On 25 Feb 2008 at 21:45, Ben Scott wrote: > Thinking about it, it should be possible (in theory) to have the system > execute some kind of clearing/sanitization routine upon shutdown, to counter > even the small window after nominal shutdown this attack needs. Maybe have > the BIOS/firmware zero all RAM when the ACPI "Power Off" function is invoked, > before actually powering off. I think you could do that using just CPU > registers.
Unmounting a Truecrypt drive does just that -- overwrites the key in RAM. > Still, if somebody does manage to steal a running system (say the > user is physically assaulted in a cafe), the system would be > vulnerable to this attack (in theory), which is a big switch from > conventional thinking. It never ends... Discussions on the Truecrypt forums point out that epoxying the RAM in place and disabling all boot media except the HDD in a passworded BIOS should give adequate protection against all but the most determined hackers (e.g. the Feds). -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 +-----------------------------------+ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
