homepage Welcome to WebmasterWorld Guest from 54.163.91.250
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Hardware and OS Related Technologies / Webmaster Hardware
Forum Library, Charter, Moderator: open

Webmaster Hardware Forum

    
Encrypting Your Laptop HD May Not Protect Your Data
according to researchers at Princeton University.
engine




msg:3582229
 5:31 pm on Feb 22, 2008 (gmt 0)

If you think that encrypting your laptop's hard drive will keep your data safe from prying eyes, you may want to think again, according to researchers at Princeton University.

They'vediscovereda way to steal the hard drive encryption key used by products such as Windows Vista's BitLocker or Apple's FileVault. With that key, hackers could get access to all of the data stored on an encrypted hard drive.

That's because of a physical property of the computer's memory chips. Data in these DRAM (dynamic RAM) processors disappears when the computer is turned off, but it turns out that this doesn't happen right away, according to Alex Halderman, a Princeton graduate student who worked on the paper.

Encrypting Your Laptop HD May Not Protect Your Data [washingtonpost.com]

An interesting piece of research which makes you think hard about limiting access to your laptop.

 

kaled




msg:3582377
 8:02 pm on Feb 22, 2008 (gmt 0)

The fact that DRAM chips hold data after being switched off has been known for a long time. For instance, a graphics card designed in my University Dept had a fault - if you switched the display to the second buffer, the first image in the first buffer started to degrade after about fifteen minutes, the reason being the contents were not being refreshed unless they were actually displayed. That was over twenty years ago!

The level of skill required is way beyond your average joe. It also assumes that the encryption key is stored directly in memory. Now I can easily believe that to be true of Microsoft's BitLocker, but I doubt it is true of all encryption systems and I would expect hardware solutions to be almost entirely immune from this sort of attack.

A far greater risk is badly configured encryption software that does not dismount encrypted volumes on standby, so a laptop stolen on standby would still be wide open even if encrypted.

Kaled.

bill




msg:3583139
 2:42 am on Feb 24, 2008 (gmt 0)

It's very interesting reading the forums at the various disk encryption software sites regarding this issue. It's still a bit early from the sounds of things, but I would guess that there will be some changes in the way we encrypt our drives.

Here's an interesting story showing how one guy obtained the key from Apple's FileVault using the techniques described in the article: How to bypass FileVault, BitLocker security [news.com]

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Webmaster Hardware
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved