Interesting People mailing list archives
been there -- Cold Boot Attacks on Disk Encryption -- report on
From: David Farber <dave () farber net>
Date: Fri, 22 Feb 2008 04:51:00 -0800
________________________________________ From: Paul E. Robichaux [paul () robichaux net] Sent: Thursday, February 21, 2008 7:51 PM To: David Farber; ip Subject: Re: [IP] Cold Boot Attacks on Disk Encryption -- report on I want to point out that this class of attacks (generically known as “Freon attacks”) have been known for some time, although the Princeton team has done great work in making the attack more practical. BitLocker offers operating modes that mitigate the risk of these attacks; for more details, check out the Microsoft Data Encryption Toolkit for Mobile PCs at <http://www.microsoft.com/technet/security/guidance/clientsecurity/dataencryption/analysis/4e6ce820-fcac-495a-9f23-73d65d846638.mspx><http://www.microsoft.com/technet/security/guidance/clientsecurity/dataencryption/analysis/4e6ce820-fcac-495a-9f23-73d65d846638.mspx>. It details the various BitLocker operating modes and the specific threats that they do, and do not, protect against. Disclaimer: I was the lead author for the Data Encryption Toolkit documents. Cheers, -Paul On 2/21/08 4:25 PM, "David Farber" <dave () farber net> wrote: Begin forwarded message: From: Declan McCullagh <declan () well com> Date: February 21, 2008 3:57:43 PM EST To: dave () farber net Cc: Jacob Appelbaum <jacob () appelbaum net> Subject: Re: [IP] Cold Boot Attacks on Disk Encryption Dave, The paper published today makes some pretty strong claims about the vulnerabilities of Microsoft's BitLocker, Apple's FileVault, TrueCrypt, Linux's dm-crypt subsystem, and similar products. So I put the folks behind it to a test. I gave them my MacBook laptop with FileVault turned on, powered up, encrypted swap enabled, and the screen saver locked. They were in fact able to extract the 128-bit AES key; I've put screen snapshots of their FileVault bypass process here: http://www.news.com/2300-1029_3-6230933-1.html And my article with responses from Microsoft, Apple, and PGP is here: http://www.news.com/8301-13578_3-9876060-38.html Bottom line? This is a very nicely done attack. It's going to make us rethink how we handle laptops in sleep mode and servers that use encrypted filesystems (a mail server, for instance). -Declan Jacob Appelbaum wrote:
With all of the discussions that take place daily about laptop seizures, data breech laws and how crypto can often come to the rescue, I thought the readers of IP might be interested in a research project that was released today. We've been working on this for quite some time and are quite proud of the results. Ed Felten wrote about it on Freedom To Tinker this morning: http://www.freedom-to-tinker.com/?p=1257
------------------------------------------- Archives: http://www.listbox.com/member/archive/247/=now RSS Feed: http://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com ------------------------------------------- Archives: http://www.listbox.com/member/archive/247/=now RSS Feed: http://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- been there -- Cold Boot Attacks on Disk Encryption -- report on David Farber (Feb 22)