[Noisebridge-discuss] Cold Boot Attacks on Disk Encryption

Mitch Altman maltman23 at hotmail.com
Thu Feb 21 18:37:35 UTC 2008

I'd love a demo at the next meeting!


> Date: Thu, 21 Feb 2008 09:53:15 -0800
> From: jacob at appelbaum.net
> To: noisebridge-discuss at lists.noisebridge.net
> Subject: [Noisebridge-discuss] Cold Boot Attacks on Disk Encryption 
> Hi all,
> This project has been under the radar for quite some time. During our
> hack nights, Bill, Seth and I had been working on this project. It is
> finally finished and so I thought I'd share the results with everyone...
> Abstract:
> Contrary to popular assumption, DRAMs used in most modern computers
> retain their contents for seconds to minutes after power is lost, even
> at operating temperatures and even if removed from a motherboard.
> Although DRAMs become less reliable when they are not refreshed, they
> are not immediately erased, and their contents persist sufficiently for
> malicious (or forensic) acquisition of usable full-system memory images.
> We show that this phenomenon limits the ability of an operating system
> to protect cryptographic key material from an attacker with physical
> access. We use cold reboots to mount attacks on popular disk encryption
> systems — BitLocker, FileVault, dm-crypt, and TrueCrypt — using no
> special devices or materials. We experimentally characterize the extent
> and predictability of memory remanence and report that remanence times
> can be increased dramatically with simple techniques. We offer new
> algorithms for finding cryptographic keys in memory images and for
> correcting errors caused by bit decay. Though we discuss several
> strategies for partially mitigating these risks, we know of no simple
> remedy that would eliminate them.
> A good intro is on Ed Feltens blog:
> http://www.freedom-to-tinker.com/?p=1257
> Our full paper, with a nice video and photos is here:
> http://citp.princeton.edu/memory/
> If you'd like to test your system, I think we can arrange something at
> the next Noisebridge meeting!
> Best,
> Jake
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20080221/648cfe17/attachment-0003.html>

More information about the Noisebridge-discuss mailing list