Re: RFC: Flaw in BitLocker, Apple's FileVault, TrueCrypt, and dm-crypt
- From: "Sebastian G." <seppi@xxxxxxxxx>
- Date: Sun, 24 Feb 2008 18:09:22 +0100
David H. Lipman wrote:
In a paper published on the Internet, researchers show that data is
vulnerable because encryption keys and passwords linger in the temporary
memory of computers after machines lose power.
I found a really bigger vulnerability: The keys are in memory while the computer is still powered on. One could simply connect some hardware to the memory bugs and read it out directly...
Or could could attach a key logger and wait until the user enters the password...
"We then wrote programs to collect the contents of memory after the
computers were rebooted."
Only applies to hardware reboots. If the computer is properly shut down, the software simply zeros out the key in memory.
Laptops are especially vulnerable to the attack when the machines are in
lock, sleep, or hibernation modes, according to the report.
Hibernate? The hibernate file is stored on the encrypted disc...
"This isn't a minor flaw; it is a fundamental limitation in the way these
systems were designed."
No, it's a well known intangible limit known since at least 40 years: Software cannot defend against an attacker which has physical access to the system.
.
- Follow-Ups:
- References:
- RFC: Flaw in BitLocker, Apple's FileVault, TrueCrypt, and dm-crypt
- From: David H. Lipman
- RFC: Flaw in BitLocker, Apple's FileVault, TrueCrypt, and dm-crypt
- Prev by Date: RFC: Flaw in BitLocker, Apple's FileVault, TrueCrypt, and dm-crypt
- Next by Date: Re: RFC: Flaw in BitLocker, Apple's FileVault, TrueCrypt, and dm-crypt
- Previous by thread: RFC: Flaw in BitLocker, Apple's FileVault, TrueCrypt, and dm-crypt
- Next by thread: Re: RFC: Flaw in BitLocker, Apple's FileVault, TrueCrypt, and dm-crypt
- Index(es):
Relevant Pages
|
