Author Topic: Easy way to steal encrypted data?  (Read 1626 times)

0 Members and 1 Guest are viewing this topic.

Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Easy way to steal encrypted data?
« on: February 23, 2008, 11:26:22 am »
http://www.nytimes.com/2008/02/22/technology/22chip.html?em&ex=1203915600&en=13d01f43eefefaeb&ei=5087%0A

My favorite part:

Quote
Executives of Microsoft said BitLocker has a range of protection options that they referred to as “good, better and best.”

Austin Wilson, director of Windows product management security at Microsoft, said the company recommended that BitLocker be used in some cases with additional hardware security. That might include either a special U.S.B. hardware key, or a secure identification card that generates an additional key string.

The Princeton researchers acknowledged that in these advanced modes, BitLocker encrypted data could not be accessed using the vulnerability they discovered.

Do any of the other encryption methods (e.g. TrueCrypt) have this capability? Was Microsoft actually in the right this time?! :o
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline Explicit

  • Hero Member
  • *****
  • Posts: 717
  • Hail Bender!
    • View Profile
Re: Easy way to steal encrypted data?
« Reply #1 on: February 23, 2008, 02:15:41 pm »
I thought this was pretty nifty, too.

Who would've thought significantly cooling down a stick of RAM would also slow the rate at which the data was cleared?

Apparently they did. :)

But I can imagine that it does pose some serious implications provided that someone is willing enough to put in the effort of retrieving said data.
Quote
Like all things in life, pumping is just a primitive, degenerate form of bending.

Quote
Hey, I don't tell you how to tell me what to do, so don't tell me how to do what you tell me to do! ... Bender knows when to use finesse.

[13:41:45]<@Fapiko> Why is TehUser asking for wang pictures?
[13:42:03]<@TehUser> I wasn't asking for wang pictures, I was looking at them.
[13:47:40]<@TehUser> Mine's fairly short.

Offline MyndFyre

  • Boticulator Extraordinaire
  • x86
  • Hero Member
  • *****
  • Posts: 4540
  • The wait is over.
    • View Profile
    • JinxBot :: the evolution in boticulation
Re: Easy way to steal encrypted data?
« Reply #2 on: February 23, 2008, 03:14:24 pm »
Well, it seems like the real gotcha in this case is physical security.  I recently built a system for a company that holds, encrypts, and decrypts credit card data.  The thing is as secure as we can make it, but there are places that, if the hardware was physically compromised, eventually they could get to it.  This seems a little extreme -- I mean, you'd need to know your shit prior to stealing it -- but yeah.

I'm just surprised that nobody zero'd the memory before shutting down the machine.  Though, I guess if you just unplug it you're done.
I have a programming folder, and I have nothing of value there

Running with Code has a new home!

Our species really annoys me.