Silk Road forums
Discussion => Security => Topic started by: powerball69 on December 20, 2012, 03:43 pm
-
Hey sorry if this is old but i just found this article. http://www.theregister.co.uk/2012/12/20/elcomsoft_tool_decrypts_pgp/
ElcomSoft has built a utility that forages for encryption keys in snapshots of a PC's memory to decrypt PGP and TrueCrypt-protected data.
ElcomSoft's gear can extract these decryption keys from a copy of the computer's memory, typically captured using a forensic tool or acquired over Firewire. Once it has the key, the protected data can be unlocked.
If the computer is powered off, the analyser can retrieve the keys from a hibernation file on the disk, in which the operating system saves the state of the machine including its main memory.
“Algorithms allow us to analyse dumps of computers’ volatile memory, locating areas that contain the decryption keys. Sometimes the keys are discovered by analyzing byte sequences, and sometimes by examining crypto containers’ internal structures," Katalov explains.
Dont know if we are all affected by this since i dont really understand it but i thought i should try to spread the word anyway.
-
It sounds like some people making extraordinary claims when their program may work 3% of the time. This isn't a new technique, and the chances that a decent encryption program are going to end up with keys dumped to a hibernation file... well, I find it extremely unlikely. Good to know, of course, but I don't think there's anything of concern here. Thanks for sharing all the same :)
-
This is VERY old news (3-4 years).
DuckDuckGo for 'Cold Boot Attack"
There are effective countermeasures which I don't think are wise to post here because LE lurk here.
If you DuckDuckGo enough you'll find the countermeasures.
Just in case you didn't know, DuckDuckGo's hidden service address is http://3g2upl4pq6kufc4m.onion
Google is the enemy As I'm sure you are aware...
-
Hey sorry if this is old but i just found this article. http://www.theregister.co.uk/2012/12/20/elcomsoft_tool_decrypts_pgp/
ElcomSoft has built a utility that forages for encryption keys in snapshots of a PC's memory to decrypt PGP and TrueCrypt-protected data.
ElcomSoft's gear can extract these decryption keys from a copy of the computer's memory, typically captured using a forensic tool or acquired over Firewire. Once it has the key, the protected data can be unlocked.
If the computer is powered off, the analyser can retrieve the keys from a hibernation file on the disk, in which the operating system saves the state of the machine including its main memory.
“Algorithms allow us to analyse dumps of computers’ volatile memory, locating areas that contain the decryption keys. Sometimes the keys are discovered by analyzing byte sequences, and sometimes by examining crypto containers’ internal structures," Katalov explains.
Dont know if we are all affected by this since i dont really understand it but i thought i should try to spread the word anyway.
This is just a commercial variant of the so-called "cold boot" attack originally developed by a team at Princeton University.
See: Lest We Remember: Cold Boot Attacks on Encryption Keys - https://citp.princeton.edu/research/memory/
NC