Helping people with computers... one answer at a time.
This is Leo Notenboom for askleo.net.
Just about the time we congratulate ourselves for taking the next step in security by carefully encrypting everything on our hard disk, out comes a report that shows - and I do mean demonstrates - that many of the most popular encryption tools can be defeated without a whole lot of work on the hackers part.
Now, before we all run around and panic, let's look at what this is really all about.
Conventional wisdom is that the contents of your computer's RAM is lost when you power down your computer. There are two nuances to that statement that make that conventional wisdom a little less conventional:
First, standby mode does not actually power down RAM. Hibernate mode might or might not, but it also writes an image of RAM to your hard disk.
Second, it turns out that your RAM actually keeps what's stored in it for "a while" after it's been powered down. And although "a while" could be a few seconds, it could be lengthened into several minutes by cooling down the RAM chips before they're powered down with common cans of compressed air.
Now remember that in order for encryption software like TrueCrypt or Bitlocker or others to work, they must keep the decryption key in RAM in order to use it.
So, a hacker comes along, steals your laptop, and if it's on or in standby or in hibernation, he might just be able to reboot and run a tool that reads what's left in your RAM and locate those keys and then be able to decrypt your information. It's even been shown that by cooling the RAM chips they can be removed and placed in another computer where software can then access the contents.
Scary, huh? And yes, if you're a secret agent or carrying corporate or government secrets around in your laptop you might need to reconsider how you treat your data.
But what about the rest of us?
Well, I'm not going to panic just yet.
The best advice so far is simply not to rely on Standby or Hibernation for security and turn off your computer for a few minutes before you might leave it in any situation where it might be lost or stolen.
Note that this does require physical access to your machine. As I've mentioned before, if your machine isn't physically secure it's not secure - though clearly encrypting the data is one approach to dealing with exactly that. So, if you're in a situation where you are at risk of theft, you'll want to keep this new possibility in mind.
I fully expect computer manufacturers and encryption software vendors to come up with some preventative measures as soon as they can.
I'd love to hear what you think. Visit askleo.net and enter 12257 in the go to article number box to access the show notes, the transcript and a link to the Princeton University web site with all the details. While you're there, browse the hundreds of technical questions and answers on the site.
Till next time, I'm Leo Notenboom, for askleo.net.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.