On Fri, Mar 21, 2008 at 11:50:47AM -0400, James Knott wrote: :Andrew Daviel wrote: :> (For the paranoid, there was recent buzz about people pulling data such :> as disk encryption keys out of RAM by cooling it, power-cycling then :> booting an alternate low-footprint OS - e.g. if someone steals your :> laptop when it's suspended or on) :> :> :I read about that a while ago. It requires that it be cooled within :seconds of power down. Even then you don't have a lot of time to recover :the data and you need the hardware to be able to extract data. While :technically possible, it's unlikely the need resources would be readily :available. Also, IIRC, the data was not read by the original computer, :as the memory test in the POST would over write the data. No super cooling needed, though you can use canned air to do so if you want to take your time: http://citp.princeton.edu/memory/ All very easy, if you have a low footprint OS so it doesn't stomp all over the interesting bits. Presuming the device is stolen while suspended to memory, or powered on the attacher has all the time they need to setup. though this may or may not affect the Nseries stuff I haven't run a test to see what level of memory initialization goes on and you can't really pull the memory into another system. The link has a simple test to see if the attack is possible on a given device. -Jon
