Hi Volker,
on Sat, Feb 23, 2008 at 10:15:22PM +0100, you wrote:
http://iht.com/articles/2008/02/22/technology/chip.php
don't panic. Just because something works in a lab, does not mean that it
works outside of it too. So they were able to freeze some ram and get some
information of it. So what? First of all - how man times will someone be able
to steal a computer and freeze its ram seconds after it was shut of? Who
guarantees that the decayed parts are not the ones holding the key? even a
couple of flipped bits make the data useless. And who guarantees that the
dram survives the forces when it is cooled down in tens of seconds and heated
up (through the current) afterwards?
I agree with the don't panic part but not your reasons for it. There
is a real danger for *some* of us but it's fairly easy to circumvent for
most.
How often will someone be able to steal a computer with live key
material in RAM? Well, how many laptops are being carried around
suspended to RAM? A pretty large percentage of them I suppose. So far,
if you didn't have a screen saver with an exploitable buffer overflow
(very very unlikely) or an unprotected IEEE1394 port (unlikely on Linux
today) the attacker's only chance to get at the data was to cut the
power, boot some other media and attack the disk, and with AES or
similar encryption that chance was not very good. Now you can leave the
power on, dump a can of cooling spray on the SO-DIMM (they easily
survive that, you can take your time with the power on), then take it
out, drop it in liquid N and take it home (you could do that before of
course, but it's widely know now ;)
And a couple of flipped bits are no obstacle at all for a cryptoanalyst.
A computer that can brute-force 10^11 keys a second needs an average of
~5*10^19 years to crack a 128 bit key. With 8 random flipped bits in an
otherwise intact key it should come down to less than five days which I
think is a pretty good gain. Makes it viable for people who might just
be after some blueprints[0], not just the NSA with super duper UFO
technology.
So if you have sensitive data on a laptop, make sure you don't leave it
in suspend-to-RAM where it could be stolen. If it's a stationary
unsupervised machine it should have a good chassis intrusion alarm that
cuts the power and/or overwrites memory. That's pretty much what people
can do on their own nowif they think it's worth it of course.
cheers,
Matthias
[0] That's not to say this couldn't be a Good Thing in the end what
with all the patent BS going on.
--
I prefer encrypted and signed messages. KeyID: FAC37665
Fingerprint: 8C16 3F0A A6FC DF0D 19B0 8DEF 48D9 1700 FAC3 7665
pgpeUEdX3mU0D.pgp
Description: PGP signature
