What is Digg?135 Comments
- LANjackal, on 02/23/2008, -5/+96I torch my PC after every session. Replace with brand new unit each time. Can't beat that ;)
- recipher, on 02/23/2008, -0/+82More information from TrueCrypt's site:
"Inherently, unencrypted master keys have to be stored in RAM as well. When a TrueCrypt volume is dismounted, TrueCrypt erases its master keys (stored in RAM). When the computer is cleanly restarted, all TrueCrypt volumes are automatically dismounted (thus, all master keys stored in RAM are erased by the TrueCrypt driver). However, when the computer is reset (not cleanly restarted), when the system crashes, or when power supply is abruptly interrupted, the TrueCrypt driver stops running and therefore cannot erase any keys."
http://www.truecrypt.org/docs/unencrypted-data-in- ... - trammell, on 02/23/2008, -0/+62The video describing the exploit is targeted to a broad audience and is well done:
http://www.youtube.com/watch?v=JDaicPIgn9U - jojoyohan, on 02/23/2008, -0/+33If you are trusting enough to leave your laptop unattended in a public place you are almost asking to get your laptop stolen. They were also pointing to the multiple cases in which corporations have had their laptops with customer info stolen. Most likely those laptops were not left unattended in a library.
- hello2usir, on 02/23/2008, -0/+28Wrong about what? Just because you can flash freeze a ram stick and grab a password doesn't mean disk encryption is completely worthless.
Encryption has never been, nor ever claimed to be, totally foolproof. But it's still a very viable and useful line of defense against data theft. - sebflipper, on 02/23/2008, -0/+20Can usually be reset by removing the battery or pressing the reset button on the motherboard.
- PathDaemon, on 02/23/2008, -1/+19This concept is awesome. Combining the weaknesses of hardware (RAM) with beautifully simple hardware manipulation (spraying with difluoroethane) and open source software tools is the ultimate hack.
A hearty round of applause to these guys. - solidus636, on 02/23/2008, -2/+15Kinda like you...
- CypherXero, on 02/23/2008, -0/+13A BIOS password can be defeated by taking the hard drive out and putting it in another machine.
- zeptobyte, on 02/23/2008, -0/+11Probably means it will only load the keys when it needs them and then erases them right away? But even in that case, if you're reading or writing a large file, it's entirely possible that the system could crash or be reset before it's finished and TrueCrypt can erase them.
- typicalusername, on 02/23/2008, -1/+12Was it just me, or was the punctuation insanely bad there. I didn't understand one damn word of that post.
- ers35, on 02/23/2008, -4/+15"If you are diligent and pretty much turn your computer off when unattended"
Who turns off their computer if they are in a library and, let's say, go to the bathroom. The video even explains that. - byrdgang, on 02/23/2008, -0/+10First of all, this vulnerability is not limited to laptops/notebooks. Desktops can be stolen too.
Second, the thief must have physical access to your notebook within minutes of shutting it down. If you shut down your computer (laptop or desktop), stick around for an hour, you should be fine. By that time, RAM should have been fully erased. If there is a better way of erasing RAM, do it. I know most of us don't have time to "stick around." The good news is that most thiefs try to run away quickly, drive away, and by the time they get home, the RAM should already be cleared.
Third, many of these encryption software applications specifically tell you that they aren't perfect. If you go on Truecrypt's website, you're told this. There are ways around everything, and you have to accept this before you use encryption software.
Locks and other physical measures must be taken depending on how valuable your data is. If you're only protecting your porn stash, don't worry about it too much.
Fourth, there are ways around this, but put a password on the BIOS so that the thief can't change the options of what starts up first. In this case, make sure that external hard drives are not first in the bootup process.
Fifth, do your homework and see what is best for you. Evaluate the importance of your data. Find out the faults of the encryption software you use. Shortcomings are far more important than features in the encryption world. - jojoyohan, on 02/23/2008, -7/+17This is impracticable. If you are diligent and pretty much turn your computer off when unattended, there is 0 chance that you data is at risk.
- LastDitchHero, on 02/23/2008, -1/+11How can you get on Digg from your padded room?
- JimSwarthow, on 02/23/2008, -2/+12good god man, put the 4-footer down already. - haven't seen a whack-job post like that around here in, well, at least a few days.
- chrispr, on 02/23/2008, -1/+11Can if it's caught before the torching, which this video is implying.
- Langford, on 02/23/2008, -0/+9I would love to see a workplace filled with computer users that were diligent and careful.
- mCanada, on 02/23/2008, -1/+10Then why is there an option in truecrypt not to keep keys in memory if they have to be there?
- dotcom101010, on 02/23/2008, -0/+9no in that case the HD is locked not encrypted.
- LastDitchHero, on 02/23/2008, -1/+10I am glad Gutsy Gibbon broke my Suspend / Hibernate, they must have been looking out for the user to prevent this sort of vulnerability
/sarcasm, as I try again to look for a solution on Google to fix it - nathangl, on 02/23/2008, -0/+8Sorry but "the linux kernel flips the bits in memory of the encryption key every few milliscenonds" does not make sense. Provide reference to demonstrate where the kernel "flips the bits in memory" for truecrypt or dmcrypt
- pendrachken, on 02/23/2008, -0/+8dude, if someone has physical access to your server room you are pretty much gonna be screwed anyways.
- DrFriendly, on 02/23/2008, -0/+8The image of the mona lisa is misleading though.
You can still make out the Mona Lisa even after a significant part of it has faded from the RAM.
To decrypt a volume you need every single bit of the passkey to be intact.
Granted; the bitlocker aproach (opening up to a loginscreen with the disk decrypted) does seem very insecure. - slipfish, on 02/23/2008, -0/+7Im not an expert, and correct me if I'm wrong, but isn't the encryption key still stored in memory if it's in standby?
- jojoyohan, on 02/23/2008, -1/+8RAM is never automatically deleted. When the RAM loses power it can no longer store data, and as shown in the video, will lose all data over time.
- Akidan, on 02/23/2008, -0/+7You are correct.
- jeuhrn, on 02/23/2008, -0/+6If your adversary is already gonna open the computer, what would hinder him in resetting CMOS and clearing your BIOS password anyway?
Guidelines are always nice, but there really isn't any way of protecting your data from this exploit except for an onboard battery-powered device that flushes the RAM on certain conditions. (i.e. an unclean shutdown) - sorrow, on 02/23/2008, -0/+6For that matter, why not give credit where credit is due? Princeton.
Hell, look a little older in the frontpage digg articles for the day and you'll find a link directly to the Princeton website about it, not to Wired. - jcronkhite, on 02/23/2008, -5/+11This is really getting lame. This article was posted 10 hours ago as "Cold Boot Attacks on Windows Vista BitLocker Encryption Keys". Digg is losing me slowly but surely. The article and it's dupe are both front page at the same time. Man, this blows.
- fgsfds, on 02/23/2008, -0/+5I think you mean "RAM", since the hard drive isn't time-sensitive.
Also, a BIOS password would block the use of that particular machine for retrieving the ramdump, thus requiring that the ram be transplanted from the target system into a reader system. That adds time and increases the number of bit flips.
The hard drive, however, isn't going to suffer from bit rot. Once the ramdump is done you could actually wait a few *years* before decrypting the contents of the hard drive you stole. That would be pointless, but you could still do it. - trogdoor, on 02/23/2008, -0/+5Please provide a link to actual documentation because "select 1s and 0s being inverted" sounds like either obfuscation or encryption, so either you are claiming that the key is simply obfuscated, in which case it is still recoverable, or you are claiming that there is another key used to decrypt the key ( which is stored in the CPU registers? ). You are not very good at explaining this feature ( if it exists and you understand it at all, neither of which are certain ) so again, please link to actuall documentation on this feature.
- Kidane, on 02/23/2008, -0/+5I never turn my laptop off, I always shut the lid and put it into sleep mode, so it's ready for me when I need it. I am exactly the kind of person who is vulnerable to this kind of attack.
- jsb68, on 02/23/2008, -1/+6Oh my, the world is crumbling around us.
- fgsfds, on 02/23/2008, -0/+5That would increase the time it would take, which would decrease the number of probably recoverable bits.
There's no SOLUTION, but adding stumbling blocks certainly helps. - Osirus1156, on 02/23/2008, -1/+6I did not know that about RAM, but I always like to learn new things.
- trueshadow21, on 02/23/2008, -0/+5To start, I agree. Except for the fact that the entire process of starting up and logging in (including loading all the programs in windows that start by default) takes a lot longer than 2 minutes on a lot of peoples laptops.
- MudMan69, on 02/23/2008, -0/+4In a TrueCrypt volume, the volume header contains a master key with which the volume is encrypted. The header is encrypted with a header key derived from a password. The master key must stay resident as long as the drive is mounted or data can't be read. The only thing TrueCrypt can immediately "forget" is the header key and password, which are no longer needed once the header key is decrypted.
- cyberpear, on 02/23/2008, -0/+4if you erased the ram based on a motion sensor, you would inadvertently set it off during normal use
- nathangl, on 02/23/2008, -2/+6First of all, the previous respondant is incorrect.. The data in RAM is not cleared and it does fade away, their assertions are correct. However, this isnt an attack against disk encryption at all, this is an attack against the architecture of modern computer systems in general!!! Blame Von Neuman!! If you desire disk encryption the only reasonable method of providing it is by maintaing a stored secret key in memory to allow for such performance. Don't think that all companies that have implemented disk encryption have failed, these attacks aren't very practical but its more of a proof of concept. It demonstrates it is ipossible to gain the secret key used in the exchange, but gaining this key requires physical access and motivation to get it! If someone is targetted, it's quite posible they could be exploited but for a normal user, I wouldn't worry...
- dukeochutney, on 02/23/2008, -0/+3i guess digg users have gotten even dumber now since this is actually dupe like u said. dugg for being right
- trogdoor, on 02/23/2008, -0/+3It wouldn't.
- hmcook87, on 02/23/2008, -0/+3please tell me you also physically destroy the hard disk platters? torching alone is not enough people!
- tribble222, on 02/23/2008, -0/+3The basic idea aside from motion detectors is good though. In the event of a forced shutdown a battery could flash the ram.
- manitoba98xp, on 02/23/2008, -0/+3Yes, but if you have most of the bits correct, you can even just "try" a few changes until it works; it greatly decreases the number of keys that must be tried. Also, you can slow the rate by cooling the RAM chip, reducing that even further.
It is still a brilliant attack. - bradneuman, on 02/23/2008, -0/+3does anyone know how well this would work with other types of RAM? What if the OS could convince the CPU to store the keys in a cache? Or, although I really lack the knowledge to know if this is possible, the OS could store the keys in the portion of RAM that it knows will be overwritten by the BIOS
- byrdgang, on 02/23/2008, -0/+3LOL....suspend/hibernate has not been working for me since like Edgy. I gave up on trying to get it to work. I used to hibernate all the time...now it's just a memory.
- Bloodybathwater, on 02/23/2008, -0/+3What about when you put your computer in hibernate, is it safe? Doesn't Windows save your RAM to the HDD? or no?
If I can I'd rather be able to put my computer on hibernate than have to turn it off all the time (due to the faster reboot). - inactive, on 02/23/2008, -0/+2This pertains to any computer with hard drive encryption, be it a laptop or a server running 24/7. There, proven wrong on this aspect.
- sorrow, on 02/24/2008, -0/+2I don't see anything necessarily WRONG with it -- but I do think that it's silly when the Wired article was on the front page at the same time as the original Princeton article was, yet Wired was getting a lot more diggs. I also think that Wired could have done a much better job of making the link to the original article more apparent.
Don't get me wrong though - I read Wired all the time! :) -
Show 51 - 100 of 134 discussions
Digg is coming to a city (and computer) near you! Check out all the details on our 
© Digg Inc. 2009
— Content created and posted by Digg users is