The key isn't in RAM available to be stolen if the machine is off. It's stored in somewhere else - USB key, or in the TPM, or similar.
The idea is that the user must authenticate to the machine again (e.g. by entering a BIOS bootup password), or supplying a USB dongle, to be able to restart the machine. Bitlocker (for example) supports a multi-factor authN option: TPM+USB or TPM+PIN. That would defeat this type of attack (unless someone can steal your laptop within the 5-30 seconds after you have shut it down or hibernated it. Cheers Ken -----Original Message----- From: Ben Scott [mailto:[EMAIL PROTECTED] Sent: Tuesday, 26 February 2008 10:06 AM To: NT System Admin Issues Subject: Re: FYI: Security boffins unveil BitUnlocker On Mon, Feb 25, 2008 at 5:54 PM, Ken Schaefer <[EMAIL PROTECTED]> wrote: > If you really have sensitive information, then don't keep the keys in RAM. > Shutdown/hibernate the machine, and require multi-factor auth to boot the > machine. I'm trying to figure out how I'm supposed to get the computer to use a key if it cannot put the key in RAM... :-) -- Ben ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
