[matheusmoreira]

> If your memory dump creates a different distribution on the space of possible keys

Is it possible to determine that this has happened though? If you're trying to recover an image and a bunch of bits are flipped, the result might be somewhat corrupted but a coherent image will still be visible. You know that the data was corrupted and where the damage is. Ciphers have avalanche effects, a single bit flip produces completely unusable output which by design reveals no information.

[ivancho]

There is extensive research on key finding attacks. Often they only need 30% of the bits. Things can be sped up by exploiting entropy - keys are really random, unlike most of the rest of your memory, so that filters things down, and as you said, an incorrect key produces total garbage on decrypt, which is easy to detect, so you can automate testing and discarding key candidates. Lastly, if you have knowledge of the applications or algorithms involved, you often get some extra data structure around the keys, which makes searching the memory dump trivial.

All that is to say, yes, this is a viable attack vector, even if some or many of the bits are flipped

[matheusmoreira]

I see. Then I was wrong when I said key strength was maintained due to unfounded assumptions.