Cold boot attacks on disk encryption
Cold boot attacks on disk encryption
People will forget what you said... and people will forget what you did... but people will never forget how you made them feel.
-
workaholic44
- New Member
- Posts: 3
- Joined: Thu Mar 13, 2008 12:49 pm
I`m using a encryption software for my laptop, DriveCrypt plus pack, and after the video was on "released" (even on Youtube) I have received an email from the company where is written following:
"People must actually have a deep knowledge and a lot of experience in data protection and cryptography to have a positive outcome.
The success of such an attack depends on some factors that are not always favorable:
First of all, they use an application to find the possible area in the RAM memory that can represent a potential encryption key.
This actually depends on how much memory of the memory is kept intact at the time of the attack.
Then they need to reconstruct the parts of the key that was corrupted.
We use the AES 256 algorithm, an algorithm that is much more complex than other.
However you can avoid this attacks using some simple actions:
On almost all the machines in the market, the BIOS can perform a destructive memory check during its Power-On Self Test
(POST). Most of the machines we examined allowed this test to be disabled or bypassed (sometimes by
enabling an option called “Quick Boot”). You just need to disable this "quick boot" and every time you turn your PC on, it will erase the RAM memory before even any software can be used to record it.
Also in Bios, you can disable the boot by removable devices or by network to prevent this procedure to be performed without having to change the memory to a second machine, what make things harder.
Also if the software gives you the possibility to use more than one encryption key (one for each partition) than use this possibility.
In this case, they would have more several possible keys to be analyzed what can make it almost impossible to find the correct one."
I let you judge if is true or not
Cheers!
"People must actually have a deep knowledge and a lot of experience in data protection and cryptography to have a positive outcome.
The success of such an attack depends on some factors that are not always favorable:
First of all, they use an application to find the possible area in the RAM memory that can represent a potential encryption key.
This actually depends on how much memory of the memory is kept intact at the time of the attack.
Then they need to reconstruct the parts of the key that was corrupted.
We use the AES 256 algorithm, an algorithm that is much more complex than other.
However you can avoid this attacks using some simple actions:
On almost all the machines in the market, the BIOS can perform a destructive memory check during its Power-On Self Test
(POST). Most of the machines we examined allowed this test to be disabled or bypassed (sometimes by
enabling an option called “Quick Boot”). You just need to disable this "quick boot" and every time you turn your PC on, it will erase the RAM memory before even any software can be used to record it.
Also in Bios, you can disable the boot by removable devices or by network to prevent this procedure to be performed without having to change the memory to a second machine, what make things harder.
Also if the software gives you the possibility to use more than one encryption key (one for each partition) than use this possibility.
In this case, they would have more several possible keys to be analyzed what can make it almost impossible to find the correct one."
I let you judge if is true or not
Cheers!