Hi, I'm one of the coauthors of the paper and I'd love to chime in.
Perry E. Metzger wrote: > "Ali, Saqib" <[EMAIL PROTECTED]> writes: >> This methods requires the computer to be "recently" turned-on and unlocked. > > No, it just requires that the computer was recently turned on. It need > not have been "unlocked" -- it jut needed to have keying material in RAM. > This is correct. >> So the only way it would work is that the victim unlocks the disks >> i.e. enter their preboot password and turn off the computer and >> "immediately" handover (conveniently) the computer to the attacker so >> that the attacker remove the DRAM chip and store in nitrogen. > > LN2 is pretty trivial to get your hands on, and will remain happy and > liquid in an ordinary thermos for quite some hours or longer. However, > the authors point out that canned air works fine, too. > Yes, this is also correct. Canned air is often found in server rooms. An attacker might not even need to bring anything with them to leverage this attack. >> And the attacker has to do all this in less then 2 seconds.... :) > > No, they may even have minutes depending on the RAM you have. > This is an important point. Without cooling, it's not merely a matter of a second or less. This is a common misconception that even in light of new evidence is difficult to believe. I think reading our paper and understanding our graphs should help with this. >> Or am I missing something? > > People readily assume that rebooting or turning off a computer wipes > RAM. It doesn't. This is just more evidence that it is bad > to assume that the contents of RAM are gone even if you turn off the > machine. Yes. General purpose memory isn't a safe place to store keying material and software countermeasures are a step behind. Even with obfuscated key schedules or strange byte ordering, the physical properties of the memory chips are going to be difficult to overcome. As our paper states: "There is no easy solution to this problem." I'm happy to field questions if this is the proper forum. Best, Jacob Appelbaum --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
