« Reputation Management: It's All About the Database | Main | How Do You Explain Crypto Well Enough for People to Use It? »

February 21, 2008

Encrypted Hard Drives Can Fall to RAM-Based Attack

Researchers say they can compromise encrypted hard drives by pulling encryption keys out of the RAM of laptops that have been only recently powered down:

"The attack exploits the fact that RAM chips in laptops aren't cleared of data when the laptop is turned off. Instead the the data degrades in seconds or minutes - an interval that lets an attacker cut the power to a sleeping laptop and then attach a USB key with an alternate operating system. When the computer is quickly rebooted, the rogue OS grabs all the data lingering in memory and can find encryption keys (and lots of other data) in the resulting file.

"Encryption products scramble data on a protected drive, but they need to store the keys in memory when the computers running in order to encrypt and decrypt data. Without the keys, it could take an attacker decades of intensive computing to break into a well-encrypted disk, while with the keys, it would be a matter of minutes.

"But the attack does not work on a computer that has been shut down for more than a few minutes or when a computer is hibernated or suspended. (In the latter case, all the data in memory is saved to disk, cleared and the machine is shut down)."

(Link)

E-mail   0 Comments    Digg This    add to del.icio.us

Posted by mhall at 5:12 PM | Add Comment

Leave a comment

Name

Email Address

URL

Remember personal info?

Comments (You may use HTML tags for style)

Captcha:

Type the characters you see in the picture above.