Researchers with Princeton University and the Electronic Frontier
Foundation have found a flaw that renders disk encryption systems
useless if an intruder has physical access to your computer -- say in
the case of a stolen laptop or when a computer is left unattended on a
desktop in sleep mode or while displaying a password prompt screen.

The attack takes only a few minutes to conduct and uses the disk
encryption key that's stored in the computer's RAM.

The attack works because content as well as encryption keys stored in
RAM linger in the system, even after the machine is powerered off,
enabling an attacker to use the key to collect any content still in
RAM after reapplying power to the machine.

"We've broken disk encryption products in exactly the case when they
seem to be most important these days: laptops that contain sensitive
corporate data or personal information about business customers," said
J. Alex Halderman, one of the researchers, in a press release. "Unlike
many security problems, this
isn't a minor flaw; it is a fundamental limitation in the way these
systems were designed."

The researchers successfully performed the attack on several disk
encryption systems -- Apple's FileVault, Microsoft's BitLocker, as
well as TrueCrypt and dm-crypt -- but said they have no reason to
believe it won't work on other disk encryption systems as well, since
they all share similar architectures.

They released a paper about their work as well as a video
demonstration of the attack (below).

http://www.privacydigest.com/2008/02/21/researchers+disk+encryption+n...