Some attention was garnered by a blog this weekend:
http://frozencache.blogspot.com
Which describes itself as: “A blog about the development of a general-purpose solution for mitigating cold-boot attacks on Full-Disk-Encryption solutions.”
Shortly thereafter Hack-a-day responded with:
http://hackaday.com/2009/01/18/use-the-cpu-cache-to-prevent-cold-boot-no/
The important part of this is:
“We asked cold boot team member [Jacob Appelbaum] what he thought of the
approach. He pointed out that initial cold boot required recovery of the
original key in memory, but they don’t do that anymore. The latest version of
the attack reconstructs the key from the full keyschedule, which according to
the Frozen Cache blog, still remains in RAM.”
Sounds like ram grabs have progressed a bit in the last few months. Reconstructing the full key from the keyschedule means greater ease in breaking full-disk encryption schemes.
To read up on keyschedules see: http://en.wikipedia.org/wiki/Key_schedule
