BitLocker, FileVault, dm-crypt, and TrueCrypt Encryption Key Crack via DRAM Cold Boot Attack with Program Source Code Download BitLocker的， FileVault ，德国马克，隐窝，并TrueCrypt加密密钥通过DRAM的裂缝冷开机攻击与计划源代码下载

A group of researchers in Princeton University have managed to prove and demonstrate that disk encryption mechanism used by BitLocker of Windows Vista; FileVault of MacOS X; dm-crypt of Linux, TrueCrypt and possibly other secure encryption software, can be cracked, hacked and defeated by imaging state of physical memory (DRAM modules) which still carry and retain traces of code bits, in what hackers called cold boot attack by dumping all data in memory to disk.一组研究人员在美国普林斯顿大学已成功地证明，表明磁盘加密机制，利用BitLocker的Windows Vista的; FileVault的MacOS下;德国马克，隐窝的Linux ， TrueCrypt ，可能还有其他安全的加密软件，可以被破解，黑客入侵并打败由成像状态的物理内存（ DRAM模块） ，其中仍保留痕迹的代码位，在什么所谓的黑客攻击冷启动倾倒所有的数据在内存到磁盘。

Princeton University Center for Information Technology Policy普林斯顿大学中心的信息技术政策 website网站 describes how the attack is possible:介绍了如何攻击是可能的：

Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard.相反，流行的假设，内存使用最现代化的电脑保留其内容秒后失去权力，甚至在工作温度，即使从主板。 Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images.虽然内存变得不那么可靠时，他们没有更新，他们没有立即清除，并坚持其内容充分的恶意（或法医）购买实用全系统内存的图片。 We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access.我们发现，这一现象限制了作业系统，以保护密钥材料从攻击者物理访问。 We use cold reboots to mount attacks on popular disk encryption systems - BitLocker, FileVault, dm-crypt, and TrueCrypt - using no special devices or materials.我们使用冷战重启发动攻击流行的磁盘加密系统-B itLocker的， F ileVault，德国马克，隐窝，并T rueCrypt-使用没有任何特殊设备或材料。 We experimentally characterize the extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques.实验的特点，我们的程度和可预见性的内存剩磁和报告说，剩磁时间可以大大增加简单的技术。 We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay.我们提供了新的算法，找到密钥内存中的图像和改正错误所造成的衰变位。 Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them.虽然我们在讨论战略的若干部分减轻这些风险，我们知道，没有一个简单的补救措施，消除它们。

Video clip published by the team shows that it’s possible to remove a DIMM from one computer after power loss, transport and traffic the RAM module to another PC, aiding by a typical canned-air spray to lower its temperature to lengthen the time which the DIMM will keep the data, and then boot the computer unit using a specially designed microkernel, and finally dump all data on the RAM chip to physical disk.视频剪辑出版的球队表明，它可能把一个内存从一台计算机后，功率损耗，运输和交通的RAM模块到另一个电脑，帮助了一个典型的罐装空气喷雾降低温度，延长时间该内存将保留数据，然后启动计算机单位使用一个专门设计的微内核，并最终转储上的所有数据RAM芯片，以物理磁盘。 The amount of bad (decayed) data depended on both the time a DIMM spent unpowered and the temperature at which it was kept.数额坏（龋齿）的数据取决于双方的时间是DIMM花无动力和温度会上兑现。 Nonetheless, the researchers managed to successfully reconstruct 128-bit AES encryption keys within seconds, even if 10 percent of the key had already decayed out of memory.尽管如此，研究人员设法成功地重建的128位AES加密钥匙在几秒钟内，即使百分之十的关键已经腐烂的记忆。

The Princeton University team has also released the普林斯顿大学队也公布了 source code源代码 for some of the software utilities that is developed in the course of this research.对一些软件工具，这是发展过程中，这一研究成果。 These prototype applications are intended to illustrate the techniques described in the这些原型应用的目的是为了说明技术中描述 encryption keys cool boot attack加密密钥攻击凉爽开机 research paper, and should not be used for malicious or hacking attempt.研究论文，而不应被用于恶意或黑客企图。

The source code for applications released for free download include USB / PXE (源代码的应用推出免费下载包括配有USB / PXE技术（ bios_memimage-1.0.tar.gz bios_memimage - 1.0.tar.gz ) and EFI Netboot ( ）和电喷Netboot （ efi_memimage-1.0.tar.gz efi_memimage - 1.0.tar.gz ) memory imaging tools, AESKeyFinder ( ）记忆体成像工具， AESKeyFinder （ aeskeyfind-1.0.tar.gz aeskeyfind - 1.0.tar.gz ) and RSAKeyFinder ( ）和RSAKeyFinder （ rsakeyfind-1.0.tar.gz rsakeyfind - 1.0.tar.gz ) automatic key-finder tools, and AESFix ( ）自动键查找工具，以及AESFix （ aesfix-1.0.1.tar.gz aesfix - 1.0.1.tar.gz ) error-correction utility for AES key schedules. ）纠错工具， AES公司主要日程。

IMPORTANT : This is a machine translated page which is provided "as is" without warranty. 重要说明：这是一台机器翻译网页这是“原样”提供，无保修。 Machine translation may be difficult to understand.机器翻译可能很难理解。 Please refer to请参阅 original English article英文原文的文章 whenever possible.只要有可能。

Share and contribute or get technical support and help at共享和贡献或获得技术支持和帮助 My Digital Life Forums 我的数字生活论坛 . 。

Related Articles相关文章

• Cold Hard Jolt about Encryption Protection冷轧硬加密地震有关保护
• Download TrueCrypt Free (Alternative) Encryption Software for Vista下载TrueCrypt免费（替代）的加密软件为Vista
• Recover PDF Password with PDFCrack Free Recovery Tool PDF格式密码恢复与PDFCrack免费恢复工具
• Get Ready for Linux Genuine Advantage (LGA) - with Source and Crack准备Linux的正版优势（儿） -与来源和裂缝
• Vista Brute-Force Keygen GUI 0.1 with Source Code Vista的蛮力凯基与贵0.1源代码
• Securely and Completely Delete and Remove the Files安全和完全删除，并删除的文件
• Download .cs, .vb, .js and .sql Files Code Preview Handler for Vista and Outlook 2007下载。政务司司长， 。编程。爵士和。数据库文件预览处理程序代码为Vista和Outlook 2007
• Free Download: Ultimate Extras as Extra Features of Windows Vista Ultimate免费下载：终极额外作为额外功能的Windows Vista旗舰版
• Manual Uninstallation of OEM BIOS Loader EMU (Vista Loader or SoftMod) Windows Vista Crack手动卸载的OEM BIOS的装载机鸸鹋（ Vista的装载机或SoftMod ） Windows Vista的裂纹
• Facebook Source Code Leaked Facebook的源代码泄漏

This entry was posted on Thursday, July 24th, 2008 at 3:52 am and is filed under 本条目被张贴在周四， 2008年7月24号在上午03时52分，并提交下 Security 安全 . 。 You can follow any responses to this entry through the 您可以按照任何反应，这个项目通过 RSS 2.0 2.0 feed. You can 饲料。您可以 leave a response 留下一个反应 , or 或 trackback 引用 from your own site. 从您自己的网站。