Please wait while the page is being loaded Skip this advertisement >
ARN

'Cold Boot' encryption hack unlikely, says Microsoft

But Vista users can take steps to protect against the eventuality
Gregg Keizer (Computerworld)  27 February, 2008 11:19:42
Page:
Have your say!
Add to Google
ARN Directory | Distributors relevant to this article
Altech Computers , ASI Solutions , Cellnet , Compucon Computers , Corporate Computer Resources , EDsys Computers , Express Data , Express Online , Impact Systems Technology , Infortech Distribution , Ingram Micro Australia , LDS International , Leader Computers , Leading Pacific Australia , NewLease , Simms International , Synnex Australia , Topstar Computer International , Unixpac , Westan , XiT Distribution , Xpress I.T.

Users can keep thieves from stealing encrypted data by changing some settings in Windows, a Microsoft product manager said as he downplayed the threat posed by new research that shows how attackers can inspect a "ghost" of computer memory.

Russ Humphries, a senior product manager for Windows Vista security, reacted Friday to reports last week about a new low-tech technique that could be used to lift the encryption key used by Vista's BitLocker or Mac OS X's FileVault. Once an attacker has the key, of course, he could easily access the data locked away on an encrypted drive.

The method -- dubbed "Cold Boot" because criminals can boost their chances by cooling down the computer's memory with compressed gas or even liquid nitrogen -- relies on the fact that data doesn't disappear instantly when a system is turned off or enters "sleep" mode. Instead, the bits stored in memory chips decay slowly, relatively speaking.

Cooling down memory to -58 degrees Fahrenheit (-50 degrees Celsius) would give attackers as long as 10 minutes to examine the contents of memory, said the researchers from Princeton University, the Electronic Frontier Foundation and Wind River Systems. And when they pushed the envelope and submersed the memory in liquid nitrogen to bring the temperature down to -310 degrees Fahrenheit (-190 degrees Celsius), researchers saw just 0.17% data decay after an hour.

The whole thing is unlikely, Humphries argued in a post to the Vista security team's blog. To make his case, he ticked off several preconditions:

-- The attacker would have to have physical access to the machine.

-- The laptop would likely have to be in "sleep" mode, rather than in "hibernate" mode or powered off.

-- The person who finds/steals the laptop must be knowledgeable and interested enough to execute the attack.

"I would posit that the opportunistic laptop thief is somewhat unlikely to carry a separate laptop on which they will have installed tools that allow them to reconstruct cryptographic keys, or for that matter have a can of compressed air handy," said Humphries.

Page:

Comments

Post new comment

Users posting comments agree to the ARN comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
The content of this field is kept private and will not be shown publicly.
Enter the fully qualified URL, eg. http://www.example.com/
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

Syndicate content
Careerone Job Search
Job seekers Get job alerts | Post your resume online | Interview tips | Ask Kate
Advertisers Click here to advertise your jobs to thousands of job seekers monthly.
 
ARN Distributor Directory
 
Find distributors by name
Find distributors by vendor
Find distributors by location
ARN Vendor Directory
 
Find vendors by name | Find by category
ARN Community Comments
Most Commented
ARN Library


Read Material

RSA - Secure Web Access

What can be done to protect web access? The Web has created a wealth of new opportunities, but as organizations shift from an internal to external focus, the traditional view of identity and access management (IAM) is changing. In many different ways, including regulations around the globe aimed at data protection and other processes, securing web access is creating many new challenges.

Subscribe to ARN

ARN has been the premier provider of information to the Australian IT channel for more than 12 years. As the only weekly publication dedicated to the channel, ARN produces timely, accurate news and analysis about IT business issues, products and services, new technology and market opportunities.
Sponsored Links