The same researchers posted a vulnerability in the MacOSX keychain
this week. It involved searching RAM for the password to the
keychain, which give access to all disk encryption and any stored
passwords and private keys.
http://www.news.com/8301-10784_3-9881870-7.html?tag=nefd.lede
At 2:07 PM -0500 2/29/08, Garrett M. Groff wrote:
I conveniently got an email from Secude in my inbox. One of the
closing paras had the following:
As you continue your investigation of disk-encryption technologies,
I invite you to contact us to learn more about our partnership with
Seagate and other hard drive manufacturers and how we eliminate the
types of vulnerabilities found in DRAM attacks. By encrypting data
at the drive level, we are able to offer you the highest level of
protection.
Of course, that's not true at all. The vulnerability of data
residing in DRAM still exists. That will be the case until we get
"secure RAM," or something along those lines.
However, it is true that the particular attack involving reading the
FDE key directly from RAM is defeated since that key is never
written to RAM.
Maybe I'm being too picky here, but looking ahead, this technique
could be used to read information from any application that happens
to be open at the moment using software that looks for juicy
keywords (like "confidential" or "password"). Doesn't that seem like
the next logical threat once the "low-hanging fruit" (such as it is)
of cold-boot key discovery is patched? I mean, how long are we going
to have secure disks with wide-open RAM chips?
- Garrett
_______________________________________________
FDE mailing list
[email protected]
http://www.xml-dev.com/mailman/listinfo/fde
_______________________________________________
FDE mailing list
[email protected]
http://www.xml-dev.com/mailman/listinfo/fde
