Tag Archives: Cold boot attack

Cold boot attack, not a threat to Full disk encryption (FDE)

Since the new cold boot attack hack is on the news, touching most of the software encryption solutions, I have wondered if it had any chance to concern also hardware encryption.

Hardware encryption is provided by a few laptop makers, generally on high-range an business models.

It has much less performance impact than software encryption, and protect the data independently from your system configuration and its partitions.

Full disk encryption is the so called hardware encryption technology used by Lenovo on my Thinkpad.

Continue reading

Disk encryption methods : hacked !

Damned !

A team of researchers found a way to defeat all the most common disk encryption methods – including dm-crypt for Linux that I previously described on this blog.

All systems are actually concerned, because the attack is low level. It is based on the RAM chips properties. After shutdown, and therefore no more electricity powering, a chip will still contain some readable information during a few seconds.

The data contained is deteriorating, but for example if you cool the chip enough, for example with a computer dry air dust cleaner, you can keep the data several minutes !

The problem concerning data encryption is that the decryption key is kept in RAM, and that way be stolen to read all your data.

The attack would not so easy in practice, if suspend-to-ram did not exist.

But as many users, including me, use heavily suspend-to-ram with their laptop, this issue is rather problematic…

The team provides a rather impressive video :

I no longer use dm-crypt since my Thinkpad provides hardware encryption, but I wonder now where the key is stored in my case. I don’t think it is in RAM, but I have to check it to make sure.I will do it tomorrow, since I need to rest now.