Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

There are attacks on passwords stored in RAM. There's an example against the Apple keychain. Root can run the software and it collects a bunch of passwords for logged in users (http://juusosalonen.com/post/30923743427/breaking-into-the-o...)

But there are best practices for passwords, and those reduce the risks; and most attacks need privileges and access to the machine, which again reduces the risk.

If you're worried about stormtroopers kicking the door down and squirting liquid nitrogen on the RAM you probably have enough money to have very strong perimeter defences.



An air duster suffices for this purpose. No need for something so fancy as liquid nitrogen.


Depends on whether you need minutes or hours :-)


You can probably reapply it. :)

I wouldn't know, though.


What does liquid nitrogen on the RAM do? I was under the impression they plugged the computer into a UPS or something and took it.


The bits stored in DRAM remain readable for a time (sometimes minutes) even after the power is cut. In normal operation frequent refresh is needed to avoid decay the decay doesn't happen nearly as fast as the refresh cycles make it seem. Cooling the cells lengthens that time, from minutes up to hours (depending on the temperature), permitting an adversary to read them without much time pressure.

Paper on that: http://citp.princeton.edu.nyud.net/pub/coldboot.pdf


I see, thank you very much.


I would be slightly surprised if national police use such raw methods as liquid nitrogen. It is fast, but it has risk of damaging the ram.

Much safer (but slower) is to hook directly into the bus and communicate with the ram itself. I guess its a trade off between speed and security, which mean it depend on the case specifics.


It freezes the circuits and prevents them from being discharged. When removed from the fridge, the attackers have some extra time (while thawing) to read the status of the RAM.


As pfortuny and ygra say, freezing the RAM makes the memory readable for longer.

(https://citp.princeton.edu/research/memory/)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: