I heard Nicko Van Someren talk about finding keys in memory at RSA Europe in 2000, but when he spoke the ability steal RAM from a sleeping computer was unknown. Fascinating demonstration of the exploit. This is why cryptomodules must provide the ability to zeroize keys, regardless of where they are stored.
From what I’ve heard, RAM need not be overwritten more than once like magnetic media must, but perhaps that is a commonly held mistaken impression also.
2 thoughts on “Stealing Disk Encryption Keys From RAM”
I heard Nicko Van Someren talk about finding keys in memory at RSA Europe in 2000, but when he spoke the ability steal RAM from a sleeping computer was unknown. Fascinating demonstration of the exploit. This is why cryptomodules must provide the ability to zeroize keys, regardless of where they are stored.
From what I’ve heard, RAM need not be overwritten more than once like magnetic media must, but perhaps that is a commonly held mistaken impression also.
Nice, I think I’m going to go home and experiment a little…
http://citp.princeton.edu/memory/exp/
Comments are closed.