Welcome to WebmasterWorld Guest from 54.167.157.247

Forum Moderators: open

Message Too Old, No Replies

Encrypting Your Laptop HD May Not Protect Your Data

according to researchers at Princeton University.

   
5:31 pm on Feb 22, 2008 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



If you think that encrypting your laptop's hard drive will keep your data safe from prying eyes, you may want to think again, according to researchers at Princeton University.

They'vediscovereda way to steal the hard drive encryption key used by products such as Windows Vista's BitLocker or Apple's FileVault. With that key, hackers could get access to all of the data stored on an encrypted hard drive.

That's because of a physical property of the computer's memory chips. Data in these DRAM (dynamic RAM) processors disappears when the computer is turned off, but it turns out that this doesn't happen right away, according to Alex Halderman, a Princeton graduate student who worked on the paper.

Encrypting Your Laptop HD May Not Protect Your Data [washingtonpost.com]

An interesting piece of research which makes you think hard about limiting access to your laptop.

8:02 pm on Feb 22, 2008 (gmt 0)

WebmasterWorld Senior Member kaled is a WebmasterWorld Top Contributor of All Time 10+ Year Member



The fact that DRAM chips hold data after being switched off has been known for a long time. For instance, a graphics card designed in my University Dept had a fault - if you switched the display to the second buffer, the first image in the first buffer started to degrade after about fifteen minutes, the reason being the contents were not being refreshed unless they were actually displayed. That was over twenty years ago!

The level of skill required is way beyond your average joe. It also assumes that the encryption key is stored directly in memory. Now I can easily believe that to be true of Microsoft's BitLocker, but I doubt it is true of all encryption systems and I would expect hardware solutions to be almost entirely immune from this sort of attack.

A far greater risk is badly configured encryption software that does not dismount encrypted volumes on standby, so a laptop stolen on standby would still be wide open even if encrypted.

Kaled.

2:42 am on Feb 24, 2008 (gmt 0)

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



It's very interesting reading the forums at the various disk encryption software sites regarding this issue. It's still a bit early from the sounds of things, but I would guess that there will be some changes in the way we encrypt our drives.

Here's an interesting story showing how one guy obtained the key from Apple's FileVault using the techniques described in the article: How to bypass FileVault, BitLocker security [news.com]

 

Featured Threads

Hot Threads This Week

Hot Threads This Month