lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 21 Feb 2008 18:16:12 -0800
From: Jacob Appelbaum <jacob@...elbaum.net>
To: bugtraq@...urityfocus.com
Subject: Cold Boot Attacks on Disk Encryption

This project has been in the works since the last CCC Camp in 2007.
We're all pretty excited to release it and so I thought Bugtraq readers
might have some thoughts on the matter.

Ed Felten wrote about it on Freedom To Tinker this morning:
http://www.freedom-to-tinker.com/?p=1257

"Today eight colleagues and I are releasing a significant new research
result. We show that disk encryption, the standard approach to
protecting sensitive data on laptops, can be defeated by relatively
simple methods. We demonstrate our methods by using them to defeat three
popular disk encryption products: BitLocker, which comes with Windows
Vista; FileVault, which comes with MacOS X; and dm-crypt, which is used
with Linux. The research team includes J. Alex Halderman, Seth D.
Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A.
Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten."

"Our site has links to the paper, an explanatory video, and other
materials."

"The root of the problem lies in an unexpected property of today’s DRAM
memories. DRAMs are the main memory chips used to store data while the
system is running. Virtually everybody, including experts, will tell you
that DRAM contents are lost when you turn off the power. But this isn’t
so. Our research shows that data in DRAM actually fades out gradually
over a period of seconds to minutes, enabling an attacker to read the
full contents of memory by cutting power and then rebooting into a
malicious operating system."

Our full paper with videos and photos can be found on the Princeton
website: http://citp.princeton.edu/memory/

Regards,
Jacob Appelbaum

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ