Microsoft downplays Windows Vista SP1 encryption cracks

The concept behind Cold-Boot attacks on encryption keys stored in the computer's DRAM is not new. The implications of physical memory attacks, in the context of Windows Vista BitLocker Drive Encryption, were discussed at Hack in the Box 2006 by Douglas MacIver, Penetration Engineer, Microsoft Penetration Team. Although the Cold-Boot attack was a strategy all […]

The concept behind Cold-Boot attacks on encryption keys stored in the computer's DRAM is not new. The implications of physical memory attacks, in the context of Windows Vista BitLocker Drive Encryption, were discussed at Hack in the Box 2006 by Douglas MacIver, Penetration Engineer, Microsoft Penetration Team. Although the Cold-Boot attack was a strategy all too familiar among the members of the security industry and of the security  team over at Redmond, a demonstration of the encryption keys cracks, put together by Princeton researchers, brought the concept to reality, retrieving cryptographic key material from frozen (literally) DRAM.

But not only Vista's BitLocker technology is susceptible to Cold-Boot attacks, FileVault, dm-crypt, and TrueCrypt encryption keys are also stored in physical memory and can be retrieved by an attacker with physical access and the right algorithms designed for finding cryptographic keys in memory images. Robert Hensing, Technical Lead - Microsoft Product Support Services, stressed the fact that an eventual attacker needs to freeze the physical system memory as fast as possible in order to ensure that the RAM will retain the contents. And even if this happens, there is a certain level of decay of the gost image stored in RAM.