Researchers Find Way to Steal Encrypted Data – New York Times — I think clubbing a guy over the head and forcing him to give up the passsword is more viable than this. It should be a good gimmick in a movie script though.

In a technical paper that was published Thursday on the Web site of Princeton’s Center for Information Technology Policy, the group demonstrated that standard memory chips actually retain their data for seconds or even minutes after power is cut off.

When the chips were chilled using an inexpensive can of air, the data was frozen in place, permitting the researchers to easily read the keys — long strings of ones and zeros — out of the chip’s memory.

“Cool the chips in liquid nitrogen (-196 °C) and they hold their state for hours at least, without any power,” Edward W. Felten, a Princeton computer scientist, wrote in a Web posting. “Just put the chips back into a machine and you can read out their contents.”

The researchers used special pattern-recognition software of their own to identify security keys among the millions or even billions of pieces of data on the memory chip.

“We think this is pretty serious to the extent people are relying on file protection,” Mr. Felten said.




  1. RBG says:

    “It should be a good gimmick in a movie script though.”

    You mean like Big Brother dropping a laptop into $2 per liter liquid Nitrogen?

    RBG

  2. GregA says:

    I question the timing of this article. How long has the new york times known about this story? Also, Im not sure what it is, but I detect a significant liberal bias in this story. Notice how the NYT only ever covers bad computer security stories, and never good computer security stories?

    I bet the NYT has been against computer security all along.

  3. Brian Kaufman says:

    Really not that ridiculous. All you have to do is remove ram from a running computer and put it into another computer (or some module that can dump the data). The getting it cold part isn’t that important if you do it fast enough. And if you do need to get it cold, it’s not that big of a deal to turn a can of compressed air over and spray it for a few seconds before removing the ram. I guarantee that people have gone through greater lengths to get encryption keys.

  4. Ah_Yea says:

    Huh??

    Isn’t the first step to security, securing the computer? The article states the crack “cannot be carried out remotely..”

    So either they have to get to your computer, or your computer has to get to them. And it apparently has to be on for the keys to be in memory!

    And then they still have to use special software to find the keys!!

    Lesson here is:

    A) Don’t loose your laptop.
    B) Turn it off when not in use.
    C) Go to Princeton, because if they can spend lot’s of money and time researching worthless stuff like this, then they should be able to find time for whatever you want to do.

  5. The Monster's Lawyer says:

    I do this all the time when I forget my password.

  6. jlm says:

    I feel so informed now, I’m glad they proved that allowing someone access to the computer hardware is un-secure.

  7. Improbus says:

    Damn, I will have to go back to using encrypted clay tablets.

  8. redattack34 says:

    If they’ve got physical access to your computer, you’re hosed anyway. This just means you’re slightly more hosed.

    What’s the big deal here?

  9. Awake says:

    Considering that RAM chips need to be refreshed every few milliseconds, this really stretches credibility to it’s limit. Oh, but wait, if I cool credibility with liquid nitrogen, then credibility can last longer.

    Only way to be safe with data on your hard drive (actual military procedure):
    a) Overwrite data with 8 pass secure erase.
    b) Run hard drive through metal shredder.
    c) Bury metal chips in ‘secure’ landfill.

  10. RBG says:

    I wonder if the RAM is kept juiced for a short while because of latent energy from connected capacitors, in the same way you’re supposed to keep your computer off for 20 or so seconds between power down and power up?

    RBG

  11. Gary, the dangerous infidel says:

    If I understand it correctly, any latent power charges in external capacitors still could not maintain the individual state of each memory cell because they can’t drive the refresh cycle, without which the cells inevitably decay. I think this attack just works because the capacitor in each memory cell (1 transistor + 1 capacitor) tends to have a much slower rate of leakage than we were aware of. With billions of memory cells critical to computer operation, the refresh rate has to be set artificially high to guarantee high enough reliability from every last cell.

    Low temperatures also have a surprising effect, almost like putting transplant organs on ice.

    I’d bet that intelligence agencies have been aware of this technique for quite some time, and now the rest of us know, too.

  12. Computarman says:

    OK!!!!! And the practicality of this information to your average computer user is… Maybe this is just a targeted article for the James Bond types out there. I did get my Commodore 64 too hot back in the day and the heat burnt the program into memory like it was flash memory or something. So Now I know heat and cold can freeze the computer memory in place yippee.