Quote from: kmfkewm on May 25, 2012, 12:24 amAlso some other points:A. They don't need to carry in a vat of liquid nitrogen they just need a can of compressed air held upside downB. 128 bit encryption is very secure, most algorithms are designed for 128 bit security in the first place and then extended to 256. In some cases 128 is even more secure than 256 due to issues that arise with the key scheduling of 256 bits. 256 is more quantum resistant though. A classical computer is not going to pwn 128 bit any time soon though.C. The best defense from a cold boot attack is to encapsulate the memory in some material that needs to be removed before they can dump it in a forensics laptop, and use chassis intrusion detection hardware that immediately shuts down into a memory wipe when they case is openedD. If you are identified in the first place you are relying on your attacker being retarded, there are a billion ways to steal passphrases and keys and FDE is only going to protect you if your attacker doesn't know what they are doing It's reassuring to hear 128 Bit encryption is still sufficiently robust - as you say it seems more likely that an "evil maid" attack is more likely whereby your boot loader is infected by malware which records your password than your disk encryption being overcome in this way. I imagine you get around this problem by placing the boot loader on a USB stick and keeping it on you at all times.You mention that chassis intrusion detection hardware can begin a memory wipe - I wasn't aware this was possible. How would it work independently of the machine being shut down?V.