali, Saqib" <docbook.xml at gmail.com> writes:
> > This methods requires the computer to be "recently" turned-on and unlocked.
>
> No, it just requires that the computer was recently turned on. It need
> not have been "unlocked" -- it jut needed to have keying material in RAM.
Indeed. Given the recent discussions of border searches of laptops, I
wouldn't be surprised to see this technique used against locked laptops in
suspended mode.
The idea that data in RAM doesn't automatically disappear the instant the
computer is powered off isn't the really interesting thing in this paper,
though, at least for me. I'm more intrigued by the error-correction
techniques they use to apparently recover AES keys that have degraded by
up to 10% of their bits.
It would be nice if the authors released their tools so that other
researchers can build on this.
--Len.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list