Security Flaw in Popular Disk Encryption Technologies

[Igor Mozolevsky]

On 24/02/2008, Bill Moran <wmoran at collaborativefusion.com> wrote:
> "Igor Mozolevsky" <igor at hybrid-lab.co.uk> wrote:
>  >
>  > On 23/02/2008, Brooks Davis <brooks at freebsd.org> wrote:
>  >
>  > >
>  > > You should actually read the paper. :) They successfully defeat both
>  > >  of these type of protections by using canned air to chill the ram and
>  > >  transplanting it into another machine.
>  >
>  > Easy to get around this attack - store the key on a usb
>  > stick/cd/whatever and every time the OS needs to access the encrypted
>  > date the key should be read, data decrypted, then key wiped from the
>  > memory; or have the daemon erase the key from memory every T minutes
>  > and re-acquire the key at next access attempt...
>
>
> This is only effective if the sensitive data is infrequently accessed.
>  If the unit is asleep, then software isn't running and it's not possible
>  to kick of a timer to clear the memory, so it doesn't even start to
>  solve that problem.

IMO the possibility of such attack is so remote that it doesn't really
warrant any special attention, it's just something that should be kept
in mind when writing "secure" crypto stuff...