Subject Re: [Firebird-Architect] Interesting Antidote for the Non-Paranoid
Author Geoff Worboys
Jim Starkey wrote:
> http://news.cnet.com/2300-1029_3-6230933.html?tag=ne.gall.pg

It was related to variations of this attack that I'd seen
information about reconstructing keys from partial keys using
forms known-plaintext attack.


It is interesting that this (from the research article):

"We show that this phenomenon limits the ability of an operating
system to protect cryptographic key material from an attacker [...]"

Becomes this (in the press article):
"serious vulnerabilities in disk encryption products including
[...]"

I guess it can be argued that the statement is correct ... but
it seems to suggest exposure is somehow limited to disk encryption
and that is misleading. As the source article says, the weakness
applies to "key material", so any security product (that may have
had key material in RAM) is at risk. Disk encryption products
were simply the example used by the research team to demonstrate
the attack.


Anyone interested in discussions from when this article was
released back in Feb-2008 could look at:
http://www.schneier.com/blog/archives/2008/02/cold_boot_attac.html

--
Geoff Worboys
Telesis Computing