[117332] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: wrt Cold Boot Attacks on Disk Encryption

daemon@ATHENA.MIT.EDU (Ken Buchanan)
Sat Mar 15 16:52:07 2008

Date: Mon, 25 Feb 2008 11:38:20 -0500
From: "Ken Buchanan" <ken.buchanan@gmail.com>
To: "=JeffH" <Jeff.Hodges@kingsmountain.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <20080221230138.9DD2EA0957@green.metzdowd.com>

A lot of people seem to agree with what Declan McCullagh writes here:

> It's going to make us rethink how we handle laptops in sleep mode and servers that use
> encrypted filesystems (a mail server, for instance).

What I'd like to know is why people weren't already rethinking this
when people like Maximillian Dornseif
(http://md.hudora.de/presentations/firewire/2005-firewire-cansecwest.pdf)
and later Adam Boileau
(http://www.security-assessment.com/files/presentations/ab_firewire_rux2k6-final.pdf)
showed you can read arbitrary RAM from a machine just by plugging into
a FireWire port, due to lack of security considerations in the IEEE
1394 standard?

Adam Boileau demonstrated finding passwords, but of course we already
know that it's easy to locate cryptographic keys in large volumes of
data (Shamir, van Someren: http://citeseer.ist.psu.edu/265947.html).

Reading cold DRAM may have some applications on its own -- if only
because of the large number of devices that it effects -- but as far
as walking up to a locked machine/hibernated laptop/whatever and
stealing its RAM contents, the game may have been up some time ago.


- Ken -

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post