Data Encryption Easily Broken Using Keys Hiding In RAM - Gizmodo Comments

Data Encryption Easily Broken Using Keys Hiding In RAM

aec007 — Thu, 06 Mar 2008 14:11:54 EST

On the other hand throw it in the oven at 375°F for 5 minutes until well done and your data will be permanently protected.

aec007

Data Encryption Easily Broken Using Keys Hiding In RAM

Out2gtcha — Thu, 06 Mar 2008 09:58:47 EST

For the love of...............How can you have the hamburgler without Grimis?!?!?!

Its just not right.

I know its OT for this but hey, as was pointed out previous, this broke weeks ago and I got nothin else.

Out2gtcha

Data Encryption Easily Broken Using Keys Hiding In RAM

jw — Thu, 06 Mar 2008 09:19:06 EST

Tremendous photoshoppin'

Data Encryption Easily Broken Using Keys Hiding In RAM

dolo54 — Thu, 06 Mar 2008 08:38:01 EST

apparently if everyone DID shut down their laptops it would save 1.21 gigawatts of power.

dolo54

Data Encryption Easily Broken Using Keys Hiding In RAM

Sockatume — Thu, 06 Mar 2008 06:51:40 EST

This is old news. This week's stealing-security-keys-from-RAM story is about firewire, and it works while the PC is booted.

Sockatume

Data Encryption Easily Broken Using Keys Hiding In RAM

seishino — Thu, 06 Mar 2008 03:15:18 EST

This seems ridiculous for all but the best funded of theives. But what about DRM? Does access to a RAM print compromise the highly key-dependent DRM schemes out there?

seishino

Data Encryption Easily Broken Using Keys Hiding In RAM

dcartist — Thu, 06 Mar 2008 00:08:37 EST

This reminds me of how NSA demo'd how to get into the memory of a smart card by physically microdrilling a hole into the physical card, and reading the registers...

In the case of volatile RAM though, Why not simply run a shutdown bot that zeros the system RAM whenever you shut down the OS? That would take a good programmer about 30 minutes to write, right?

dcartist

Data Encryption Easily Broken Using Keys Hiding In RAM

mikeness — Thu, 06 Mar 2008 00:07:09 EST

This is a non story in my opinion. Most decent encryption apps such as Truecrypt flush encryption data from RAM upon dismounting the volume. If someone were to hard shutdown the PC before Truecrypt could dismount and flush the keys, then the keys would still be lodged in RAM and vulnerable to this attack. This requires that the bad guy has access to the encrypted volume in a mounted state anyway, the point is moot.

mikeness

Data Encryption Easily Broken Using Keys Hiding In RAM

Trinetra — Wed, 05 Mar 2008 23:47:56 EST

And you guys are quoting BBC?! El Reg broke this 3 weeks ago. C'mon..the BBC??

Trinetra

Data Encryption Easily Broken Using Keys Hiding In RAM

Reilaos: Reading Comprehension is your friend! — Wed, 05 Mar 2008 22:53:22 EST

I thought this was commonish knowledge by now...

Reilaos: Reading Comprehension is your friend!

Data Encryption Easily Broken Using Keys Hiding In RAM

Neodiablo22 — Wed, 05 Mar 2008 21:45:42 EST

The keys supposedly go into memory after the system boots and before needing to enter in a password. Thus its not that much of a rush after stealing the laptop/computer. Anyways, all of the encryption technology is more of a deterrent anyways. If its man made it can be broken by man.

Neodiablo22

Data Encryption Easily Broken Using Keys Hiding In RAM

geekinky — Wed, 05 Mar 2008 21:25:48 EST

CRAP! Now I'm going to have to start shutting down my laptop that I keep downstairs in between my large tank of liquid oxygen and my high speed powered screwdriver and RAM stick pulling set.

geekinky

Data Encryption Easily Broken Using Keys Hiding In RAM

microe — Wed, 05 Mar 2008 20:55:46 EST

Gizmodo gets the bronze for reporting the story about a week late. But they get the gold for the image!

microe

Data Encryption Easily Broken Using Keys Hiding In RAM

Ben — Wed, 05 Mar 2008 20:41:46 EST

Stealing a computer right after it's encrypting something and been powered down and then pulling it apart in a -50c freezer, removing the RAM and analysing it by knowing where to look and decyphering the seemingly random bits in memory all within 10 minutes?

Man, this is great material for the Ocean's 14 script I'm writing!

Ben

Data Encryption Easily Broken Using Keys Hiding In RAM

Giolon — Wed, 05 Mar 2008 20:40:27 EST

Wow...where were you guys when this broke 2-3 weeks ago?

Giolon

Data Encryption Easily Broken Using Keys Hiding In RAM

Scottc_ — Wed, 05 Mar 2008 20:40:12 EST

Who decided that the keys are protected when the computer is on? A simple memory editor or debugger will easily give you access to the information you're looking for.

Scottc_

Data Encryption Easily Broken Using Keys Hiding In RAM

Sheemo44 — Wed, 05 Mar 2008 20:37:45 EST

@BensAngel: you could turn one of those cans of air upside down and spray liquid nitrogen out of it =)

Sheemo44

Data Encryption Easily Broken Using Keys Hiding In RAM

aznplayer213 — Wed, 05 Mar 2008 20:37:23 EST

i shutdown my laptop to conserve when need be!

aznplayer213

Data Encryption Easily Broken Using Keys Hiding In RAM

Kaiser-Machead's LEGO WALL-E — Wed, 05 Mar 2008 20:33:43 EST

C:/DOS/RUN/ROBBLEROBBLE!

Kaiser-Machead's LEGO WALL-E

Data Encryption Easily Broken Using Keys Hiding In RAM

diverguy — Wed, 05 Mar 2008 20:31:42 EST

Actually I shut down all my computers, including laptops completely every time.

I suppose one does have to ask the question, what thief walks around with a freezer capable of getting a laptop cooled down to -50c in under the amount of time the data would remain in the first place??

diverguy

Data Encryption Easily Broken Using Keys Hiding In RAM

carbonmotion — Wed, 05 Mar 2008 20:29:33 EST

they should make it so that the os/ security program write over the keys or clears the keys before shutting down.

carbonmotion

Data Encryption Easily Broken Using Keys Hiding In RAM

BensAngel — Wed, 05 Mar 2008 20:28:42 EST

Right'o, who has a freezer that reaches -50ºC?

BensAngel

Data Encryption Easily Broken Using Keys Hiding In RAM

gattsuru — Wed, 05 Mar 2008 20:21:25 EST

It's enough if you don't have to be careful. I've seen people take out a catalytic converter from a truck in thirty seconds; I doubt that sort of mindset is going to be overwhelmingly fearful of a few screws.

That said, any situation where someone could get access to your machine that quickly has many equally serious issues.

gattsuru

Data Encryption Easily Broken Using Keys Hiding In RAM

ripfire — Wed, 05 Mar 2008 19:58:23 EST

10 min is not a lot of time. Especially with Macbooks.... and their screws...

ripfire

Data Encryption Easily Broken Using Keys Hiding In RAM

akothan — Wed, 05 Mar 2008 19:53:12 EST

The Ram Burglar! ^^ haha.

I think there is an easy fix for this stuff. Don't leave your notebook or public PC unattended.

akothan