http://www.nytimes.com/2008/02/22/technology/22chip.html?em&ex=1203915600&en=13d01f43eefefaeb&ei=5087%0A
My favorite part:
QuoteExecutives of Microsoft said BitLocker has a range of protection options that they referred to as "good, better and best."
Austin Wilson, director of Windows product management security at Microsoft, said the company recommended that BitLocker be used in some cases with additional hardware security. That might include either a special U.S.B. hardware key, or a secure identification card that generates an additional key string.
The Princeton researchers acknowledged that in these advanced modes, BitLocker encrypted data could not be accessed using the vulnerability they discovered.
Do any of the other encryption methods (e.g. TrueCrypt) have this capability? Was Microsoft actually in the right this time?! :o
I thought this was pretty nifty, too.
Who would've thought significantly cooling down a stick of RAM would also slow the rate at which the data was cleared?
Apparently they did. :)
But I can imagine that it does pose some serious implications provided that someone is willing enough to put in the effort of retrieving said data.
Well, it seems like the real gotcha in this case is physical security. I recently built a system for a company that holds, encrypts, and decrypts credit card data. The thing is as secure as we can make it, but there are places that, if the hardware was physically compromised, eventually they could get to it. This seems a little extreme -- I mean, you'd need to know your shit prior to stealing it -- but yeah.
I'm just surprised that nobody zero'd the memory before shutting down the machine. Though, I guess if you just unplug it you're done.