Security Flaw in Popular Disk Encryption Programs Found

The Electronic Frontier Foundation has published an article about a research paper that shows how popular disk encryption software can be defeated. The article (found here) explains that popular disk encryption programs like BitLocker (Windows Vista’s disk encryption program) and open source favorite, TrueCrypt, are not invulnerable to the suggested attacks.

The main issue revolves around data being stored in the computers RAM after a computer has been powered off or is in sleep/hibernation mode. Programs can be written to retrieve data out of RAM once the computer has been turned back on giving a malicious user access to the passwords used to access the encrypted drives. The article or the paper it references do not mention how long a computer needs to be turned off for the memory remnants to fully leave the system. Though they do mention that it can stay in memory up to a full minute at room temperature (even longer the colder it gets). You can read the full paper, at Lest We Remember: Cold Boot Attacks on Encryption Keys.

What does this mean exactly? Well it just further proves that no level of security is full proof. No matter how hard you try, someone can, with enough time and work, get to your data. This does not mean that one should make it easy for the hacker. The general idea behind security, no matter if its disk encryption or strong passwords, is simply to make the hacker’s life more difficult when it comes to getting to your data. The harder it is for someone to get to your data, the more chances you have of them giving up and moving on. There are plenty of people in the world that do not take the extra steps to secure their private data, so they will more often than not, move on to someone that does not take those steps. The general idea here is time spent versus rewards. Chances are, if you are taking those extra steps, you probably are smart enough to not have any data that is really worth having on the computer, or at least not in large quantities.

Security is important and more people should consider the data they store on their hard disks, USB flash drives, or anywhere else in digital format for that matter. If you are going to store sensitive data, take the extra steps to secure it. Even though the disk encryption programs have a flaw does not mean that the hacker is going to go through the trouble. Just because security can be broken does not mean that one should not take proper steps to ensure the security of their sensitive data.

This entry was posted in Security, Technology. Bookmark the permalink.