On Thursday 21 February 2008, Marti Martinez wrote:
> The paper you mentioned has some info on possible countermeasures. The
> best (IMO) is physically securing your RAM. This seems to fit in best
> with OpenBSD's philosophy, which has never been to put much time into
> thwarting attacks that require physical access to the box -- if you
> have that, there are MANY avenues of attack, most of which don't
> benefit much from immersing components in liquid N_2.
Certainly someone w physical access can do just about anything which is very
possible to succeed. If you have a laptop physical protection is pretty key.
It all comes back to Schneier's balance. Security vs easy of use/practical.
Stealing a server or desktop that has very valuable information should not be
an easy option. It would NEVER go into a laptop.
In the end it's good to know they can recover data from your RAM but in
reality it will not affect many of us. Unless they could recover it hours
later it's only going to be a problem in an organized attack. At which point
it falls right back to physical security.
--
Steve Szmidt
"They that would give up essential liberty for temporary safety
deserve neither liberty nor safety."
Benjamin Franklin
