Quote from: LainOfTheWired1984 on May 26, 2012, 08:43 pmAbsolutely fantastic post Vlad. I'm going to be doing a top-to-bottom inventory of all my security flaws and fix them soon. Thanks for the information. PeaceLainHi Lain,Thank you for your kind words. As you'll see from the posts above, there's unfortunately no one, simple solution to this problem.I've posted a link to Bruce Schneier's latest book "Liars and Outliers" in another thread, which talks about the issues of trust in society and how we use a number of methods to discourage defectors (outliers) - not all of whom of course are criminal. See what he has to say on issues like this:"...There's one more problem: defenders are in what military strategist Carl von Clausewitz calls "the position of the interior." They have to defend against every possible attack, while the defector only has to find one flaw that allows one way through the defenses. As systems get more complicated due to technology, more attacks become possible. This means defectors have a first-mover advantage; they get to try the new attack first."This summarises nicely the general sentiment I've seen so far in the thread. There are any number of possible defences against the cold boot attack but there are also any number of ways one of them can be overcome.This doesn't make encryption useless - nor is your number necessarily up the instant the Police batten down your doors, it's just important to make sure you employ layers of security to try to make sure this doesn't become an issue in the first place. In the above example, the man in question accessed an IRC channel from a non Torified connection which may well have been all that was necessary to trace him to his home address.I also mentioned poor physical security but as you'll see more experienced posters have mentioned that even if he'd had time to shut down his computer before the door was broken down, there would still be enough data remaining in RAM to make a cold boot attack possible, as LEO are trained to knock down locked doors and enter property very quickly.Based on the links I posted above it would seem to take around ten minutes for data like encryption keys to fade irretrievably into RAM so if you can find a way to be certain you could shut down your machine and stop anyone from accessing it for at least that amount of time, please do share it with us!It's also worth noting the other comments above, saying that there are other ways for the Police to obtain your passwords through coercion by resorting to legislation such as RIPA in the UK, through monitoring EM transmissions from your keyboard and also installing a modified bootloader on your computer to record your password as you type. In any case, many thanks to everyone for your comments, I'm sure we'll have some food for thought.V.