The PuritanBoard - View Single Post

Civbert · #5 (**permalink**) 02-22-2008, 02:52 PM

Once someone has your machine - they own it. It's just a matter of time. This only demonstrates that there are tools now that make it even easier and faster to crack your PC, even if your encrypt your your files.

If you merely have password protection, there are other tools that look for your encrypted password on your drive. This is a "known" location. Then they use cracking programs, some use"rainbow tables" and even some web based tools, that can break most passwords in a matter of hours - or at most a couple days.

However, if you encrypt a whole drive or directory, it isn't enough to crack the user password. That will only get access to the OS and any un-encrypt files. But with this method, they get your encryption key right out of your RAM. And they don't even need your user password first! Brilliant!

This will save the cracker hours and days of work. I'm really impressed on how easy their method is. However, the cracker needs to grab your machine while it's still hot, and work fast. And it seems that an easy solution would be to over-write the ram with random bits at shut down. I'd think this would be easy to do by software, and even better would be ram that does this automatically.

But the trend now is to make your ram more permanent so you PC will always stay semi-booted - with much of the OS permanently loaded. This will produce "instant-on" PCs. No more waiting for your PC to boot up. But it sounds like this will leave you even more vulnerable to this kind of attack. Someone could get your PC hours or days after you shut down, and steal vital information from it. Hmmm.

So just remember this rule, if someone steals your computer, they "own" it. Don't count on a user password to protect your PC if it's stolen. Disk encryption is still the best way to protect your data. Now you just need to find a what to wipe the ram when you shut down.