On Feb 21, 2008, at 12:17 PM, a co-worker wrote:
Research at Princeton demonstrated that it is possible to recover significant information from mounted FileVault, i.e. a stolen sleeping laptop, using a cold reboot technique. from: <http://citp.princeton.edu/memory/>
I really like the part about cooling the RAM to -50C with a can of compressed air. Keeps the bits from rotting.
No one has mentioned loop-aes, for Linux, which twiddles the bits of the key (in RAM) periodically (XOR with a known string of random bits, generated at boot-time) - so it moves the key around in memory, and flips the ones and zeroes back and forth. I think that would complicate the attack mentioned in the paper.
- boyd Boyd Waters Scientific Programmer National Radio Astronomy Observatory New Mexico, USA, Earth - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
