Sunday, February 24, 2008

Welcome and Encryption Key Madness

Welcome to my first post for this blog. I hope you can tell from my lengthy bio that we'll have plenty to talk about. So lets get started with todays topic: Encryption Keys.

For those of you still stuck in the Paleolithic Age of computing, encryption keys were thought to be some the most secure and efficient means to protect data stored on computers. In essence, you would store whatever data you wanted safe from prying eyes on a computer which would then encrypt the storage medium with a very difficult key secured be an even more difficult algorithm. Without the the right pass code, the data could not be decrypted and the key could not be used. According to the American Society of Industrial Security's publication, Security Management "the game has changed".

The Electronic Frontier Foundation, a non-profit electronic goods consumer advocacy group, along with Princeton have come with an ingenious way to get those keys without having to crack the algorithm. They freeze the medium and then extract the code. It appears because most keys are stored in DRAM where the keys are stored temporarily. Once your computer goes "idle", these keys are vulnerable to this "hack" because the memory takes a while to leave the chip upon shutdown and the freezing method of course slows this process down giving our intruder enough time to grab what he/she needs.

This "hack" effects TrueCrypt as well as other to include BitLocker, FileVault, and dm-crypt. Check out the Security Management website for further details.

Click here for video footage.

Incredible! Once you think you have it made with encryption, somebody not only cracks it but posts it on the Net.

About Us