On Tue, Feb 26, 2008 at 6:31 PM, Ken Schaefer <[EMAIL PROTECTED]> wrote: >>> Also, full-disk encryption technologies that are embedded in the hardware >>> of modern hard disks typically do not store keys in RAM. The user enters >>> the PIN that's required to have the controller release the key. >> >> The PIN would then pass through RAM. > > If I put the machine into sleep/standby, there is no key in RAM, so there is > nothing to grab via this attack, unlike other technologies.
The cipher key isn't in RAM, but when the PIN was entered it would have been stored in RAM before the boot firmware handed it off to the disk controller. Since the PIN is used to tell the disk to unlock the cipher key it's storing internally, the PIN is as good as the key. So if I can use the technique from the article to recover the PIN carelessly left in RAM, I can unlock the hard disk. Now, as I said, it should be pretty easy to sanitize the RAM the PIN is stored in, since you only need the PIN when you're unlocking the hard drive at boot time. That's in contrast to "software-based whole-disk encryption", where the cipher key has to remain in RAM pretty much any time the machine is running. I'm not just being pedantic; DoD/NISP security requirements really do worry about this sort of thing. In terms of practical threat analysis: Depending on a short secret (PIN, password, etc.) to protect the hard drive weakens the security provided by whole-disk encryption considerably. It doesn't matter if the disk is doing billion-bit super-triple-AES encryption if the cipher key can be unlocked with a PIN of "12345". A cipher is only as strong as the mechanisms protecting the key. Given threats such as users picking weak passwords, user writing their password down, and shoulder surfing, I'd say you're better off using a two-factor scheme, even if it is potentially vulnerable to this "RAM attack". I'm thinking it's a lot more likely an attacker will find a PIN on a Post-It Note than successfully pull off this "RAM attack". -- Ben ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
