[IP] Cold Boot Attacks on Disk Encryption
Declan McCullagh
declan at well.com
Thu Feb 21 03:57:43 PST 2008
Dave,
The paper published today makes some pretty strong claims about the
vulnerabilities of Microsoft's BitLocker, Apple's FileVault,
TrueCrypt, Linux's dm-crypt subsystem, and similar products.
So I put the folks behind it to a test. I gave them my MacBook laptop
with FileVault turned on, powered up, encrypted swap enabled, and the
screen saver locked.
They were in fact able to extract the 128-bit AES key; I've put screen
snapshots of their FileVault bypass process here:
http://www.news.com/2300-1029_3-6230933-1.html
And my article with responses from Microsoft, Apple, and PGP is here:
http://www.news.com/8301-13578_3-9876060-38.html
Bottom line? This is a very nicely done attack. It's going to make us
rethink how we handle laptops in sleep mode and servers that use
encrypted filesystems (a mail server, for instance).
-Declan
Jacob Appelbaum wrote:
> With all of the discussions that take place daily about laptop
> seizures,
> data breech laws and how crypto can often come to the rescue, I
> thought
> the readers of IP might be interested in a research project that was
> released today. We've been working on this for quite some time and are
> quite proud of the results.
> Ed Felten wrote about it on Freedom To Tinker this morning:
> http://www.freedom-to-tinker.com/?p=1257
-------------------------------------------
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
-------------------------------------------
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the Testlist
mailing list