Disk encryption hack discovered

And it’s a huge one. Princeton researchers show how they can easily grab the encryption key from most any Windows, Mac, or Linux box with disk encryption.

They do it be reading the RAM, then grabbing the key. It only takes a few minutes. This can work even if the computer has been been turned off. Yikes.

One comment

  1. Uhmm.. ok. Yeah. This is nothing new. The only “inovative” thing is using a freeze can and boot loader to quickly access the ram in a device after a reboot to get the data. The same this is possible if your device has a reset button or a hard-kill power switch.

    If you’re leaving encrypted volumes mounted while in susspend or hibernate mode it’s vulnerable to a number of attacks. If you’re using encrypted material, you should do so on a mounting as-needed basis, and be sure to unmount and wipe the key from memory before walking away from it.

    TrueCrypt (FYI) has a feature that does just that, so I think the ad is a little misleading in showing it as a “crackable” item. Once you unmount a volume, it stores values over the memory allocated for the key by the driver before releasing it back to the system. So as long as you unmount the drives, you’re good.

Comments are closed.