Microsoft downplays Windows Vista SP1 encryption cracks

The concept behind Cold-Boot attacks on encryption keys stored in the computer's DRAM is not new. The implications of physical memory attacks, in the context of Windows Vista BitLocker Drive Encryption, were discussed at Hack in the Box 2006 by Douglas MacIver, Penetration Engineer, Microsoft Penetration Team. Although the Cold-Boot attack was a strategy all […]

Share online:

The concept behind Cold-Boot attacks on encryption keys stored in the computer's DRAM is not new. The implications of physical memory attacks, in the context of Windows Vista BitLocker Drive Encryption, were discussed at Hack in the Box 2006 by Douglas MacIver, Penetration Engineer, Microsoft Penetration Team. Although the Cold-Boot attack was a strategy all too familiar among the members of the security industry and of the security  team over at Redmond, a demonstration of the encryption keys cracks, put together by Princeton researchers, brought the concept to reality, retrieving cryptographic key material from frozen (literally) DRAM.

But not only Vista's BitLocker technology is susceptible to Cold-Boot attacks, FileVault, dm-crypt, and TrueCrypt encryption keys are also stored in physical memory and can be retrieved by an attacker with physical access and the right algorithms designed for finding cryptographic keys in memory images. Robert Hensing, Technical Lead - Microsoft Product Support Services, stressed the fact that an eventual attacker needs to freeze the physical system memory as fast as possible in order to ensure that the RAM will retain the contents. And even if this happens, there is a certain level of decay of the gost image stored in RAM.

About The Author

Deepak Gupta is a IT & Web Consultant. He is the founder and CEO of diTii.com & DIT Technologies, where he’s engaged in providing Technology Consultancy, Design and Development of Desktop, Web and Mobile applications using various tools and softwares. Sign-up for the Email for daily updates. Google+ Profile.