[FDE] DRAM attack - not thwarted at all by Seagate's drive

[Dave Jevans]

The same researchers posted a vulnerability in the MacOSX keychain 
this week.  It involved searching RAM for the password to the 
keychain, which give access to all disk encryption and any stored 
passwords and private keys.

http://www.news.com/8301-10784_3-9881870-7.html?tag=nefd.lede




At 2:07 PM -0500 2/29/08, Garrett M. Groff wrote:
>I conveniently got an email from Secude in my inbox. One of the 
>closing paras had the following:
>
>
>As you continue your investigation of disk-encryption technologies, 
>I invite you to contact us to learn more about our partnership with 
>Seagate and other hard drive manufacturers and how we eliminate the 
>types of vulnerabilities found in DRAM attacks.  By encrypting data 
>at the drive level, we are able to offer you the highest level of 
>protection. 
>
>
>Of course, that's not true at all. The vulnerability of data 
>residing in DRAM still exists. That will be the case until we get 
>"secure RAM," or something along those lines.
>
>However, it is true that the particular attack involving reading the 
>FDE key directly from RAM is defeated since that key is never 
>written to RAM.
>
>Maybe I'm being too picky here, but looking ahead, this technique 
>could be used to read information from any application that happens 
>to be open at the moment using software that looks for juicy 
>keywords (like "confidential" or "password"). Doesn't that seem like 
>the next logical threat once the "low-hanging fruit" (such as it is) 
>of cold-boot key discovery is patched? I mean, how long are we going 
>to have secure disks with wide-open RAM chips?
>
>- Garrett
>
>_______________________________________________
>FDE mailing list
>FDE at www.xml-dev.com
>http://www.xml-dev.com/mailman/listinfo/fde
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.xml-dev.com/pipermail/fde/attachments/20080229/49716915/attachment-0001.html