Encryption Keys Recoverable from Ram after Reboot

RadioPatrol · Mar 10, 2008

For the Techies or curious out there ..... it is possible to recover information from a PC's Memory by cutting the power and rebooting off of a thumb drive with minimal system and copy the ram contents for later analysis .... Laptop memory can hold info as long as 10 min, but most desktop PC's maybe a minuet at the most .... longer if the memory is chilled with "liquid" sprayed from caned air

The implication of the paper has to do specifically with disk encryption. These are systems that try to encrypt the contents of file on hard drives of PCs so that if the computer is lost or stolen, the person who gets the computer won't be able to read all the files.

We found a method that is able to defeat all of the disk encryption systems that we've tried it on, which I think is now up to six systems roughly. And the basic reason is that all of these systems need to keep the secret encryption key somewhere, and the only place they can put it is in the RAM.

What we found, basically, is a way to get access to RAM, even if it's screen-locked.

The way we get access to RAM is by exploiting a pretty surprising property of RAM. RAM is supposed to be volatile -- when you turn off the power, it forgets the information. What we found is that information in RAM sticks around a lot longer. It sort of fades out over much longer than anybody thought.

..... <snip>

Any three-letter federal agencies? There are some rumors that some of these agencies may have known about of these methods before. We looked really hard for any written evidence of that -- any news stories, any documents from the agencies, anything in the published literature -- and couldn't find it. But nonetheless there are rumors. I wouldn't be surprised if some agencies had known about it.

GWguy · Mar 10, 2008

RadioPatrol said:
For the Techies or curious out there ..... it is possible to recover information from a PC's Memory by cutting the power and rebooting off of a thumb drive with minimal system and copy the ram contents for later analysis .... Laptop memory can hold info as long as 10 min, but most desktop PC's maybe a minuet at the most .... longer if the memory is chilled with "liquid" sprayed from caned air
..... <snip>

Never had a thought to even try that.... Where did you find that info?

Christy · Mar 10, 2008

GWguy said:
Never had a thought to even try that.... Where did you find that info?

Q&A: A stick of RAM, a can of air, and wow

An article actually came out in early February as well, this is just a follow-up.

GWguy · Mar 10, 2008

Christy said:
Q&A: A stick of RAM, a can of air, and wow

An article actually came out in early February as well, this is just a follow-up.

Thanx. Interesting read....

Christy · Mar 10, 2008

GWguy said:
Thanx. Interesting read....

It is an interesting read, but I also think it's much ado about nothing. There are a million and one easier methods available to retrieve someone's data without pulling a McGyver. :lol:

MrX · Mar 10, 2008

pretty interesting....

GWguy · Mar 10, 2008

Being the "outside the box" kind of thinker I am... think about this:

I can foresee a day when some of our brains are silicon. Implants, add-ons, whatever. So, what if a major portion of your memories, personality, "you", is stored that way? Your body dies, but you can remove the chips (or whatever for it takes in the future) and freeze your "mind". After they fix your body, or give you a new one, you can be "rebooted" with your old self intact.

Ok, so maybe there are better ways of storing volatile memories by then... just thinking out loud here. New definition of "brain freeze".

RadioPatrol · Mar 11, 2008

Christy said:
It is an interesting read, but I also think it's much ado about nothing. There are a million and one easier methods available to retrieve someone's data without pulling a McGyver.

Usually not from System Memory .... the assumption was, a reboot cleared the RAM .... and in most cases will ......... "But Not So Grasshopper" RAM contents can be recovered with canned air and Linux Bootable CD or Thumbdrive and pulling the power cord .... so system contents are not flushed

RadioPatrol · Mar 11, 2008

GWguy said:
Being the "outside the box" kind of thinker I am... think about this:

I can foresee a day when some of our brains are silicon. Implants, add-ons, whatever. So, what if a major portion of your memories, personality, "you", is stored that way? Your body dies, but you can remove the chips (or whatever for it takes in the future) and freeze your "mind". After they fix your body, or give you a new one, you can be "rebooted" with your old self intact.

Ok, so maybe there are better ways of storing volatile memories by then... just thinking out loud here. New definition of "brain freeze".

Hmm Cyberpunk World ........ Nanobots, Chip Sockets, Eyes replaced with Cameras .... wetware ....... need to speak conversational Russian, just jack in a chip with Russian on it ...........

Encryption Keys Recoverable from Ram after Reboot

RadioPatrol

Guest

GWguy

*

Christy

b*tch rocket

GWguy

*

Christy

b*tch rocket

MrX

High Octane

GWguy

*

RadioPatrol

Guest

RadioPatrol

Guest