On 25 Feb 2008 at 21:51, Ben Scott wrote: > Or... chill the whole system (RAM included) to make the window of > opportunity bigger. Kill the power. Swap the normal hard disk with > your own. Boot from that, and recover the keys from RAM, storing them > on your disk.
Hadn't thought of that attack, but the attacker would need to know you had disabled boot-except-from-HDD to make this attack worth the effort. > Now you've got what you need to decrypt the data on the > original (now removed) disk. Should be even easier to counter that, > though. Have the BIOS sanitize the RAM at power-on, and any leftover > keys will be gone. I don't know of any BIOS that does this. The long POST can be bypassed by [Esc] on every system I've tested. > That leaves the RAM chip swap you describe, which is pretty radical. Yep. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 +-----------------------------------+ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
