From declan@well.com Fri Jul 6 02:36:45 2018 From: Declan McCullagh To: cypherpunks-legacy@lists.cpunks.org Subject: Re: [IP] Cold Boot Attacks on Disk Encryption Date: Fri, 06 Jul 2018 02:36:45 +0000 Message-ID: <172289001228.3849117.15432301059197587511.generated@mail.pglaf.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4598351790209732947==" --===============4598351790209732947== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Dave, The paper published today makes some pretty strong claims about the vulnerabilities of Microsoft's BitLocker, Apple's FileVault, TrueCrypt, Linux's dm-crypt subsystem, and similar products. So I put the folks behind it to a test. I gave them my MacBook laptop with FileVault turned on, powered up, encrypted swap enabled, and the screen saver locked. They were in fact able to extract the 128-bit AES key; I've put screen snapshots of their FileVault bypass process here: http://www.news.com/2300-1029_3-6230933-1.html And my article with responses from Microsoft, Apple, and PGP is here: http://www.news.com/8301-13578_3-9876060-38.html Bottom line? This is a very nicely done attack. It's going to make us rethink how we handle laptops in sleep mode and servers that use encrypted filesystems (a mail server, for instance). - -Declan Jacob Appelbaum wrote: > With all of the discussions that take place daily about laptop > seizures, > data breech laws and how crypto can often come to the rescue, I > thought > the readers of IP might be interested in a research project that was > released today. We've been working on this for quite some time and are > quite proud of the results. > Ed Felten wrote about it on Freedom To Tinker this morning: > http://www.freedom-to-tinker.com/?p=1257 - ------------------------------------------- Archives: http://www.listbox.com/member/archive/247/=now RSS Feed: http://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com ---------- --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo(a)metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE --===============4598351790209732947==--