If you put your machine to "sleep" or "standby" then the machine's memory is still being refreshed. So the keys are still in memory, and then if the machine is stolen from you they are easily recoverable.
What I was saying is that if you have sensitive information and are relying significantly on disk encryption techniques, then do not keep the keys in memory during times when the laptop can be stolen (aka which is most likely when you are not using it). You can shutdown your machine, or your hibernate your machine (but don't use sleep/standby), and then require authentication when the machine is turned on again. Apologies if that wasn't clear in my earlier post. I hope this clarifies things :-) Cheers Ken -----Original Message----- From: Ben Scott [mailto:[EMAIL PROTECTED] Sent: Tuesday, 26 February 2008 1:29 PM To: NT System Admin Issues Subject: Re: FYI: Security boffins unveil BitUnlocker On Mon, Feb 25, 2008 at 8:03 PM, Ken Schaefer <[EMAIL PROTECTED]> wrote: > Read their whitepaper - the RAM contents are available for between about 5 > and 25 seconds depending > on the type of RAM used. I'm not saying attack is practical. It seems far-fetched to me. But your suggested counter-measure was, "don't keep the keys in RAM". As far as I know, if you're using a host-based crypto system, where the CPU is doing the work, the keys have to be stored in RAM. There's no way around it. No? -- Ben ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
