Author Topic: Is Whole Disk Encryption Just Wishful Thinking? (Read 22011 times)

40hz · « **on:** July 20, 2008, 04:32 PM »

A little while ago, there was quite a bit of discussion in the TrueCrypt 6.0 thread on the issue of encrypted drives. I've always been a big promoter of encrypted file systems. I never thought they were completely bulletproof (since nothing ever is) but I just read an article over at ghacks that has got me wondering if they're really worth the trouble at all:

Software to defeat Disk Encryption released
www.ghacks.net/2008/07/20/software-to-defeat-disk-encryption-released

Looks like some researchers over at Princeton U have a workable crack for several disk encryption techniques. They have published their study (available for download), along with the tools they used to pull it off.

Here's the abstract from the Princeton website: http://citp.princeton.edu/memory

Abstract

Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We use cold reboots to mount attacks on popular disk encryption systems — BitLocker, FileVault, dm-crypt, and TrueCrypt — using no special devices or materials. We experimentally characterize the extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay. Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them.

Very interesting. And very sobering! Can't wait to try this one out at home...

f0dder · « **Reply #1 on:** July 20, 2008, 05:19 PM »

It's nasty stuff.

Also, if (serious) law enforcement is coming after you, they have ways to move your computer without turning it off - basically attaching an UPS on the go, doing some wire cutting etc.

fenixproductions · « **Reply #2 on:** July 20, 2008, 07:00 PM »

I am little disappointed. I've saw this thread and expected something new to read about. Old history but good finding after all.

* fenixproductions read about it few months ago...

4wd · « **Reply #3 on:** July 20, 2008, 08:26 PM »

It's nasty stuff.

Also, if (serious) law enforcement is coming after you, they have ways to move your computer without turning it off - basically attaching an UPS on the go, doing some wire cutting etc.
-f0dder (July 20, 2008, 05:19 PM)

That's why one of my HDs is actually a disguised thermite charge.....the moment anyone tries to access using the magic word, ('dir'), it ignites and slags the whole computer

cranioscopical · « **Reply #4 on:** July 20, 2008, 10:47 PM »

It's nasty stuff.

Also, if (serious) law enforcement is coming after you, they have ways to move your computer without turning it off - basically attaching an UPS on the go, doing some wire cutting etc.
-f0dder (July 20, 2008, 05:19 PM)

That's why one of my HDs is actually a disguised thermite charge.....the moment anyone tries to access using the magic word, ('dir'), it ignites and slags the whole computer
-4wd (July 20, 2008, 08:26 PM)

You haven't been into my main machine have you? At the moment I have two duff hard drives and a malfunctioning power supply

MrCrispy · « **Reply #5 on:** July 22, 2008, 07:27 PM »

Just another reminder that no technology is foolproof, secure or reliable enough.

J-Mac · « **Reply #6 on:** July 27, 2008, 01:20 PM »

It's nasty stuff.

Also, if (serious) law enforcement is coming after you, they have ways to move your computer without turning it off - basically attaching an UPS on the go, doing some wire cutting etc.
-f0dder (July 20, 2008, 05:19 PM)

Ha! I would just let one of my granddaughters play with it for a minute or two before these LE specialists got their hands on it. Believe me... they will never be able to recover anything again from that drive!

Jim

40hz · « **Reply #7 on:** July 28, 2008, 10:19 AM »

It's nasty stuff.

Also, if (serious) law enforcement is coming after you, they have ways to move your computer without turning it off - basically attaching an UPS on the go, doing some wire cutting etc.
-f0dder (July 20, 2008, 05:19 PM)

Depending on where you live it might not even get that fancy.

----------------------------------------------------------
DEFINE PROCESS: its_a_whole_new_world

BEGIN

{IF} (DATE)=>(2000.09.11) {AND}
{IF} (living_in_USA)=(TRUE) {AND}
{IF} ((serious_law_enforcement_action) | (YOU))

{THEN} DriveEncryption | NULL {AND}
(YOU)=((SCREWED)*(BIGTIME))

END.
STOP.
----------------------------------------------------------

f0dder · « **Reply #8 on:** July 28, 2008, 10:31 AM »

These days, that could unfortunately be distilled to...

[Select]

{IF} (living_on_earth)=(TRUE)
(YOU)=((SCREWED)*(BIGTIME))

40hz · « **Reply #9 on:** July 28, 2008, 12:33 PM »

These days, that could unfortunately be distilled to...
[Select]
{IF} (living_on_earth)=(TRUE)
(YOU)=((SCREWED)*(BIGTIME))
-f0dder (July 28, 2008, 10:31 AM)

My hat is off. Optimization was never my strong suit after I stopped writing in assembler. (Please don't ask how long ago that was!)

Shades · « **Reply #10 on:** July 28, 2008, 09:45 PM »

I was thinking of the following:
{IF} (human)=(TRUE)
(YOU)=((SCREWED)*(BIGTIME)*(TAXES))

But the best optimization:
{IF} (living_on_earth)=(42

40hz · « **Reply #11 on:** July 28, 2008, 09:49 PM »

But the best optimization:
{IF} (living_on_earth)=(42
-Shades (July 28, 2008, 09:45 PM)

But only if 42=FNORD

f0dder · « **Reply #12 on:** July 28, 2008, 10:08 PM »

FJORD, baby, FJORD. Slartibartfast and all.

40hz · « **Reply #13 on:** July 29, 2008, 08:48 AM »

But the best optimization:
{IF} (living_on_earth)=(42
-Shades (July 28, 2008, 09:45 PM)

But only if 42=FNORD
-40hz (July 28, 2008, 09:49 PM)

Sorry. Forgot to include the reference:

http://en.wikipedia.org/wiki/Fnord

KALLISTI! All Hail Eris!

40hz · « **Reply #14 on:** August 02, 2008, 12:00 AM »

Game over (for now).

Travelers' Laptops May Be Detained At Border
No Suspicion Required Under DHS Policies

By Ellen Nakashima
Washington Post Staff Writer
Friday, August 1, 2008; Page A01

Federal agents may take a traveler's laptop or other electronic device to an off-site location for an unspecified period of time without any suspicion of wrongdoing, as part of border search policies the Department of Homeland Security recently disclosed.

Also, officials may share copies of the laptop's contents with other agencies and private entities for language translation, data decryption or other reasons, according to the policies, dated July 16 and issued by two DHS agencies, U.S. Customs and Border Protection and U.S. Immigration and Customs Enforcement.

Full article at: http://www.washingto...8/08/01/laptops.html

f0dder · « **Reply #15 on:** August 02, 2008, 02:27 AM »

Deozaan · « **Reply #16 on:** August 02, 2008, 07:41 AM »

Game over (for now).

Travelers' Laptops May Be Detained At Border
No Suspicion Required Under DHS Policies
-40hz (August 02, 2008, 12:00 AM)

Not just laptops! But even the trash from your pocket!

The policies cover "any device capable of storing information in digital or analog form," including hard drives, flash drives, cell phones, iPods, pagers, beepers, and video and audio tapes. They also cover "all papers and other written documentation," including books, pamphlets and "written materials commonly referred to as 'pocket trash' or 'pocket litter.' "
-http://www.washingtonpost.com/wp-srv/content/article/2008/08/01/laptops.html

So basically anything.

urlwolf · « **Reply #17 on:** August 02, 2008, 01:52 PM »

Game over (for now).

Travelers' Laptops May Be Detained At Border
No Suspicion Required Under DHS Policies

By Ellen Nakashima
Washington Post Staff Writer
Friday, August 1, 2008; Page A01

Federal agents may take a traveler's laptop or other electronic device to an off-site location for an unspecified period of time without any suspicion of wrongdoing, as part of border search policies the Department of Homeland Security recently disclosed.

Also, officials may share copies of the laptop's contents with other agencies and private entities for language translation, data decryption or other reasons, according to the policies, dated July 16 and issued by two DHS agencies, U.S. Customs and Border Protection and U.S. Immigration and Customs Enforcement.

Full article at: http://www.washingto...8/08/01/laptops.html
-40hz (August 02, 2008, 12:00 AM)

So, if you are a company and have some secret sauce (algorithms, data) on your laptop, you may be screwed.

Either leave any sensitive data on a server before traveling into the US (hard!), or don't travel at all.

This is getting ridiculous. Stallman and his 'right to read' essay, but a lot worse.

CWuestefeld · « **Reply #18 on:** August 02, 2008, 05:18 PM »

Further comment on the topic by security expert Bruce Schneier http://www.schneier....us_government_p.html:

U.S. Government Policy for Seizing Laptops at Borders

Amazing. The U.S. government has published its policy: they can take your laptop anywhere they want, for as long as they want, and share the information with anyone they want:

Federal agents may take a traveler's laptop or other electronic device to an off-site location for an unspecified period of time without any suspicion of wrongdoing, as part of border search policies the Department of Homeland Security recently disclosed. Also, officials may share copies of the laptop's contents with other agencies and private entities for language translation, data decryption, or other reasons, according to the policies, dated July 16 and issued by two DHS agencies, US Customs and Border Protection and US Immigration and Customs Enforcement.

[...]

DHS officials said that the newly disclosed policies — which apply to anyone entering the country, including US citizens — are reasonable and necessary to prevent terrorism.

[...]

The policies cover 'any device capable of storing information in digital or analog form,' including hard drives, flash drives, cell phones, iPods, pagers, beepers, and video and audio tapes. They also cover 'all papers and other written documentation,' including books, pamphlets and 'written materials commonly referred to as "pocket trash..."

Spoiler: political content

Spoiler

In related news, Sen. Sam Brownback voted for the legislation allowing this, but condemns the Chinese for doing exactly the same thing http://www.cato-at-l...s-and-sen-brownback/:

Sam Brownback is outraged that the Chinese government would spy on foreigners on its soil without a warrant. When it was pointed out to him that the United States government is now authorized to conduct warrantless spying in the United States, he had this to say: [read the article]

Edit: end quote tag was in the wrong place.

Armando · « **Reply #19 on:** August 02, 2008, 08:54 PM »

Thanks CWuestefeld. Good link.

Another link on the page is giving some good advices -- in my opinion.

http://www.schneier.com/essay-217.html

I wonder what's the true proportion of people experiencing laptop "confiscation".

J-Mac · « **Reply #20 on:** August 02, 2008, 11:59 PM »

I wonder what's the true proportion of people experiencing laptop "confiscation".
-Armando (August 02, 2008, 08:54 PM)

IMO, if it is only one person, it is far too many.

Jim

Armando · « **Reply #21 on:** August 03, 2008, 01:23 AM »

I agree. A, ahem...weird, disgusting policy... Its main goal is probably only to cause fear and legitimate other more severe infringement to privacy, and human rights in general. Usually, the people suffering the most from these practices aren't the true criminal. I mean... what criminal is going to carry a laptop (or a cellphone, a PDA, pocket trash ...) with critical data, knowing that it could be confiscated?