As a summary, this is how the attack works: DRAM chips tend to hold their information for a couple of seconds, even after power is lost. So, in theory the keys for disk encryption tools are still in memory for a while, even if you quickly pull the plug should an attacker come bursting through your door. Uhm... right. So, the attacker can then go ahead and quickly cool your memory chips (apparently a pretty normal dust cleaner spray can was easily converted to make for a rapid cooling device), which then means that the DRAM chips might hold their information for several minutes. You can then take these chips and place them into a different computer, boot up and - voila! - scan the memory for the keys.
So... is that all?
Seriously, this does not at all mean that disk encryption is easily cracked, or anything of that magnitude. Let's consider what the attack scenario is like here:
- Attacker needs to get access to your system while it's powered on.
- Attacker needs to pry it from you before you have a chance to unmount your encrypted volumes (lest the software might just override its in-memory encryption keys at that point).
- In which case the attacker already has access to the decrypted data on your drive, and now they can cool the memory... wait!
Right, let's try a different scenario:
- Attacker needs to get access to your system, just after you powered it off.
- Ideally, you didn't unmount your encrypted volumes before powering off, since that might mean that encryption keys are wiped in memory.
- This means that you had to do a panic power-cord-yanking when you saw your attacker come bursting through the door.
Let's keep in mind what disk encryption is meant to do for you: It secures your data even if someone gets pyhiscal access to your harddrive. For example if you forget to properly wipe your old disk before throwing it away. Or possibly when you loose your laptop (as seems to be popular these days), or that machine gets stolen (quite a realistic threat, especially for a frequent traveller). In that case, the attack won't work, because the system has been off for a while, I would assume.
The only exception of course is suspend to RAM on a laptop. And that's really where this threat scenario plays out. If you mount your encrypted volumes (supplying your passwords, which in turn will cause the generation of the proper de/encryption key) and then just suspend your laptop, you deal with a ticking time-bomb of sorts. If your laptop gets stolen, someone just needs to wake it up from the suspend and there it all is again. If you don't set a locked screensaver to come on at that point, you may just as well not have bothered with encryption at all.
But let's say you did the right thing and have a password-protected login after suspend. Let's assume the attacker cannot break your password at that point. They can then open the laptop case, cool down the RAM, take the RAM and place it in their own system, boot up, scan the memory, and so on.
There, that's the only way I can see this attack to be of any real-world concern. The lessons we have to learn from this:
- Unmount your encrypted volumes before suspending to RAM.
- Use encrypted container files if possible, since they allow you to perform an unmount separately from booting (or shutting down) your system. Encrypted container files have some advantages, which I had talked about before.
- This third point is obviously now something new to consider: Use encryption software that wipes its keys from memory when you unmount the encrypted volume.
Anyway, to claim that "disk encryption is easily broken" is just plain wrong. It's a very useful technology, and we should not allow reckless reporting and sensationalist headlines to distract anyone who might consider using these tools.
Other related posts:
Skype surveillance: You can't trust closed-source software
Fake popup study: Users are idiots? I don't think so...
Google anonymises IP addresses in their logs? Not really...
Comment by anonymous, on 23-Feb-2008 23:16
in one of the white papers released on this topic already....true crypt is vulnerable....if i'm not mistaken...all of the disk encryption utilities tested thus far have been circumvented using this technique...
I guess this is a good lesson for security software developers....even if your code is good...the hardware can betray you...