foobar on computers, software and the rest of the world


Disk encryption easily cracked? Nonsense!

, posted: 23-Feb-2008 10:15

Lots of coverage today about a new piece of research, which shows how keys for disk encryption tools can be recovered, supposedly meaning that "Disk encryption is easily cracked." Sigh! It's headlines like this that really annoy me.

As a summary, this is how the attack works: DRAM chips tend to hold their information for a couple of seconds, even after power is lost. So, in theory the keys for disk encryption tools are still in memory for a while, even if you quickly pull the plug should an attacker come bursting through your door. Uhm... right. So, the attacker can then go ahead and quickly cool your memory chips (apparently a pretty normal dust cleaner spray can was easily converted to make for a rapid cooling device), which then means that the DRAM chips might hold their information for several minutes. You can then take these chips and place them into a different computer, boot up and - voila! - scan the memory for the keys.

So... is that all?

Seriously, this does not at all mean that disk encryption is easily cracked, or anything of that magnitude. Let's consider what the attack scenario is like here:
  1. Attacker needs to get access to your system while it's powered on.
  2. Attacker needs to pry it from you before you have a chance to unmount your encrypted volumes (lest the software might just override its in-memory encryption keys at that point).
  3. In which case the attacker already has access to the decrypted data on your drive, and now they can cool the memory... wait!
Ok, that's apparently not the attack scenario, since the attacker already has your decrypted data at this point without having to do anything. They basically took the system away from under your hands (or came and pushed you off the chair). Great! Somehow I don't think that disk encryption was meant as a defence against this kind of attack!?

Right, let's try a different scenario:
  1. Attacker needs to get access to your system, just after you powered it off.
  2. Ideally, you didn't unmount your encrypted volumes before powering off, since that might mean that encryption keys are wiped in memory.
  3. This means that you had to do a panic power-cord-yanking when you saw your attacker come bursting through the door.
Ok, so this is a problem when people come bursting through your door? I think at that point a gun to your head (or the threat of legal sanctions) may convince you to reveal your encryption key anyway, ice-cold memory or not. So, this attack is not really needed in that case either, right?

Let's keep in mind what disk encryption is meant to do for you: It secures your data even if someone gets pyhiscal access to your harddrive. For example if you forget to properly wipe your old disk before throwing it away. Or possibly when you loose your laptop (as seems to be popular these days), or that machine gets stolen (quite a realistic threat, especially for a frequent traveller). In that case, the attack won't work, because the system has been off for a while, I would assume.

The only exception of course is suspend to RAM on a laptop. And that's really where this threat scenario plays out. If you mount your encrypted volumes (supplying your passwords, which in turn will cause the generation of the proper de/encryption key) and then just suspend your laptop, you deal with a ticking time-bomb of sorts. If your laptop gets stolen, someone just needs to wake it up from the suspend and there it all is again. If you don't set a locked screensaver to come on at that point, you may just as well not have bothered with encryption at all.

But let's say you did the right thing and have a password-protected login after suspend. Let's assume the attacker cannot break your password at that point. They can then open the laptop case, cool down the RAM, take the RAM and place it in their own system, boot up, scan the memory, and so on.

There, that's the only way I can see this attack to be of any real-world concern. The lessons we have to learn from this:
  1. Unmount your encrypted volumes before suspending to RAM.
  2. Use encrypted container files if possible, since they allow you to perform an unmount separately from booting (or shutting down) your system. Encrypted container files have some advantages, which I had talked about before.
  3. This third point is obviously now something new to consider: Use encryption software that wipes its keys from memory when you unmount the encrypted volume.
To my dismay, I couldn't find any information about whether my favorite disk encryption software (TrueCrypt) is actually doing that at this point. I hope they will make a statement about that soon. Should be easy enough to fix, though: Wipe the buffers that hold the encryption keys for a volume, once the volume is unmounted.

Anyway, to claim that "disk encryption is easily broken" is just plain wrong. It's a very useful technology, and we should not allow reckless reporting and sensationalist headlines to distract anyone who might consider using these tools.

Other related posts:
Skype surveillance: You can't trust closed-source software
Fake popup study: Users are idiots? I don't think so...
Google anonymises IP addresses in their logs? Not really...








Comment by anonymous, on 23-Feb-2008 23:16

in one of the white papers released on this topic already....true crypt is vulnerable....if i'm not mistaken...all of the disk encryption utilities tested thus far have been circumvented using this technique...

I guess this is a good lesson for security software developers....even if your code is good...the hardware can betray you...


Add a comment

Please note: comments that are inappropriate or promotional in nature will be deleted. E-mail addresses are not displayed, but you must enter a valid e-mail address to confirm your comments.

Are you a registered Geekzone user? Login to have the fields below automatically filled in for you and to enable links in comments. If you have (or qualify to have) a Geekzone Blog then your comment will be automatically confirmed and placed in the moderation queue for the blog owner's approval.

Your name:

Your e-mail:

Your webpage:

foobar's profile

 
New Zealand


  • Who I am: Software developer and consultant.
  • What I do: System level programming, Linux/Unix. C, C++, Java, Python, and a long time ago even Assembler.
  • What I like: I'm a big fan of free and open source software. I'm Windows-free, running Ubuntu on my laptop. To a somewhat lesser degree, I also follow the SaaS industry.
  • Where I have been: Here and there, all over the place.




Google Search


Recent posts

Attack on net neutrality right...
Munich already saved millions ...
Iceland's public administratio...
More Apple madness (follow up)...
Apple demonstrates: With great...
Smooth sailing with the Karmic...
Censorship in New Zealand: Wid...
Image roll-over effects withou...
How about: Three strikes and Y...
UK government supports open so...


Top 10

How to write a Linux virus in ...
(11-Feb-2009 06:33, 457943 views)
Follow up: How to write a Linu...
(12-Feb-2009 08:10, 64347 views)
A truly light-weight OS: Writt...
(3-Feb-2009 10:39, 46493 views)
The 'Verified by Visa' fiasco ...
(20-Jun-2008 09:59, 32265 views)
EEE PC with XP is cheaper than...
(9-May-2008 06:50, 20200 views)
11 reasons to switch to Linux...
(4-Feb-2009 09:24, 20115 views)
Would you use Google App Engin...
(8-Apr-2008 20:02, 19393 views)
Censorship in New Zealand: Wid...
(16-Jul-2009 12:11, 18845 views)
Django Plugables: Tons of plug...
(11-Apr-2008 03:24, 16797 views)
Slow file copy bug in Vista: A...
(21-Dec-2007 12:18, 15926 views)