Are those encryption really reliable?

  • Thread starter Thread starter mitishushi
  • Start date Start date
M

mitishushi

There is recent report from AFP that says FileVault¡¢TrueCrypt,BitLocker
and dm-crypt are not reliable anymore. They are all easy to be discrypted!
then what can the users do?
 
please refer to this
http://afp.google.com/article/ALeqM5i0t4sGyIOt776qLZudh4epei2RuQ

SAN FRANCISCO (AFP) ¡ª Researchers said Friday they found a way to sidestep
encryption technology commonly used to protect sensitive data in computers.

A "major security flaw" in several types of popular encryption software
exposes supposedly safeguarded information, provided a savvy data thief can
get hold of the machines, according to the Electronic Frontier Foundation.

"People trust encryption to protect sensitive data when their computer is
out of their immediate control," said EFF staff technologist Seth Schoen, a
member of the research team.

"Whether your laptop is stolen, or you simply lose track of it for a few
minutes at airport security, the information inside can still be read by a
clever attacker."

Researchers claim they cracked an array of commonly-used encryption
programs, including Microsoft's BitLocker, Apple's FileVault, TrueCrypt, and
dm-crypt.

In a paper published on the Internet, researchers show that data is
vulnerable because encryption keys and passwords linger in the temporary
memory of computers after machines lose power.

"We discovered that on most computers, even without power applied for
several seconds, data stored in RAM seemed to remain when power was
reapplied," said research team member Jacob Appelbaum, an independent
security specialist.

"We then wrote programs to collect the contents of memory after the
computers were rebooted."

Laptops are especially vulnerable to the attack when the machines are in
lock, sleep, or hibernation modes, according to the report.

"We've broken disk encryption products in exactly the case when they seem to
be most important these days: laptops that contain sensitive corporate data
or personal information about business customers," said Princeton University
computer science doctoral student J. Alex Halderman.

"This isn't a minor flaw it is a fundamental limitation in the way these
systems were designed."

Researchers say the attack technique is likely to be effective against many
other computer disk encryption systems because of structural similarities.

Turning laptops off completely helps guard against intrusion, but doesn't
work in all cases, according to the report.

"David H. Lipman" <DLipman~nospam~@Verizon.Net> дÈëÏûÏ¢ÐÂÎÅ:u1yIOPhdIHA.4712@TK2MSFTNGP04.phx.gbl...
> From: "mitishushi" <@discussion.com>
>
> | There is recent report from AFP that says FileVault¡¢TrueCrypt,BitLocker
> | and dm-crypt are not reliable anymore. They are all easy to be
> discrypted!
> | then what can the users do?
> |
>
> Please post the URL of the 'AFP' Rreport.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>
 
mitishushi wrote:
> There is recent report from AFP that says
> FileVault¡¢TrueCrypt,BitLocker and dm-crypt are not reliable
> anymore. They are all easy to be discrypted! then what can the
> users do?

No matter what one person does to protect their stuff (data, home, car,
self) someone else will make a way to get said stuff if they want it bad
enough. If it can be made- it can be unmade.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html
 
The keys here are:
1) Only implement BDE with TPM + PIN or USB
2) Never put the computer into a Sleep mode. Shut Down or Hibernamte so that
the PIN for the TPM must be presented
Brian

"mitishushi" <@discussion.com> wrote in message
news:u0NFz9odIHA.4164@TK2MSFTNGP05.phx.gbl...
> please refer to this
> http://afp.google.com/article/ALeqM5i0t4sGyIOt776qLZudh4epei2RuQ
>
> SAN FRANCISCO (AFP) ¡ª Researchers said Friday they found a way to
> sidestep encryption technology commonly used to protect sensitive data in
> computers.
>
> A "major security flaw" in several types of popular encryption software
> exposes supposedly safeguarded information, provided a savvy data thief
> can get hold of the machines, according to the Electronic Frontier
> Foundation.
>
> "People trust encryption to protect sensitive data when their computer is
> out of their immediate control," said EFF staff technologist Seth Schoen,
> a member of the research team.
>
> "Whether your laptop is stolen, or you simply lose track of it for a few
> minutes at airport security, the information inside can still be read by a
> clever attacker."
>
> Researchers claim they cracked an array of commonly-used encryption
> programs, including Microsoft's BitLocker, Apple's FileVault, TrueCrypt,
> and dm-crypt.
>
> In a paper published on the Internet, researchers show that data is
> vulnerable because encryption keys and passwords linger in the temporary
> memory of computers after machines lose power.
>
> "We discovered that on most computers, even without power applied for
> several seconds, data stored in RAM seemed to remain when power was
> reapplied," said research team member Jacob Appelbaum, an independent
> security specialist.
>
> "We then wrote programs to collect the contents of memory after the
> computers were rebooted."
>
> Laptops are especially vulnerable to the attack when the machines are in
> lock, sleep, or hibernation modes, according to the report.
>
> "We've broken disk encryption products in exactly the case when they seem
> to be most important these days: laptops that contain sensitive corporate
> data or personal information about business customers," said Princeton
> University computer science doctoral student J. Alex Halderman.
>
> "This isn't a minor flaw it is a fundamental limitation in the way these
> systems were designed."
>
> Researchers say the attack technique is likely to be effective against
> many other computer disk encryption systems because of structural
> similarities.
>
> Turning laptops off completely helps guard against intrusion, but doesn't
> work in all cases, according to the report.
>
> "David H. Lipman" <DLipman~nospam~@Verizon.Net>
> дÈëÏûÏ¢ÐÂÎÅ:u1yIOPhdIHA.4712@TK2MSFTNGP04.phx.gbl...
>> From: "mitishushi" <@discussion.com>
>>
>> | There is recent report from AFP that says
>> FileVault¡¢TrueCrypt,BitLocker
>> | and dm-crypt are not reliable anymore. They are all easy to be
>> discrypted!
>> | then what can the users do?
>> |
>>
>> Please post the URL of the 'AFP' Rreport.
>>
>> --
>> Dave
>> http://www.claymania.com/removal-trojan-adware.html
>> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>>
>>
>
>
 
<sarcasm>Wow - "several seconds".</sarcasm>

This would mean that your laptop would have to be taken and immediately
scanned, no more than a few steps away from you.

So, yeah, if you're coming through customs and you realise you want to hide
all your naughty videos, you might have a problem if the customs agent is
interested, technologically savvy, and equipped with thousands of dollars of
gadgets.

But if someone steals your laptop from you at knifepoint, unless he's got a
van full of gear right beside you, no, you're not in any significant danger.

Alun.
~~~~

"mitishushi" <@discussion.com> wrote in message
news:u0NFz9odIHA.4164@TK2MSFTNGP05.phx.gbl...
> please refer to this
> http://afp.google.com/article/ALeqM5i0t4sGyIOt776qLZudh4epei2RuQ
>
> SAN FRANCISCO (AFP) ¡ª Researchers said Friday they found a way to
> sidestep encryption technology commonly used to protect sensitive data in
> computers.
>
> A "major security flaw" in several types of popular encryption software
> exposes supposedly safeguarded information, provided a savvy data thief
> can get hold of the machines, according to the Electronic Frontier
> Foundation.
>
> "People trust encryption to protect sensitive data when their computer is
> out of their immediate control," said EFF staff technologist Seth Schoen,
> a member of the research team.
>
> "Whether your laptop is stolen, or you simply lose track of it for a few
> minutes at airport security, the information inside can still be read by a
> clever attacker."
>
> Researchers claim they cracked an array of commonly-used encryption
> programs, including Microsoft's BitLocker, Apple's FileVault, TrueCrypt,
> and dm-crypt.
>
> In a paper published on the Internet, researchers show that data is
> vulnerable because encryption keys and passwords linger in the temporary
> memory of computers after machines lose power.
>
> "We discovered that on most computers, even without power applied for
> several seconds, data stored in RAM seemed to remain when power was
> reapplied," said research team member Jacob Appelbaum, an independent
> security specialist.
>
> "We then wrote programs to collect the contents of memory after the
> computers were rebooted."
>
> Laptops are especially vulnerable to the attack when the machines are in
> lock, sleep, or hibernation modes, according to the report.
>
> "We've broken disk encryption products in exactly the case when they seem
> to be most important these days: laptops that contain sensitive corporate
> data or personal information about business customers," said Princeton
> University computer science doctoral student J. Alex Halderman.
>
> "This isn't a minor flaw it is a fundamental limitation in the way these
> systems were designed."
>
> Researchers say the attack technique is likely to be effective against
> many other computer disk encryption systems because of structural
> similarities.
>
> Turning laptops off completely helps guard against intrusion, but doesn't
> work in all cases, according to the report.
>
> "David H. Lipman" <DLipman~nospam~@Verizon.Net>
> дÈëÏûÏ¢ÐÂÎÅ:u1yIOPhdIHA.4712@TK2MSFTNGP04.phx.gbl...
>> From: "mitishushi" <@discussion.com>
>>
>> | There is recent report from AFP that says
>> FileVault¡¢TrueCrypt,BitLocker
>> | and dm-crypt are not reliable anymore. They are all easy to be
>> discrypted!
>> | then what can the users do?
>> |
>>
>> Please post the URL of the 'AFP' Rreport.
>>
>> --
>> Dave
>> http://www.claymania.com/removal-trojan-adware.html
>> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>>
>>
>
>
 
Back
Top