Encrytion vulnerability found
20/03/2008 17:31:36
A computer security expert at Princeton University has discovered an unexpected vulnerability in encryption hard disks.
According to Edward Felten, hardware keys or passwords are only safe if the RAM is secure but it turns out that the latter can be particularly vulnerable.
Mr Felten told Computerworld that there are numerous ways to defeat disk encryption systems. The main flaw is due to the fact that secret encryption keys are kept on the RAM.
"The way we get access to RAM is by exploiting a pretty surprising property of RAM. RAM is supposed to be volatile - when you turn off the power, it forgets the information," he stated.
"What we found is that information in RAM sticks around a lot longer. It sort of fades out over much longer [up to a minute] than anybody thought."
This means that a thief who reboots the computer could have access to the memory contents, he added.
It has also been reported that a University of Virginia graduate student has cracked the encryption code that protects wireless smartcards around the world.
Get the latest industry news straight to your inbox, click here to sign up.
