This sounds like a classic cold boot attack: http://en.wikipedia.org/wiki/Cold_boot_attack
Moving code into a browser extension wouldn't prevent the fact that keys reside in memory when they are being used. What's worth to note here is that this is not magical in any way; data in memory can be dumped and read. Equally data on disk can be mounted and read. This is the nature of its invention. There is no possible way to write software patches which change the way that physics and computer hardware works. Protection against physical access is outside the software world, kind of like combating gravity with JavaScript. If you are worried about keys being extracted from your harddrive then encrypt its contents and disable any operating system functionality which writes RAM to disk, for example Windows paging files, *NIX swap partitions, "sleep" mode and laptop hibernation. When your disk is secured your final worry is having your computer taken away from you while it's running. To prevent cold boot attacks, wrap your RAM with plenty metal or copper wire. If possible, configure BIOS memory testing on boot. Disable unnecessary boot devices, basically anything but your disks. Disable wake on LAN and auto power recovery. Set password requirement on changing BIOS configuration. Replace standard screws. Glue screws. Glue chassis. Don't use laptop batteries to be able to quickly pull the plug. For full paranoia mode use livecd sys and TNT computer. On 09/23/2013 09:36 PM, Padruig MacBrian wrote: > On the topic of memory dumps to aquire passwords. The following link > to http://www.elcomsoft.com/efdd.html brings a serious question of > security to mind. I understand that PGP in an any normal application > is pretty impossible to crack with brute force application. The > problem presented by elcomsoft is that the encrypted data can be > redily accessed through a memory dump to grab the keys to simply open > the message or data the simple way. What have you done, if anything, > to disable this possible means of access? > > I have been waiting for someone to create just such an addon to Chrome > for a very long time. I appreciate the effort and am hoping for your > future success. > > Paddy > > pmacbrian@yahoo dot com > > > _______________________________________________ > > http://openpgpjs.org > Subscribe/unsubscribe: http://list.openpgpjs.org
_______________________________________________ http://openpgpjs.org Subscribe/unsubscribe: http://list.openpgpjs.org
