February 21st, 2008


Cracking whole-disk crypto by recovering keys from DRAM - after the computer has been turned off!

The root of the problem lies in an unexpected property of today’s DRAM memories. Virtually everybody, including experts, will tell you that DRAM contents are lost when you turn off the power. But this isn’t so. Our research shows that data in DRAM actually fades out gradually over a period of seconds to minutes, enabling an attacker to read the full contents of memory by cutting power and then rebooting into a malicious operating system. Interestingly, if you cool the DRAM chips, for example by spraying inverted cans of "canned air" dusting spray on them, the chips will retain their contents for much longer. At these temperatures (around -50 °C) you can remove the chips from the computer and let them sit on the table for ten minutes or more, without appreciable loss of data. Then put the chips back into another machine and you can read out their contents.

This is deadly for disk encryption products because they rely on keeping master decryption keys in DRAM. This was thought to be safe because the operating system would keep any malicious programs from accessing the keys in memory, and there was no way to get rid of the operating system without cutting power to the machine, which "everybody knew" would cause the keys to be erased.


An interesting attack. Who knew DRAM could retain significant information after the computer was turned off?

I can think of a defense that will make this attack much harder. When the computer goes to shutdown, the encryption program commits everything to disk and then over-writes its own memory, including the encryption key(s), with random bits. Now you can dump the DRAM all day and it won't do you any good. You can still defeat this defense by taking a pair of snippers to the power cord, or in the case of a laptop by yanking the battery. The machine will go down without a proper shutdown procedure, and the contents of the DRAM will be (briefly) preserved.

I think it's generally accepted in the computer security community that if an attacker has direct physical access to the hardware, there's pretty much no software defense that will reliably keep them out. This looks like another example of that principle at work.

Why MicroSoft wants to buy Yahoo.

"We have a strategy for competing in the search space that Google dominates today, that we'll pursue that we had before we made the Yahoo offer, and that we can pursue without that. It involves breakthrough engineering." -Bill Gates


When MicroSoft first started their search site, I remember the person in charge of it saying "We're going to beat Google by giving people a better user experience!" or words to that effect. I shook my head and laughed at that clueless marketing-droid. How very Microsoft, I thought: "If we just serve up a crap product in a pretty wrapper, people will flock to us!" (Well, it worked for Windows ME didn't it?)

Looks like this time they're at least trying to do it the right way. That doesn't necessarily mean they'll succeed. Even assuming that MicroSoft was ever capable of inventing fundamental, revolutionary changes in software, I kinda doubt that they're capable of doing so now. But at least with the "we're going to build a better search engine that gives more relevant, better results than Google" approach, the chances of success (while small) may be non-zero. As opposed to last time, when their choice of approach made even the possibility of success absolutely nil.