Wednesday, February 27, 2008

Encryption Key vulnerability Update...

Late last week, we reported on breaking research from Princeton in which it was found that encryption keys could be harvested from RAM. Over the last few days the folks at the Internet Storm Center (ISC) have been compiling their own research and interpretations to compile a nice guide located here for some of the more popular encryption products on the market.

In the guide you'll find several different products and their level of risk while the system is screen locked, sleeping and in a hibernation status. What stands out to me is that there are vendors that are claiming full invulnerability to this type of attack. Be mindful that most products are not safe until the memory has had a chance to fade. Further, even if a product is designed to wipe the memory at shutdown - this will only occur when the system is shutdown cleanly. So, I'll reassert my original recommendations and add a fourth:

  1. Never let an application remember your password/passphrase
  2. Always shut your computer down when your are done using it if you are in a non-physically secured area
  3. Never set encrypted volumes to auto-mount
  4. Configure auto-dismount of encrypted volumes

No comments: