Disk Encryption Not Secure?
 

So based on this article it really isn't that secure to encrypt your disks, even with Trucrypt. I haven't read the full research paper but it appears that putting your computer in hybernate makes even an encrypted disk vulnerable to snooping.

Sounds like the security flaw is with the memory, not the encryption process:

This would require the machine to CURRENTLY have the Truecrypt partition or file loaded. If the encryption key is already in memory, then the partition or file would already be accessible on the machine, wouldn't it?

The whole research paper makes no sense to me. Why bother freezing the ram and removing it to access the key to a file that is currently already loaded and unlocked?

Their "method" is useless when the machine is off, or if you haven't entered the password to it yet.

ScottC that was my take on it as well. I haven't been through the whole paper yet, just the blog. Their contention is that even if the machine is turned off the DRAM will still maintain the bits for much longer than people expect.

I think this really could force company's that encrypt their desktop machines HDD to rethink their security models. If the desktops are always plugged in and on and the encrypted HDD my not be as secure as they think.

There's also a longer article here:
http://www.computerworld.com/action/...intsrc=hm_list

Hi everyone...

My take on this is:

What you must note is that even if it could be done, it would not be as simple or successfully easy as they wanted to show in the video.

People must have deeply knowledge and much experience in data protection and cryptography.

In order to have success using this attack, it will deppends on some factors that not always will work:

First of all, they use an application to find the possible area in RAM memory that can be an eventual encryption key.
This will deppends on how much memory still keeps intact.
Then they need to reconstruct the parts of the key that was corrupted.
The software that I use uses the AES 256 algorithm, that you can see is much more complex to reconstruct as the others.

On almost all the machines in the market, the BIOS can perform a destructive memory check during its Power-On Self Test.
(POST). Most of the machines we examined allowed this test to be disabled or bypassed (sometimes by enabling an option called “Quick Boot”). You just need to disable this "quick boot" and everytime you turn your PC on, it will erase the RAM memory before even any software can be used to record it.

Also in Bios, you can disable the boot by removable devices or by network to prevent this procedure to be performed without have to change the memory to a second machine, what makes things harder.

the software I am using gives you the possibility to use more than one encryption key (one for each partition).

So I guess there are still solutions to this.

I agree that this isn't something to be concerned with in general, but I also don't think the options offered above are "solutions" to the issue. If the RAM is removed and placed in a new "reader" PC then the BIOS wipe does no good. Similarly, if the drive is moved to a new machine once the key is determined then the BIOS lock is no good. Multiple encryption keys just mean they have to find all the keys instead of one.

I strongly believe that this is a non-issue for all but the most paranoid computer owners or the most aggresive and motivated hackers. Still, it made for a great research article.

That's true if the computer is running and you have access to it. But what about case where the files or drive is unlocked (i.e. encryption key in memory), but the computer OS is locked (i.e. you need to log in)? In that case you either have to defeat, say, Windows' log-in, or you can pull the RAM and get the encryption key.

The purpose of the paper was that most people probably assumed that if they were using drive encryption on their computers, their computers were protected. The business traveler carrying his laptop around in standby probably thinks that he's protected by drive encryption if his laptop is lost or stolen, but this demonstrates that he's not: even if they can't defeat his log-in, they can get his drive encryption key right out of RAM.

At night, they could just enforce a policy that requires computers to be shut-down (or hibernated). They could install software to mandate this, as some organizations do.

Well, it's as easy as the video if you have the software the research team wrote or similar.

In any event, as with all security, you need to consider who you're trying to defend against. If you assume that your adversary will be completely unsophisticated, then even a basic encryption regime is probably overkill. Of course, you don't always know who you're up against.

It's also easy enough to work around - don't leave your computer on or in standby when it's not in use (or sufficiently secure). In that case, unless your adversary hits you over the head with a brick and absconds with your laptop, your data is secure.

Welcome to FlyerTalk, Abadeea!