Lest We Remember: Cold Boot Attacks on Encryption Keys

I liked the file named "Kennedy Assassination". If only it were that easy. ;)

Also, TrueCrypt already fixed that problem, by never storing the key freely in RAM, a looong time ago.

NO you retards! The computer does NOT boot from the external hard disk. Except if you were just as retarded, by actually configuring that (or leaving it configured that way, which is the same.) in the BIOS.
And you know this EXACTLY. So youre deliberately lying, to make a point that does not exist for those who really care for their security. (As opposed to those who just leave encryption on by default, because they dont care enough to change anything at all.)

still they can remove the ram and place it on a computer of their own, so...

Authorities in charge of security (U.S. Military Intelligence) assert that all data in commercial RAM instantly disappears as soon as power is cut off. For example, when RAM is unplugged from computer, as demonstrated in this video. This video exposes that myth and shows most security regs and SOPs as most inadequate.

The BIOS does not explicitly erase the RAM when booting up, since it doesn't need to. When the bootloader or OS needs to write data, it just writes it. It doesn't matter what data was there previously (in other words, the RAM doesn't need to be "zeroed" before the OS uses it).

This is the same way hard drives work. Deleted files physically remain on the drive platter until other data eventually overwrites it. Deleted files can stay on a drive forever if they never get overwritten.

I guess this is related to strange effects, such as integer to floating point converting which creates random numeric data most times.

Hm...

Anyhow, thanks for the reply. Interesting topic. I wonder how long it would take to zero 4GB of system RAM on a modern system.

It would take less than a second. It seems if we made BIOSes zero RAM very early in the POST, the cold boot attack wouldn't work. Of course, then the hacker just needs to swap the RAM modules to a PC with a BIOS that doesn't zero the RAM.

Anyhow until I'm reading top secret files for the US government, I shouldn't need to be worried.

When you tell the BIOS to not do a quick boot, it goes through all the RAM testing it, presumably that is simply writing a 1 or 0 and then confirming it can be read back after... and that takes around 45 seconds on my system with 6GB RAM. So wouldn't that be the same for erasing it?

It's funny how the ancient 8088s and 80286s took about the same amount of time to check their RAM, just much less RAM and much less CPU speed.

Of course it runs GNU Linux! What else?