|
|
Disk Encryption Not Secure
Last post 02-22-2008, 12:50 PM by jd4fox23. 0 replies.
-
 02-22-2008, 12:50 PM |
-
jd4fox23
-
-
-
Joined on 01-08-2007
-
-
Posts 778
-
-
|
Disk Encryption Not Secure
A team including the Electronic Frontier Foundation (EFF), Princeton University, and other researchers have found a major security flaw in several popular disk encryption technologies that leaves encrypted data vulnerable to attack and exposure.
"People trust encryption to protect sensitive data when their computer is out of their immediate control," said EFF Staff Technologist Seth Schoen, a member of the research team. "But this new class of vulnerabilities shows it is not a sure thing. Whether your laptop is stolen, or you simply lose track of it for a few minutes at airport security, the information inside can still be read by a clever attacker."
The researchers cracked several widely used disk encryption technologies, including Microsoft's BitLocker, Apple's FileVault, TrueCrypt, and dm-crypt. These "secure" disk encryption systems are supposed to protect sensitive information if a computer is stolen or otherwise accessed. However, in a paper and video published on the Internet today, the researchers show that data is vulnerable because encryption keys and passwords stored in a computer's temporary memory -- or RAM -- do not disappear immediately after losing power.
"These types of attacks were often though to be in the realm of the NSA," said Jacob Appelbaum, an independent computer security researcher and member of the research team. "But we discovered that on most computers, even without power applied for several seconds, data stored in RAM seemed to remain when power was reapplied, We then wrote programs to collect the contents of memory after the computers were rebooted."
<more>
http://www.eff.org/press/archives/2008/02/21-0
jd4fox23
|
|
|
|
