CNET: Disk encryption may not be secure enough, new research finds. It’s one thing to read about theoretical ways to get access to secure data, it’s another to watch it on a slide show.
For those that don’t want to read the article, the upshot is: a laptop thief who knows enough can pick the secret key used to encrypt a hard drive—using Apple’s FileVault, Microsoft’s BitLocker, or any other solution that uses known key-based encryption mechanisms. The particularly brilliant bit, the part that adds insult to injury, is when the research team (which includes usual suspects Ed Felten and Alex Halderman) demonstrates recovering the key after a reboot of the laptop. Yes, that’s right: even after rebooting the laptop, enough of the prior state of the machine remains in memory so that the key can be recovered. And by chilling the RAM using liquid nitrogen—or canned air—the time needed to recover the key can be extended indefinitely.
So yes, the feds have additional techniques that can be used to recover data from your laptop, if they come across it. So do identity thieves.
So the trick now would seem to be to identify a way to encrypt data that is less subject to key recovery. The only problem is, every method that depends on the hardware decrypting the storage is likely to leave the key in memory. I like the article’s suggestion of PGP-encrypted USB sticks, if only I didn’t lose thumb drives so easily. There are also some interesting suggestions regarding limiting remote booting and unmounting encrypted volumes; the problem is that they don’t get around the core issue. If the key is in memory, you can sniff it. So what to do?