Hacker News new | comments | show | ask | jobs | submit login

Data can be retrieved from DRAM not after weeks (your claim is "even if you shut your computer down (...) Your encryption keys can be in your computers memory for weeks") but only

http://en.wikipedia.org/wiki/Cold_boot_attack

"in the seconds to minutes after power has been removed."

The reason is explained here:

http://en.wikipedia.org/wiki/Memory_refresh

And even the electrons from SRAM, which doesn't need refreshes and which was for decades not used as "RAM" in the computers will leak away without the power:

http://en.wikipedia.org/wiki/Static_random-access_memory

"SRAM exhibits data remanence but it is still volatile in the conventional sense that data is eventually lost when the memory is not powered."

Of course, if you never power off your computer but just reset it (the power is never cut off) or if you shut it down and immediately power it up the content of the RAM can really survive for much longer.




The original cold boot paper was released in 2008 and they only demonstrated the attack on DDR2 memory [1]. A paper published in 2013 [2] discussed cold boot on modern hardware.

"This study is based on 5 different computer systems. While we demonstrate that simple warm reset attacks (not cutting power) are effective even against DDR3 systems, we were not able to detect any data remanence for DDR3 after cold boots. Even cooling the RAM chips did not reveal data remanence beyond cold boots. This leads us to the claim that cold boot attacks relying on RAM remanence beyond cold boots are not possible against modern DDR3 RAM chips."

[1] https://www.usenix.org/legacy/event/sec08/tech/full_papers/h...

[2] http://www1.cs.fau.de/filepool/projects/coldboot/fares_coldb... (search for DDR3 to find the relevant sections)


Thanks, this is true. Encryption keys can exist in memory for up to a week [edit: or longer] in live memory with power on. This is well after they've been used on the machine, or say after you close your Truecrypt volumes. The vast majority of people rarely shutdown their laptops for extended periods of time and often just suspend to disk, instead of a full power-off.

This is why it's good to power down or sdmem when you're finished working with sensitive data.

On a full shutdown persistence is not as big of a risk, as the other commenter pointed out, cold boots are mitigated by DDR3 similar to how modern SSDs with TRIM make deleted data-recovery nearly impossible (such as Swap data which may also contain encryption keys).


> Encryption keys can exist in memory for up to a week in live memory with power on.

No. After some high-enough RAM area contained the keys and you keep it powered and your OS uses much less physical RAM than physically available there's no hard limit. Just forget the "week."


Updated comment for HN pedanticism.


You really should replace the words 'for up to a week' with 'indefinitely'. Mentioning a time limit at all is misleading in that context. This isn't pedantry: it's mere correctness.


Why would the encryption keys sit around in RAM? Properly designed cryptographic software wipes the keys when they are no longer needed.


In real life, keys actually can unintentionally remain in RAM even if in the ideal case they shouldn't. And you want more than just the keys to be wiped: your secrets you want to keep, the reason you decided to use Tails. And the fact that the Tails cares about implementing RAM wiping is the top post from dmix.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: