Main Area and Open Discussion > Living Room

Disk encryption makes you safe? - think again!

(1/1)

f0dder:
I've always wondered how long RAM keeps it contents after you shut down your machine, ever since a bug in my code (back in the DOS days) had me write a pointer to a memory location, rather than the memory contents. I was amazed how I had "compressed" a textmode screen of 80*25*2 bytes of data into just 4 bytes, and that I could restore the data after a reboot...

So, how does this apply to disk encryption? Check this out.

Today eight colleagues and I are releasing a significant new research result. We show that disk encryption, the standard approach to protecting sensitive data on laptops, can be defeated by relatively simple methods. We demonstrate our methods by using them to defeat three popular disk encryption products: BitLocker, which comes with Windows Vista; FileVault, which comes with MacOS X; and dm-crypt, which is used with Linux.
--- End quote ---

I got this link from slashdot, and one of the comments led to another pretty scary thing: the hotplug. Your desktop machine can be easily be moved from your home in power-on state, if they really need it that way - for instance, to extract crypto keys from your ram.

Carol Haynes:
There is a registry setting that wipes RAM when you power off as part of the power off sequence. Whether anything can then read between the lines (like wiped hard discs) is another matter though.

f0dder:
There is a registry setting that wipes RAM when you power off as part of the power off sequence. Whether anything can then read between the lines (like wiped hard discs) is another matter though.
-Carol Haynes (February 21, 2008, 07:41 PM)
--- End quote ---
Oh? I only know about the one that clears out your paging file. Would be a nice enough thing to enable, but...

#1 - won't save you if you use sleep/standby (laptops as well as desktops)
#2 - if the feds come knocking down your door, you might very well not have time to pull your power plugs, let alone shutting down properly :)

Carol Haynes:
Actually come to think of it pagefil is probably what I am thinking of (mea culpa).

if the feds come knocking down your door, you might very well not have time to pull your power plugs, let alone shutting down properly
--- End quote ---

If the feds come knocking at my door (in the UK) I will be more than a little surprised - though in this day and age I suppose nothing is impossible!  :o

f0dder:
Actually come to think of it pagefil is probably what I am thinking of (mea culpa).

if the feds come knocking down your door, you might very well not have time to pull your power plugs, let alone shutting down properly
--- End quote ---

If the feds come knocking at my door (in the UK) I will be more than a little surprised - though in this day and age I suppose nothing is impossible!  :o
-Carol Haynes (February 22, 2008, 04:00 AM)
--- End quote ---
Hehe, same here, I used "feds" as a catch-all.

But considering how much pressure the US of A can lay on other countries... DVD-Jon had Norwegian police all over his place because of pressure from the media interest groups in USA, even though he had done nothing illegal according to Norwegian law.

Navigation

[0] Message Index