« Twitter meEfficienCity. How biogas works »

Disk encryption hack discovered

Bob Morris @ Feb 22nd 2008 05:14 - Category: Unfiled

And it’s a huge one. Princeton researchers show how they can easily grab the encryption key from most any Windows, Mac, or Linux box with disk encryption.

They do it be reading the RAM, then grabbing the key. It only takes a few minutes. This can work even if the computer has been been turned off. Yikes.

1 Comment »

One Response to “Disk encryption hack discovered”

  1. woody on 22 Feb 2008 at 10:53 am #

    Uhmm.. ok. Yeah. This is nothing new. The only “inovative” thing is using a freeze can and boot loader to quickly access the ram in a device after a reboot to get the data. The same this is possible if your device has a reset button or a hard-kill power switch.

    If you’re leaving encrypted volumes mounted while in susspend or hibernate mode it’s vulnerable to a number of attacks. If you’re using encrypted material, you should do so on a mounting as-needed basis, and be sure to unmount and wipe the key from memory before walking away from it.

    TrueCrypt (FYI) has a feature that does just that, so I think the ad is a little misleading in showing it as a “crackable” item. Once you unmount a volume, it stores values over the memory allocated for the key by the driver before releasing it back to the system. So as long as you unmount the drives, you’re good.

Comments RSS

Leave a Reply



Comments subject to deletion at whim of capricious webmaster. Disagreements are ok. Flames, trolls, and right-wing attacks are not. If your comment doesn't appear immediately, then moderation is on, thus there's no need to re-send it.

(However sometimes the anti-spam programs here go awry. Email us if your comments seem to vanish into the void.)