[Noisebridge-discuss] Cold Boot Attacks on Disk Encryption

Jacob Appelbaum jacob at appelbaum.net
Thu Feb 21 17:53:15 UTC 2008

Hi all,

This project has been under the radar for quite some time. During our
hack nights, Bill, Seth and I had been working on this project. It is
finally finished and so I thought I'd share the results with everyone...

Contrary to popular assumption, DRAMs used in most modern computers
retain their contents for seconds to minutes after power is lost, even
at operating temperatures and even if removed from a motherboard.
Although DRAMs become less reliable when they are not refreshed, they
are not immediately erased, and their contents persist sufficiently for
malicious (or forensic) acquisition of usable full-system memory images.
We show that this phenomenon limits the ability of an operating system
to protect cryptographic key material from an attacker with physical
access. We use cold reboots to mount attacks on popular disk encryption
systems — BitLocker, FileVault, dm-crypt, and TrueCrypt — using no
special devices or materials. We experimentally characterize the extent
and predictability of memory remanence and report that remanence times
can be increased dramatically with simple techniques. We offer new
algorithms for finding cryptographic keys in memory images and for
correcting errors caused by bit decay. Though we discuss several
strategies for partially mitigating these risks, we know of no simple
remedy that would eliminate them.

A good intro is on Ed Feltens blog:

Our full paper, with a nice video and photos is here:

If you'd like to test your system, I think we can arrange something at
the next Noisebridge meeting!


More information about the Noisebridge-discuss mailing list