Cold Boot Attacks on Disk Encryption -- report on

[David Farber <dave () farber net>]

Begin forwarded message:

From: Declan McCullagh <declan () well com>
Date: February 21, 2008 3:57:43 PM EST
To: dave () farber net
Cc: Jacob Appelbaum <jacob () appelbaum net>
Subject: Re: [IP] Cold Boot Attacks on Disk Encryption

Dave,

The paper published today makes some pretty strong claims about the  
vulnerabilities of Microsoft's BitLocker, Apple's FileVault,  
TrueCrypt, Linux's dm-crypt subsystem, and similar products.

So I put the folks behind it to a test. I gave them my MacBook laptop  
with FileVault turned on, powered up, encrypted swap enabled, and the  
screen saver locked.

They were in fact able to extract the 128-bit AES key; I've put screen  
snapshots of their FileVault bypass process here:
http://www.news.com/2300-1029_3-6230933-1.html

And my article with responses from Microsoft, Apple, and PGP is here:
http://www.news.com/8301-13578_3-9876060-38.html

Bottom line? This is a very nicely done attack. It's going to make us  
rethink how we handle laptops in sleep mode and servers that use  
encrypted filesystems (a mail server, for instance).

-Declan

Jacob Appelbaum wrote:
> With all of the discussions that take place daily about laptop  
> seizures,
> data breech laws and how crypto can often come to the rescue, I  
> thought
> the readers of IP might be interested in a research project that was
> released today. We've been working on this for quite some time and are
> quite proud of the results.
> Ed Felten wrote about it on Freedom To Tinker this morning:
> http://www.freedom-to-tinker.com/?p=1257



-------------------------------------------
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com