Cold Boot Encryption Attack - code release


Jacob Appelbaum, one of the security researchers who worked on the paper cold boot attack on encryption keys (featured in a previous BBtv episode, above) tells Boing Boing the code has just been released today at the [last] HOPE hacker con in NYC. It's up, it's signed, and here it is.

Memory Research Project Source Code [Princeton.edu]

Previously on Boing Boing:

  • BBtv "Hacker HOWTO": Cold Boot Encryption Attack.

    Complete list of authors for the original paper, "Lest We Remember: Cold Boot Attacks on Encryption Keys": J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten.

  • 28

    1. Damm. The geeks shall inherit the earth.

      Xeni, you are one hot mammal. Any interest in meeting a young mathematician/writer knee-deep in revolution?

    2. I’m at HOPE (hence the anon.. open wifi at a hacker conference!) and all of his presentations so far have been wonderful, really hoping to meet this guy!

      1. It was completely lost on me. I just assumed that it was one of the innumerable jokes that I don’t get here in comment threads.

    3. The hell? This was released under the 4-clause BSD license. I thought noone used that anymore?

    4. I remember Microsoft wringing their hands earlier this year over the unlikelihood that anyone could ever pull this off in the wild. Jokes on them! (as usual)

    5. Okay, this is all cool and interesting, but does anyone out there ever pull hard drives out of junked PCs like I do? I’m no dumpster diver or hardcore hacker, but if someone tosses a machine on the curb and I can reach in and get the hard drive, I’ll snag it.

      Now here’s the sad reality folks. Most people don’t encrypt ANYTHING on their hard drives. And yeah I’m basing this on my personal experience, but before we start worrying about deep hacks like this, perhaps everyday folks should learn how to boot from a CD and then wipe a drive. Most people don’t in any way at all.

    6. This strikes me as the most obscure and unlikely hack ever. If someone can get to my machine to freeze my RAM within minutes of me shutting it down, then good God think of all the other stuff they probably already have done.

    7. Holt @12: The idea is, they swipe a laptop while it’s still on, then take it back to their Sekrit Lair.

      Takuan: This is mesmerizing.

    8. I guess I’m not smart enough enough to see the difference between this cold boot encryption attack and the last cold boot encryption attack I saw awhile back. just the same from now on I’ll keep my plans for world domination off my pc.
      @ Jack #10 Have you ever checked a warranty replacement hard drive? I guess seagate only does a simple format after they fix them, I was not suprised at what I found on my replacement. I bet if the one I sent in for warranty was scanned with recovery software by the next guy for grins he probably enjoyed the hell out of it. Seems I recall finding remains on a suposedly new HD once before as well but I have a lot more memory in my pc than in my head so I won’t swear to that one.

    9. @Insect Hooves

      So basically someone has to steal my notebook. Shouldn’t I worry about the 999,999 notebook thieves who just want to lift a notebook instead of that one in a million who’s out to read me secret memory?

      It’s like worrying about being killed by falling toilet ice.

    10. Holtt: I guess it depends on the value of the information. Corporate espionage comes to mind.

    11. BB readers in general fall in the “paranoid about the gubment” category, not keepers of corporate secrets.

    12. I have watched the USA become a police state in one short decade. I remember what it was like before. There are children now, well underway through their primary education, that have never known a different way. Paranoia?

    13. If you think evil government spies are going to steal your notebook computer, freeze your RAM and decrypt your … well what ever it is you are encrypting, then yea – you’re paranoid. I mean assuming you don’t actually have something to hide.

      Why not get yourself a TEMPEST rated notebook while you’re at it, since those same people who would steal it and freeze the RAM within seconds or minutes of you turning it off might as well just sit in their white van and skim your screen off whatever electronic noise you leak.

    14. political/social climate begets an appropriate culture. The specifics of this technic doesn’t matter. Inculcating the resistance that delays tyranny does. They want you to be afraid. What you need to counter that is educated confidence.

    15. @ #16 RED LEATHERMAN:
      Well, at least Seagate erased them in some way. Every drive I every pulled out of the junk heap has been 100% un-erased.

      FWIW, and might be a tangent, but is there any sure fire way to erase a cell phones memory before reselling or donating it? I know there are factory reset options, but it seems to me that data would be as vulnerable—if not more—than a hard drive.

    16. Getting people to encrypt is not the issue. Most users do not have adequately updated or configured anything, have not set a password on their Admin account, and use one simple password for all online accounts, which they haven’t changed in years. Oh, they’ll also click any attachment that comes their way that mentions Cute _____, Free _____, or says I love you.

      The question is why should people who often don’t read well and have little spare time be IT managers at home?

      What is needed is a system that actually needs only to be turned on and off, everything in between is completely automated and safe for the real world. Anything goes wrong it phones home and fixes itself at the next POST. Either that or dumb terminals and online computing and storage, which has it’s own vulnerabilities.

    17. …I have one question: what’s this “INGBO” repeated across the top and bottom of the screen?

      :-P

    18. “@ Jack #10 Have you ever checked a warranty replacement hard drive? I guess seagate only does a simple format after they fix them, I was not suprised at what I found on my replacement. I bet if the one I sent in for warranty was scanned with recovery software by the next guy for grins he probably enjoyed the hell out of it.”

      …From what I’ve been able to gather over the years, when Seagate replaces a dead drive with a refurb under warranty, about half of the refurbs were actually out in the field and had data on them. The other half were DOA or DDA – Dead On Arrival or Died During Assembly. In both cases the drives either suffered some sort of daughterboard failure, and a simple replacement of the board results in a healthy drive that can be wiped, quick formatted and returned to stock for warranty replacement and/or bulk sales “on the sly” to some of the lesser OEMs and/or to discount outlets like Fry’s.

      …But there’s the “quick format” issue that’s at hand here. All Seagate does is rewrite the boot track and performs a quick format that usually doesn’t take more than a minute to complete since the rest of the drive is left untouched. Western Digital, on the other hand, runs their refurbs through a long format process on any drive that’s been rebuilt and previously had data written to it. They don’t do the destructive “ones and zeros” quadruple pass, as it’s simply not cost-effective time-wise.

      …Now, all the crypto fanatics and PGP paranoids will scream bloody murder either way, but at least WD will do the long format. And to be honest, that’s really pretty sufficient for most warranty replacements because as much as the h@kk3r community would love for us to believe, the odds of one of them getting a refurb drive that’s been previously used long enough for all sorts of personal data to be recovered is pretty damn fracking small.

      Bottom Line: It can *possibly* happen is more applicable than it *will* happen. Ergo, the fear is really greater than the threat.

    Comments are closed.