News:

Pretty crazy that we're closer to 2030, than we are 2005. Where did the time go!

Main Menu

Easy way to steal encrypted data?

Started by Newby, February 23, 2008, 11:26:22 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Newby

February 23, 2008, 11:26:22 AM
http://www.nytimes.com/2008/02/22/technology/22chip.html?em&ex=1203915600&en=13d01f43eefefaeb&ei=5087%0A

My favorite part:

QuoteExecutives of Microsoft said BitLocker has a range of protection options that they referred to as "good, better and best."

Austin Wilson, director of Windows product management security at Microsoft, said the company recommended that BitLocker be used in some cases with additional hardware security. That might include either a special U.S.B. hardware key, or a secure identification card that generates an additional key string.

The Princeton researchers acknowledged that in these advanced modes, BitLocker encrypted data could not be accessed using the vulnerability they discovered.

Do any of the other encryption methods (e.g. TrueCrypt) have this capability? Was Microsoft actually in the right this time?! :o
- Newby
http://www.x86labs.org

Quote[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

Quote from: Rule on June 30, 2008, 01:13:20 PM
Quote from: CrAz3D on June 30, 2008, 10:38:22 AM
I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Explicit

#1
February 23, 2008, 02:15:41 PM
I thought this was pretty nifty, too.

Who would've thought significantly cooling down a stick of RAM would also slow the rate at which the data was cleared?

Apparently they did. :)

But I can imagine that it does pose some serious implications provided that someone is willing enough to put in the effort of retrieving said data.
QuoteLike all things in life, pumping is just a primitive, degenerate form of bending.

QuoteHey, I don't tell you how to tell me what to do, so don't tell me how to do what you tell me to do! ... Bender knows when to use finesse.

[13:41:45]<@Fapiko> Why is TehUser asking for wang pictures?
[13:42:03]<@TehUser> I wasn't asking for wang pictures, I was looking at them.
[13:47:40]<@TehUser> Mine's fairly short.

MyndFyre

#2
February 23, 2008, 03:14:24 PM
Well, it seems like the real gotcha in this case is physical security.  I recently built a system for a company that holds, encrypts, and decrypts credit card data.  The thing is as secure as we can make it, but there are places that, if the hardware was physically compromised, eventually they could get to it.  This seems a little extreme -- I mean, you'd need to know your shit prior to stealing it -- but yeah.

I'm just surprised that nobody zero'd the memory before shutting down the machine.  Though, I guess if you just unplug it you're done.
Quote from: Joe on January 23, 2011, 11:47:54 PM
I have a programming folder, and I have nothing of value there

Running with Code has a new home!

Quote from: Rule on May 26, 2009, 02:02:12 PMOur species really annoys me.
Print
Go Up Pages1
User actions