Boyd Waters wrote: > On Feb 21, 2008, at 12:17 PM, a co-worker wrote: > >> Research at Princeton demonstrated that it is possible to recover >> significant information from mounted FileVault, i.e. a stolen >> sleeping laptop, using a cold reboot technique. >> >> from: <http://citp.princeton.edu/memory/> > > > I really like the part about cooling the RAM to -50C with a can of > compressed air. Keeps the bits from rotting. Thanks! We thought it was a cute attack as well! Cooling the RAM isn't strictly required. Some of our most fun proof of concept attacks don't require anything more than a reboot. > > No one has mentioned loop-aes, for Linux, which twiddles the bits of the > key (in RAM) periodically (XOR with a known string of random bits, > generated at boot-time) - so it moves the key around in memory, and > flips the ones and zeroes back and forth. I think that would complicate > the attack mentioned in the paper. > We did run our attacks on loop-aes and we did find keying material. We actually found a very large amount of keying material. We didn't bother to implement a decryption utility with the keys found it memory, it would be trivial to do so though. Regards, Jacob Appelbaum - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
