Cracking disk encryption

Discussion in 'NZ Computing' started by Lawrence D'Oliveiro, Feb 22, 2008.

  1. Interesting new research <http://www.freedom-to-tinker.com/?p=1257> finds an
    unsuspected weak spot in disk-encryption software.
     
    Lawrence D'Oliveiro, Feb 22, 2008
    #1
    1. Advertising

  2. Lawrence D'Oliveiro

    peterwn Guest

    On Feb 22, 1:12 pm, Lawrence D'Oliveiro <l...@geek-
    central.gen.new_zealand> wrote:
    > Interesting new research <http://www.freedom-to-tinker.com/?p=1257> finds an
    > unsuspected weak spot in disk-encryption software.


    This would in practice require someone who is able to pounce on a
    laptop that has not been switched for too long and who has appropriate
    software on a 'pen' etc. If the user has password protected the BIOS
    and prevented booting from other than the HD, then the villan would
    need to rip out the DRAM card(s) and then plonk them into another
    compatible computer. This is where freezing may be useful.

    A OS writer could include a shutdown routine that purges memory just
    prior to finally shutting down.
     
    peterwn, Feb 22, 2008
    #2
    1. Advertising

  3. Lawrence D'Oliveiro

    Murray Symon Guest

    peterwn wrote:

    > On Feb 22, 1:12 pm, Lawrence D'Oliveiro <l...@geek-
    > central.gen.new_zealand> wrote:
    >> Interesting new research <http://www.freedom-to-tinker.com/?p=1257> finds
    >> an unsuspected weak spot in disk-encryption software.

    >
    > This would in practice require someone who is able to pounce on a
    > laptop that has not been switched for too long and who has appropriate
    > software on a 'pen' etc. If the user has password protected the BIOS
    > and prevented booting from other than the HD, then the villan would
    > need to rip out the DRAM card(s) and then plonk them into another
    > compatible computer. This is where freezing may be useful.
    >
    > A OS writer could include a shutdown routine that purges memory just
    > prior to finally shutting down.


    Not if you pull the plug out, or cut the wires.
     
    Murray Symon, Feb 22, 2008
    #3
  4. Lawrence D'Oliveiro

    peterwn Guest

    On Feb 22, 9:23 pm, Murray Symon
    <> wrote:

    >
    > > A OS writer could include a shutdown routine that purges memory just
    > > prior to finally shutting down.

    >
    > Not if you pull the plug out, or cut the wires.


    Not relevant for a laptop - if a villan can grab a switched on laptop
    then the villan has all the time in the world to recover RAM data. If
    it is logged in and a password is not needed to for the screensaver,
    then the villan can merely unload the user's data even if the disk is
    encrypted.

    If a desktop, cutting the lead may cause the Coroner to express some
    surprise as peoples' stupidity (oops, coroners are not allowed to make
    that sort of comment - it upsets rellies too much).
     
    peterwn, Feb 22, 2008
    #4
  5. Lawrence D'Oliveiro

    shane Guest

    peterwn did scribble:

    > On Feb 22, 9:23 pm, Murray Symon
    > <> wrote:
    >
    >>
    >> > A OS writer could include a shutdown routine that purges memory just
    >> > prior to finally shutting down.

    >>
    >> Not if you pull the plug out, or cut the wires.

    >
    > Not relevant for a laptop - if a villan can grab a switched on laptop
    > then the villan has all the time in the world to recover RAM data. If
    > it is logged in and a password is not needed to for the screensaver,
    > then the villan can merely unload the user's data even if the disk is
    > encrypted.
    >


    That assumes the villain gets or has the right power adapter before the battery
    runs out.

    > If a desktop, cutting the lead may cause the Coroner to express some
    > surprise as peoples' stupidity (oops, coroners are not allowed to make
    > that sort of comment - it upsets rellies too much).


    Or, the power could be cut at the switchboard.
    --
    Hardware n: Parts of the computer you can kick
     
    shane, Feb 22, 2008
    #5
  6. Lawrence D'Oliveiro

    Murray Symon Guest

    peterwn wrote:

    > On Feb 22, 9:23 pm, Murray Symon
    > <> wrote:
    >
    >>
    >> > A OS writer could include a shutdown routine that purges memory just
    >> > prior to finally shutting down.

    >>
    >> Not if you pull the plug out, or cut the wires.

    >
    > Not relevant for a laptop - if a villan can grab a switched on laptop
    > then the villan has all the time in the world to recover RAM data. If
    > it is logged in and a password is not needed to for the screensaver,
    > then the villan can merely unload the user's data even if the disk is
    > encrypted.


    > If a desktop, cutting the lead may cause the Coroner to express some
    > surprise as peoples' stupidity (oops, coroners are not allowed to make
    > that sort of comment - it upsets rellies too much).


    I had the DC power supply leads in mind.

    There is plenty of discussion on this at Bruce Schneier's blog.
    Including yanking the RAM modules out while the PC is still running,
    and then swapping them to another machine.
    It goes to show that many assumptions (e.g. volatility of DRAM) can
    be overturned, and that there is always a countermeasure for every
    measure that can be added.

    The principle involved here is the one concerning possession of the
    physical device.

    Murray.
     
    Murray Symon, Feb 22, 2008
    #6
  7. In article
    <>,
    peterwn did write:

    > On Feb 22, 9:23 pm, Murray Symon
    > <> wrote:
    >>
    >>> A OS writer could include a shutdown routine that purges memory just
    >>> prior to finally shutting down.

    >>
    >> Not if you pull the plug out, or cut the wires.

    >
    > Not relevant for a laptop - if a villan can grab a switched on laptop
    > then the villan has all the time in the world to recover RAM data.


    This <http://www.schneier.com/blog/archives/2008/02/hotplug_1.html> could
    also be useful.
     
    Lawrence D'Oliveiro, Feb 22, 2008
    #7
  8. Lawrence D'Oliveiro

    peterwn Guest

    On Feb 23, 10:02 am, Murray Symon
    <> wrote:

    >
    > The principle involved here is the one concerning possession of the
    > physical device.
    >


    The issue is one similar to lock picking. Most locks in general use
    are vulnerable to picking and a skilled locksmith can open them in a
    few minutes. Cylinder locks are also vulnerable to 'bumping'.
    Nevertheless most people find them satisfafactory for day to day
    security. If you are very concerned with your lock being picked a
    locksmih can sell you a high security barrel with restricted keys for
    perhaps $50 to $100 - Bilock and Medeco probably being the best.

    Since most laptops are stolen in a 'cold' state disk encryption will
    ensure they stay secure. Hence disk encryption will serve its purpose
    in 99% of cases. A means of wiping DRAM on shutdown will help in some
    of the remaining cases, but after that the user must take
    responsibility to ensure it is shut down before leaving it in a car
    etc. What precautions a user takes (or is required to take by an
    employer) depends on the sensitivity of the information. A
    compromised laptop could cost a firm millions or a political party an
    election (National might have won the 2005 election if Don Brash's E-
    mail system had not been compromised).
     
    peterwn, Feb 22, 2008
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. AK

    Cracking Up

    AK, Nov 10, 2003, in forum: Computer Support
    Replies:
    11
    Views:
    818
    ┬░Mike┬░
    Nov 11, 2003
  2. Martino
    Replies:
    8
    Views:
    10,720
    Bill Marshal
    Feb 1, 2006
  3. LaDDL

    Re: Help needed on a bibliography of cracking

    LaDDL, Apr 26, 2004, in forum: Computer Security
    Replies:
    1
    Views:
    437
    Marek Luch
    Apr 30, 2004
  4. Marek Luch

    Re: Help needed on a bibliography of cracking

    Marek Luch, Apr 30, 2004, in forum: Computer Security
    Replies:
    0
    Views:
    415
    Marek Luch
    Apr 30, 2004
  5. Replies:
    1
    Views:
    1,734
Loading...

Share This Page