Three Ways to Mitigate the Risk of a "Cold-Boot" Attack

« How Do You Explain Crypto Well Enough for People to Use It? | Main | Comcast: The Best Grassroots Support Money Can Buy »

February 25, 2008

Three Ways to Mitigate the Risk of a "Cold-Boot" Attack

Rich Mogull offers three sensible responses to the dangers posed by a cold-boot attack:

The most effective method is to power off your system completely (not sleep or hibernate mode) when it’s at risk of physical loss. This is inconvenient, but I’m going to start powering off when I’m in higher risk areas (like airport security) and can’t maintain physical control of the system.

Which brings recommendation number 2- don’t let someone steal your computer. I personally maintain physical control over my system nearly all the time when it’s out of my home (and I have a pretty good security system there). At hotels is the greatest risk, and I do tend to power off when I’m out of the room. You sales guys should start getting into the habit of not using sleep mode when you leave your computer locked in a rental car. At least until the encryption and laptop vendors come up with alternative protections.

For those of you with very sensitive information, combine file and folder encryption for sensitive files with your whole disk encryption. A few vendors offer this (feel free to brag in the comments guys). Just close those sensitive files or images before entering sleep mode, and make sure they are password protected and not linked to your normal login credentials.

(Link)