Monday, March 24, 2008

Cold Boot Vulnerabilities

What, me worry? If encryption keys are vulnerable, then so is anything else in RAM. Various tools may keep user passwords in RAM for extended periods, e.g., kdesud and sudo. Any other sensitive data one can think of is in RAM at some time or another on some machine or another. Some have said the attack isn't practical. I think rather that it's not going to be all that common, but organized crime, law enforcement, and intelligence agencies will be the most likely to make use of it. Oh, and students. The only uncommon item needed for the exploit is Princeton's software to dump the RAM contents and find the keys, but this or similar software will be freely available, if it's not already. I don't think this reduces the value of encryption so much as it increases the motivation for good physical security.

No comments: