Skip to comments.
Disk encryption easily cracked, researchers find
Network World ^
| 21 February 2008
| Network World Staff
Posted on 02/22/2008 8:20:54 AM PST by ShadowAce
click here to read article
Navigation: use the links below to view more comments.
first 1-20, 21-27 next last
1
posted on
02/22/2008 8:20:56 AM PST
by
ShadowAce
To: rdb3; Calvinist_Dark_Lord; GodGunsandGuts; CyberCowboy777; Salo; Bobsat; JosephW; ...
2
posted on
02/22/2008 8:21:16 AM PST
by
ShadowAce
(Linux -- The Ultimate Windows Service Pack)
To: ShadowAce
Shouldn’t be too hard to have the BIOS write pseudo-random data to the DRAM as a last step in shut-down, no?
3
posted on
02/22/2008 8:24:32 AM PST
by
sionnsar
(trad-anglican.faithweb.com |Iran Azadi| 5yst3m 0wn3d - it's N0t Y0ur5 (SONY) | UN: Useless Nations)
To: sionnsar
Or even zeros, since they’re reading the inferred data value not the DRAM cell charge itself.
4
posted on
02/22/2008 8:25:26 AM PST
by
sionnsar
(trad-anglican.faithweb.com |Iran Azadi| 5yst3m 0wn3d - it's N0t Y0ur5 (SONY) | UN: Useless Nations)
To: ShadowAce
According to the article, the chips have to be cooled within seconds of the system shutting down to be able to recover the key from DRAM. That essentially means someone would have to steal a laptop that is still running to get the key. I’m not sure how big of a vulnerability this is in the real world.
To: sionnsar
Does this only apply to hardwired desktops? What happens if I kill my wireless on my laptop before suspending?
6
posted on
02/22/2008 8:38:48 AM PST
by
militem
(When the GOP loses conservatism, the GOP loses.)
To: CA Conservative
Yeah, the moral of the story is if you see someone you don’t know with a dewar of LN2 and a screwdriver hanging around your computer, you should become suspicious...
To: CA Conservative
It's a sufficient vulnerability. Many years ago I remember using DRAM retention for some useful purpose (forgotten) that involved placing data in DRAM, cold-booting the machine, and reading the data in.
You'd likely get the same effect today by rebooting with a bootable CD or USB drive.
8
posted on
02/22/2008 8:48:39 AM PST
by
sionnsar
(trad-anglican.faithweb.com |Iran Azadi| 5yst3m 0wn3d - it's N0t Y0ur5 (SONY) | UN: Useless Nations)
To: militem
9
posted on
02/22/2008 8:49:12 AM PST
by
sionnsar
(trad-anglican.faithweb.com |Iran Azadi| 5yst3m 0wn3d - it's N0t Y0ur5 (SONY) | UN: Useless Nations)
To: CA Conservative
No, cooling the chips extends the time in which you are likely to get the actual data. Room temperature can sufficient, if the boot time is short.
10
posted on
02/22/2008 8:50:29 AM PST
by
sionnsar
(trad-anglican.faithweb.com |Iran Azadi| 5yst3m 0wn3d - it's N0t Y0ur5 (SONY) | UN: Useless Nations)
To: ShadowAce
Felten adds that even using Trusted Computing hardware doesn't help.Now there's an understatement. ;-)
11
posted on
02/22/2008 8:53:54 AM PST
by
Still Thinking
(Quis custodiet ipsos custodes?)
To: shorty_harris
I think the rest of the moral is that the people who spent time figuring out that if you yank out a chip, within .73 seconds dip it in liquid nitrogen, 43 seconds later install it in a new machine, run some specialized software, you MIGHT be able to unencrypt something.
These folks need jobs.
Real jobs.
12
posted on
02/22/2008 8:54:51 AM PST
by
djf
(I think McCain deserves a chance. After all, he is on R side!)
To: ShadowAce
See also related FR posts at
13
posted on
02/22/2008 9:08:00 AM PST
by
ThePythonicCow
(The Greens and Reds steal in fear of freedom and capitalism; Fear arising from a lack of Faith.)
To: sionnsar
No, cooling the chips extends the time in which you are likely to get the actual data. Room temperature can sufficient, if the boot time is short. That's my point - unless they grab a running machine or grab the machine within a few seconds of being shut down, this isn't that much of a vulnerability. For 99% of users, using the disk encryption will be sufficient. For government agencies or companies that have a lot of financial data on their laptops, which might be targeted by professional thieves or foreign governments, they may need to be concerned.
To: 1234; 50mm; 6SJ7; Abundy; Action-America; af_vet_rr; Aggie Mama; afnamvet; Alexander Rubin; ...
File Vault on OSX is not 100% secure... 99.9999% but not 100%. Same for BitLocker on Wndows... PING!
Really out-of-the-realm-of-possibility security vulnerability discovered in encrypted disks on both Apple OS X and Windows Vista...
If you want on or off the Mac Ping List, Freepmail me.
15
posted on
02/22/2008 5:35:59 PM PST
by
Swordmaker
(We can fix this, but you're gonna need a butter knife, a roll of duct tape, and a car battery.)
Comment #16 Removed by Moderator
To: Swordmaker
We’re starting to develop a real “Boy who cried wolf” phenomena with the security people. I guess it’s like everything else. You’d better have someone translate. I consider myself fairly computer literate, but I had no clue whether it was a risk or not, until I realized you had to get the actual physical computer. I kind of figure if somebody gets the computer, they can probably figure out a way to get information out of it.
17
posted on
02/22/2008 5:52:16 PM PST
by
Richard Kimball
(Sure, they'd love to kill me, as long as they can do it without admitting I exist)
To: ShadowAce
Watch out for cryogenic data pirates!
18
posted on
02/22/2008 5:56:26 PM PST
by
6SJ7
To: ShadowAce
Moral of the story: there are no perfect locks, only perfect fools that trust in them.
19
posted on
02/22/2008 6:25:19 PM PST
by
Sunnyflorida
(Drill in the Gulf of Mexico/Anwar & we can join OPEC!!! || Write in Thomas Sowell for President.)
To: ShadowAce
This requires physical access to the computer and fairly extra-ordinary methods (chilling the RAM to -54 degrees, removing it, putting in another computer, and read). While I won’t say that folks wouldn’t go through that for data, I believe it would likely be an extraordinary case - like national security or BIG bucks. And I believe that such extreme cases would probalby also involve more serious security protection than what comes “stock” on those computers.
20
posted on
02/22/2008 6:30:34 PM PST
by
TheBattman
(LORD God, please give us a Christian Patriot with a backbone for President in 08, Amen.)
Navigation: use the links below to view more comments.
first 1-20, 21-27 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson