Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Whole-disk Encryption not secure?

Status
Not open for further replies.

jet042

MIS
Dec 23, 2002
258
US
Saw this on the ISC today. A team of researchers at Princeton has discovered that the secret keys used to encrypt and decrypt data by most whole-disk encryption products stores the key in the system's memory (no surprise there) and that those bits of memory hold their data for up to a few minutes after the PC is turned off (BIG surprise). I haven't read the whole paper yet, but the abstract seems to imply that they were able to recover secret data from disks encrypted with a host of popular products including Vista's BitLocker and TrueCrypt.

Links:
ISC Diary
Paper
Project home page
 
Here are step by step instructions on how ZDNet did it on an Apple.





James P. Cottingham
-----------------------------------------
[sup]I'm number 1,229!
I'm number 1,229![/sup]
 
Everyone acted so suprised at this news and that's the only thing that suprised me.

Nothing in I.T. is 100% secure or hack-proof. If you have enough knowledge and determination, you can get around anything.

 
If an attacker has physical access to the computer, you can assume it's been compromised.

Chip H.


____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first
 
where else would it store the key! (unless you have a usb key)

there has to be something that decrypts the data on the fly as its accessed a username + password will create the key and then leave it there until you power off the machine , if your close enough to have access to it after a few minutes and have the tools required to get the memory out of it and into a device where it can have the key extracted then your the invisible man "with an invisible tool kit"

thinking about it if you were then you could just watch them type the password theres no need for an invisible toolkit that was silly of me ............................
 
I think the recent commenters have missed a key part of this research. The ability to recover anything from the volatile memory of a machine after power has been removed from the device flies in the face of 50+ years of understanding about how computers work.

That the technology is not secure isn't surprising, that this attack vector even exists is. If this was obvious (in anything but hind-sight), Princeton wouldn't have been funding the research.
 
I don't see where anyone said this was "obvious".....just NOT suprising....

Systems are so complex that it's not "suprising" that someone would find a vulnerability of this nature.
 
But what is surprising is the physics involved. DRAM must be refreshed to maintain it's state. It's a big hassle (compared to SRAM) that complicates the circuitry and creates timing issues that can be just awful to design around.

So if DRAM can be read after not being refreshed in waaaaay too long, why bother refreshing it at all? This would simplify motherboards significantly; reducing parts count, power requirements, heat dissipation...

I suspect that latches on the chips are being read, rather than the RAM itself. Not that it matters.

But yes, I am surprised at this.

"We must fall back upon the old axiom that when all other contingencies fail, whatever remains, however improbable, must be the truth." - Sherlock Holmes

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top