cold boot attacks on disk encryption

[Jacob Appelbaum]

Ali, Saqib wrote:
> After thinking about this a bit, i have changed my views on this
> attack. i think it is quite easy to perform this attack. i myself have
> been in similar situations, where my personal computer could have been
> easily compromised by this attack

Usually when doing a demo of this attack, people change their minds
quickly. I'm pleased to hear that in actual use cases you acknowledge an
actual problem.

> 
> However, the hardware based encryption solutions like (Seagate FDE)
> would easily deter this type of attacks, because in a Seagate FDE
> drive the decryption key never gets to the DRAM. The keys always
> remain in the Trusted ASIC on the drive.
> 

While riding the BART this morning, I ran into Nate Lawson (from
Cryptography Research). He mentioned that he felt people would reply
with such endorsements. I'd like to take the time to disagree with
endorsing hardware products as a solution. Hardware solutions are going
to be hard to attack in some circumstances. But they may in fact be
worse without fully viewable (or Free) source software (for the
firmware, the FPGA or the layout of the ASIC, etc.

A great example of some so called "unbreakable" hardware disk crypto is
this snakeoil:
http://it.slashdot.org/article.pl?sid=08/02/19/0213237
http://www.heise-online.co.uk/security/Enclosed-but-not-encrypted--/features/110136

"A new generation of inexpensive disk drive enclosures using hardware
encryption and RFID keys do not fulfil the promises of their publicity.
The adverts claim 128-bit AES hardware encryption, but they don't tell
us how it is used."

Without transparency, I'd rather stick with software. It has issues, we
now know about another one.

Regards,
Jacob Appelbaum

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com