
New class of attack on cryptosystems discovered (vid included) - nickb
http://citp.princeton.edu/memory/
======
tptacek
This isn't an attack on cryptosystems, unless you torture the definition, so
that SSL/HTTPS is no longer a "cryptosystem", but rather "SSL/HTTPS deployed
on Dell Inspirons talking to IBM Blade servers running Apache".

As Spaff points out in the comments on Felten's blog, DRAM reminiscence isn't
new.

As another commenter points out, stealing DRAM chips from wakeful computers is
slightly outside the threat model for full-disk encryption. The purpose of
full-disk encryption is so that Fortune 500 companies don't have to issue
press releases every time someone loses a laptop. The new guidance to those
companies may now be to disallow "sleep" mode until disk encryption systems
get effective at zeroing keys before sleeping.

Problems like this are what motivates things like the Intel TPM.

