BitLocker, FileVault, dm-crypt, and TrueCrypt Encryption Key Crack via DRAM Cold Boot Attack with Program Source Code Download BitLocker的， FileVault ，德國馬克，隱窩，並TrueCrypt加密密鑰通過DRAM的裂縫冷開機攻擊與計劃源代碼下載

A group of researchers in Princeton University have managed to prove and demonstrate that disk encryption mechanism used by BitLocker of Windows Vista; FileVault of MacOS X; dm-crypt of Linux, TrueCrypt and possibly other secure encryption software, can be cracked, hacked and defeated by imaging state of physical memory (DRAM modules) which still carry and retain traces of code bits, in what hackers called cold boot attack by dumping all data in memory to disk.一組研究人員在美國普林斯頓大學已成功地證明，表明磁盤加密機制，利用BitLocker的Windows Vista的; FileVault的MacOS下;德國馬克，隱窩的Linux ， TrueCrypt ，可能還有其他安全的加密軟件，可以被破解，黑客入侵並打敗由成像狀態的物理內存（ DRAM模塊） ，其中仍保留痕跡的代碼位，在什麼所謂的黑客攻擊冷啟動傾倒所有的數據在內存到磁盤。

Princeton University Center for Information Technology Policy普林斯頓大學中心的信息技術政策 website網站 describes how the attack is possible:介紹了如何攻擊是可能的：

Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard.相反，流行的假設，內存使用最現代化的電腦保留其內容秒後失去權力，甚至在工作溫度，即使從主板。 Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images.雖然內存變得不那麼可靠時，他們沒有更新，他們沒有立即清除，並堅持其內容充分的惡意（或法醫）購買實用全系統內存的圖片。 We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access.我們發現，這一現象限制了作業系統，以保護密鑰材料從攻擊者物理訪問。 We use cold reboots to mount attacks on popular disk encryption systems - BitLocker, FileVault, dm-crypt, and TrueCrypt - using no special devices or materials.我們使用冷戰重啟發動攻擊流行的磁盤加密系統-B itLocker的， F ileVault，德國馬克，隱窩，並T rueCrypt-使用沒有任何特殊設備或材料。 We experimentally characterize the extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques.實驗的特點，我們的程度和可預見性的內存剩磁和報告說，剩磁時間可以大大增加簡單的技術。 We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay.我們提供了新的算法，找到密鑰內存中的圖像和改正錯誤所造成的衰變位。 Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them.雖然我們在討論戰略的若干部分減輕這些風險，我們知道，沒有一個簡單的補救措施，消除它們。

Video clip published by the team shows that it’s possible to remove a DIMM from one computer after power loss, transport and traffic the RAM module to another PC, aiding by a typical canned-air spray to lower its temperature to lengthen the time which the DIMM will keep the data, and then boot the computer unit using a specially designed microkernel, and finally dump all data on the RAM chip to physical disk.視頻剪輯出版的球隊表明，它可能把一個內存從一台計算機後，功率損耗，運輸和交通的RAM模塊到另一個電腦，幫助了一個典型的罐裝空氣噴霧降低溫度，延長時間該內存將保留數據，然後啟動計算機單位使用一個專門設計的微內核，並最終轉儲上的所有數據RAM芯片，以物理磁盤。 The amount of bad (decayed) data depended on both the time a DIMM spent unpowered and the temperature at which it was kept.數額壞（齲齒）的數據取決於雙方的時間是DIMM花無動力和溫度會上兌現。 Nonetheless, the researchers managed to successfully reconstruct 128-bit AES encryption keys within seconds, even if 10 percent of the key had already decayed out of memory.儘管如此，研究人員設法成功地重建的128位AES加密鑰匙在幾秒鐘內，即使百分之十的關鍵已經腐爛的記憶。

The Princeton University team has also released the普林斯頓大學隊也公佈了 source code源代碼 for some of the software utilities that is developed in the course of this research.對一些軟件工具，這是發展過程中，這一研究成果。 These prototype applications are intended to illustrate the techniques described in the這些原型應用的目的是為了說明技術中描述 encryption keys cool boot attack加密密鑰攻擊涼爽開機 research paper, and should not be used for malicious or hacking attempt.研究論文，而不應被用於惡意或黑客企圖。

The source code for applications released for free download include USB / PXE (源代碼的應用推出免費下載包括配有USB / PXE技術（ bios_memimage-1.0.tar.gz bios_memimage - 1.0.tar.gz ) and EFI Netboot ( ）和電噴Netboot （ efi_memimage-1.0.tar.gz efi_memimage - 1.0.tar.gz ) memory imaging tools, AESKeyFinder ( ）記憶體成像工具， AESKeyFinder （ aeskeyfind-1.0.tar.gz aeskeyfind - 1.0.tar.gz ) and RSAKeyFinder ( ）和RSAKeyFinder （ rsakeyfind-1.0.tar.gz rsakeyfind - 1.0.tar.gz ) automatic key-finder tools, and AESFix ( ）自動鍵查找工具，以及AESFix （ aesfix-1.0.1.tar.gz aesfix - 1.0.1.tar.gz ) error-correction utility for AES key schedules. ）糾錯工具， AES公司主要日程。

IMPORTANT : This is a machine translated page which is provided "as is" without warranty. 重要說明：這是一台機器翻譯網頁這是“原樣”提供，無保修。 Machine translation may be difficult to understand.機器翻譯可能很難理解。 Please refer to請參閱 original English article英文原文的文章 whenever possible.只要有可能。

Share and contribute or get technical support and help at共享和貢獻或獲得技術支持和幫助 My Digital Life Forums 我的數字生活論壇 . 。

Related Articles相關文章

• Cold Hard Jolt about Encryption Protection冷軋硬加密地震有關保護
• Download TrueCrypt Free (Alternative) Encryption Software for Vista下載TrueCrypt免費（替代）的加密軟件為Vista
• Recover PDF Password with PDFCrack Free Recovery Tool PDF格式密碼恢復與PDFCrack免費恢復工具
• Get Ready for Linux Genuine Advantage (LGA) - with Source and Crack準備Linux的正版優勢（兒） -與來源和裂縫
• Securely and Completely Delete and Remove the Files安全和完全刪除，並刪除的文件
• Download .cs, .vb, .js and .sql Files Code Preview Handler for Vista and Outlook 2007下載。政務司司長， 。編程。爵士和。數據庫文件預覽處理程序代碼為Vista和Outlook 2007
• Free Download: Ultimate Extras as Extra Features of Windows Vista Ultimate免費下載：終極額外作為額外功能的Windows Vista旗艦版
• Facebook Source Code Leaked Facebook的源代碼洩漏
• Manual Uninstallation of OEM BIOS Loader EMU (Vista Loader or SoftMod) Windows Vista Crack手動卸載的OEM BIOS的裝載機鴯鶓（ Vista的裝載機或SoftMod ） Windows Vista的裂紋
• WinDVD Blu-Ray (BD) DVD Region Free Reset DVD播放的藍光（藍光） DVD區域自由重置

This entry was posted on Thursday, July 24th, 2008 at 3:52 am and is filed under 本條目被張貼在週四， 2008年7月24號在上午03時52分，並提交下 Security 安全 . 。 You can follow any responses to this entry through the 您可以按照任何反應，這個項目通過 RSS 2.0 2.0 feed. You can 飼料。您可以 leave a response 留下一個反應 , or 或 trackback 引用 from your own site. 從您自己的網站。