Solution Against Cold Boot Attack In the Making 260
Bubba writes "I just discovered this blog: Frozen Cache. It describes a concept for preventing cold boot attacks by saving the encryption key in the CPU cache. It is claimed that by disabling the CPU cache the key will remain in cache and won't be written to memory. The blog says they're working on a proof-of-concept implementation for Linux. Could this really turn out to be a working solution?" Update: 01/19 20:26 GMT by KD : Jacob Appelbaum, one of the authors of the cold boot attack paper, wrote in with this comment: "It's not a solution. It simply seeks to make it more obscure but an attacker would certainly still be able to pull off the attack. From what is on that blog, there's still a full keyschedule in memory at this time. This is how we reconstruct the key, the redundant information in memory; it's not just the 128/256 bit key itself. For older methods, they needed the actual specific key bits but we don't need them because we recreate them. Basically, the CPU is acting as a ghetto crypto co-processer. Emphasis on ghetto. It's a nice suggestion but the devil is in the details and sadly the details in this case aren't really up to snuff. It's a bogus solution."
Great! (Score:5, Funny)
Re:Easier (Score:1, Funny)
thermite grenade with thermite lining of case walls.
Re:zero on power up? (Score:2, Funny)
How exactly would a memory chip define "power first applied"? And how would the memory itself erase anything?
Well, I might be taking a stab in the dark here, but perhaps it has something to do with THE ADDITIONAL CIRCUITRY proposed by the Parent?
Nothing ever gets done in the world anymore because those of us with an understanding of our surroundings are too busy facepalming ourselves constantly.
Re:Firewire (Score:1, Funny)
I rewired the firewire port on my secure machine to meet its name better. Go ahead, plug your thing in. It gets 110V AC.
Re:Freeze the CPU (Score:5, Funny)