[115568] in cryptography@c2.net mail archive
Re: cold boot attacks on disk encryption
daemon@ATHENA.MIT.EDU (Len Sassaman)
Thu Feb 21 16:14:05 2008
Date: Thu, 21 Feb 2008 12:14:03 -0800 (PST)
From: Len Sassaman <rabbi@abditum.com>
To: "Perry E. Metzger" <perry@piermont.com>
Cc: "Ali, Saqib" <docbook.xml@gmail.com>, cryptography@metzdowd.com
In-Reply-To: <874pc2m6l3.fsf@snark.cb.piermont.com>
On Thu, 21 Feb 2008, Perry E. Metzger wrote:
>
> "Ali, Saqib" <docbook.xml@gmail.com> writes:
> > This methods requires the computer to be "recently" turned-on and unlocked.
>
> No, it just requires that the computer was recently turned on. It need
> not have been "unlocked" -- it jut needed to have keying material in RAM.
Indeed. Given the recent discussions of border searches of laptops, I
wouldn't be surprised to see this technique used against locked laptops in
suspended mode.
The idea that data in RAM doesn't automatically disappear the instant the
computer is powered off isn't the really interesting thing in this paper,
though, at least for me. I'm more intrigued by the error-correction
techniques they use to apparently recover AES keys that have degraded by
up to 10% of their bits.
It would be nice if the authors released their tools so that other
researchers can build on this.
--Len.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
