Data can remain in stored in memory even after the system is shut down
DRam crack breaks encryption software
/v3-uk/news/2003492/dram-crack-breaks-encryption-software
22 Feb 2008, Shaun Nichols , V3
Disk encryption software used on many systems can be circumvented using what researchers referred to as "simple non-destructive techniques".
A report from researchers at the Electronic Frontier Foundation, Princeton University and Wind River Systems concluded that many current consumer disk encryption programs can be compromised via a computer's DRam.
The problem is that data can remain in stored in memory even after the system is shut down. By cold-booting the system, an attacker could access data from the DRam and retrieve encryption keys.
"Most experts assume that a computer's memory is erased almost immediately when it loses power, or that whatever data remains is difficult to retrieve without specialised equipment," said the researchers.
"Ordinary DRam typically loses its contents gradually over a period of seconds, even at standard operating temperatures.
"Even if the chips are removed from the motherboard, the data will persist for minutes or even hours if the chips are kept at low temperatures."
The researchers claimed that laptops are at particular risk because an attacker could use the tactic to break into a system even if screen locks are in place.
To counter the attacks, the researchers suggested that system builders take measures to make data on memory chips decay more rapidly or block the use of memory-dump software used to retrieve data from memory chips.
However, the researchers concluded that the problem will not be easy to solve.
"Unlike many security problems, this is not a minor flaw; it is a fundamental limitation in the way these systems were designed," said Princeton researcher J. Alex Halderman.
"We have broken disk encryption products in exactly the case when they seem to be most important these days."
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Do you agree?
Eh
It doesn't matter. The RAM as well as the swapfile is PURGED on a multi-pass upon shutdown, meaning the only data you'll retrieve by "zero-kelvin-booting" the chips is pseudo-random garbage.
Think about the bullshit you're trying to convince me of. 'You tellin' me theres a "RAM heaven" somewhere? It's soul flies on with all those memories? All those flashy Llamas with heads shaped like rakes and clips of puppies turning into salt... does this mean I won't lose MY soul upon demise as well? You think they could retrieve all those images from my brain by subjecting it to kelvin-low temperatures? I better sign a note to my future mortician to make sure he GRINDS my brain up good prior to the burial.
Posted by Xpenguin17, 09 May 2008
Do you think people are that dumb?
Windows already has an option to purge the memory swapfile upon shutdown as well as 3rd party programs that do it even more effectively.
The only people anyone will nab with this technique are 13yo boys with their 10GB porn collections. So, quit trying to present this relatively OLD and INEFFECTIVE technique as genius that requires research and investment by some zealous geeks.
Posted by Xpenguin17, 10 Apr 2008
You Idiot
Cold-booting a machine is not the DRAM crack. The crack is subjecting the chips to extremely low temperature. Not exactly cold-booting.
Posted by Ima Gumby, 10 Apr 2008
It might be possible....in some cases
DRAM tends to decay rather rapidly if it is not refreshed periodically. Now if it was SRAM, then I would be a bit more worried about things like Vcc capacitance maybe holding the newer memory designs valid for a long period (a problem a certain piece of hardware I work on has). Now if the computer does not fully power down but keeps the memory going and refreshed in a form of a power reduction/quick restart mode, then all bets are off.
Notice they did not write the acronym DRAM (Dynamic Random Access Memory) correctly?
Posted by Ray, 02 Apr 2009