Freezing encryption keys
A group led by a Princeton University computer security researcher has developed a simple method to steal encrypted information stored on computer hard disks.
In a technical paper that was published Thursday on the Web site of Princeton's Center for Information Technology Policy, the group demonstrated that standard memory chips actually retain their data for seconds or even minutes after power is cut off.
When the chips were chilled using an inexpensive can of air, the data was frozen in place, permitting the researchers to easily read the keys long strings of ones and zeros out of the chip's memory.
In a technical paper that was published Thursday on the Web site of Princeton's Center for Information Technology Policy, the group demonstrated that standard memory chips actually retain their data for seconds or even minutes after power is cut off.
When the chips were chilled using an inexpensive can of air, the data was frozen in place, permitting the researchers to easily read the keys long strings of ones and zeros out of the chip's memory.
This is very impressive, although it's not easy to exploit because you have to have physical access to the victim's computer. Nevertheless, this shows that using cryptography does not guaranty the safety of your information. You need other security measures to make the use of cryptography working: a policy for physical access to your computers in this case.
Security is like a chain: it's as strong as the weakest link. When it breaks, the rest of the security measures are worthless.