Hacker News new | ask | show | jobs
by mmaro 5493 days ago
Computers get stolen, but they're usually already off, or turned off during the theft. But let me get this straight: you're worried about an attacker reading out everything on your hard drive, but not worried about them reading out all the unencrypted stuff in RAM? I'm not against disk encryption, I just don't see the point of this specific protection.

Edit: now that I think of it, if a company laptop with customer data had full disk encryption and was stolen, do you still have to notify everyone? Does it matter whether it was off or on/suspended? Maybe people will be relieved when they find out that "8GB of data was probably not stolen" (with AES-in-CPU-only) instead of "300GB of data was probably not stolen".
2 comments
JoachimSchipper 5493 days ago
"Sleeping" laptops get stolen too; this might slightly help. That said, this is a cool hack, not the greatest protection ever.

Full-disk encryption (on a machine turned off at the time) is, I believe, typically considered sufficient protection. Consult a lawyer in your local jurisdiction, though.

link
gst 5493 days ago
That's my main reason for using suspend-to-disk instead of suspend-to-ram.

With suspend-to-disk Linux allows me to save the RAM image to the encrypted harddisk. With suspend-to-ram it would be pretty easy to work around the encryption.

link
tptacek 5493 days ago
Right, but suspend-to-disk doesn't really mitigate cold boot attacks, because in order to suspend your data to disk, an AES key is loaded into DRAM. The "cold" in "cold boot" refers to the tricks researchers use to extract data from DRAM even after reboot.

The point of this research is that there aren't (that we know of) "cold register" attacks that extract prior contents of CPU registers.

link
gst 5493 days ago
Right, cold boot attacks would also apply to suspend-to-disk. But currently I do not really worry about this scenario, as it seems that cold boot attacks are only feasible if you get access to the hardware within several minutes after it has been powered down.
link
tptacek 5493 days ago
Sure. If you don't care about cold-boot attacks, you don't care about this research. I think it's interesting, but it doesn't keep me up at night.
link
gst 5493 days ago
Offtopic: Btw, does someone know why the "reply" links are missing on some posts (such as the parent post)? Is this a bug? At least it works when "manually" opening the respective URL for a reply.
link
tptacek 5493 days ago
There is a deliberate delay on replies in deeply-nested threads, as a damper on flame wars.
link
JoachimSchipper 5493 days ago
You can still reply via the 'link' button, though.
link
cheez 5493 days ago
Because chances are that they'll be stolen by a guy who dropped out of high school and hasn't had a regular job in years.

If a three or four letter agency is coming after me, I have bigger problems.

link
tptacek 5493 days ago
Yes: if you don't care about cold-boot attacks, you don't care about this research.
link