Comments on: BitLocker, FileVault, dm-crypt, and TrueCrypt Encryption Key Crack via DRAM Cold Boot Attack with Program Source Code Download

By: Jan The Amateur TC user

Jan The Amateur TC user — Thu, 17 Sep 2009 14:21:50 +0000

Can’t you just use a triple layer encryption? I use a three cypher in cascade (3 times 256 bit) and I doubt that you’d get that out of a RAM drive after power off… or am I mistaken? In the example given they found a 128bit AES key in seconds, I don’t think they’ll find 3 256bit keys…

By: Nate the IT guy

Nate the IT guy — Thu, 27 Aug 2009 23:28:28 +0000

This method is wildly impractical. Lets say Mr. Investigator is needing data off of an encrypted computer. If he comes onto the scene with the computer off, chances are that it has been off too long for the data to still be present on the RAM. If he comes in and the computer is turned on, he would have to shut it off, immediately immerse the RAM in liquid nitrogen to keep it cool long enough to transport to a Lab for testing. But if he comes upon a computer that’s turned on, he wouldn’t risk data loss by doing this. While this method is unique and innovative, the chances of it actually being applied when it counts most is close to never… you have better luck with brute force/dictionary attack.

By: Marcos Sartori

Marcos Sartori — Wed, 23 Jul 2008 22:59:26 +0000

The solution I think is putting the keys in the low-memory, so the keys are over written as the computer boots!

I really do not know how large the memory chunk has to be in order to record such key, though if 1/2 KB (512 Bytes) is enough, the adress where bios loades the MBR would be nice!

Other neat places might be the adress of the BIOS IDT (Interrupt Description Table), as it’s not needed any longer as the kernel enters PMod!