By: Michael

Michael — Fri, 22 Feb 2008 01:16:44 +0000

I was thinking of the shutdown case. I agree that the screensaver case is probably hopeless, unless it also unmounts the volume.

By: Drew Thaler

Drew Thaler — Fri, 22 Feb 2008 00:41:17 +0000

Erasing the key in memory isn't necessarily useful. It helps, of course, but with whole-disk encryption the key has to be in memory whenever the disk is mounted. Even if there's some other obstacle blocking the bad guys who've nabbed your computer (a password-protected screensaver, etc) this method would allow them to circumvent it by just extracting the key from RAM.

It might help to create a RAM with a hardware scrubber which forcibly wipes the state if the RAM loses power. But things like WiebeTech's HotPlug make me even wonder how long that would be useful.

I guess physical security is still your best bet in the end.

Comments on: Cold Boot Attacks on Disk Encryption

By: Michael

By: Drew Thaler