Friday, February 22, 2008

Disk encryption may not be secure enough, new research finds

It's a huge flaw in the way encryption is executed and there are ways to work around it. Good practice can mitigate some of the risk. The rest may have to be tolerated until the devices we use change in the normal course of things or are changed to eliminate this risk.

The problems is that the encryption keys can be recovered from the computers RAM, even after the computer is shut off! Contrary, though there is some reduction in retention, RAM does not lose all the data stored in it immediately upon shutting down the device. And in hibernation/sleep or suspend states may not lose it at all. The encryption keys can be recovered by astute researchers in many cases.

It's an interesting subject and the methods used to slow degradation of bits stored in RAM were so simple and inexpensive that their elegance will astound.


No comments:

Post a Comment

All comments are moderated.

Note: Only a member of this blog may post a comment.