Well who knew? RAM persists!

God dammed Princeton kids! They broke everything!

Cold boot attacks on Encryption Keys

The best fix I could think of would be to wipe the key from memory (overwrite actually) immediately after you’re done using it. Also maybe keep it scrambled, but that wouldn’t be fool proof. Another idea would be to try to put the encryption key where it would be overwritten by the dump program. But you can’t rely on that either, you could easily transfer the ram into another computer where it wouldn’t be the only ram.

This doesn’t make disk encryption useless, its just something to be aware of. As long as you turn off your computer (and now you know to wait a minute for the ram to clear) your data should be ok.If you’re computer is unlocked when it gets stolen, then you’re screwed anyway. This research just found out that the lock closes a little slower then we thought.

It’s also very cool.

-Francis