Step 7: Running 'keyfind'
Meanwhile, over at his laptop, Applebaum has transfered the contents of the MacBook's 1.25 GB of memory to his own computer in the "/tmp/declan-macbook" memory file.
Part of what makes this research so interesting are the cunning techniques the researchers invented to identify AES encryption keys in memory files. They work by using a feature of the AES algorithm called a key schedule as a kind of error-correcting code. That lets them reconstruct keys even if the contents of the dynamic RAM chips have begun to decay. The paper says: "Applying this method to keys with 10 percent of bits decayed, we can reconstruct nearly any 128-bit AES key within a few seconds. We have devised reconstruction techniques for AES, DES, and RSA keys, and we expect that similar approaches will be possible for other cryptosystems."
In this photograph, Applebaum is using a program called "keyfind" to examine the contents of the memory file. It doesn't take long to report back its first possible match for an AES key.
- Talkback
- Most Recent of 17 Talkback(s)
- Thread View
- Flat View
- Bit Locker
- It seems to me that the problem resides in the TPM. I do not use it. I store my password on a memory stick whereas using TPM stores it in the RAM. If the password is not on the computer to begin with it can't be hacked.... (Read the rest)
- Posted by: cobra96ds@... Posted on: 02/25/08 You are currently: a Guest | Log in | Terms of Use
Supercooled memory?
Eriamjh | 02/21/08
|
Millions at stake in corporate espionage ...
terry flores | 02/21/08
|
re: back doors
CobraA1 | 02/21/08
|
|
Clearing memory at reboot would not work.
ye | 02/22/08
|
|
RE: Supercooled memory?
bfilipiak@... | 02/22/08
|
|
A few things to note
CobraA1 | 02/21/08
|
|
Careful there
georgeou | 02/21/08
|
|
hdiutil was simply used to show successful crack
terry flores | 02/21/08
|
|
RE: (Images: How to bypass FileVault, BitLocker security)
d1g1tal_ph3r3t | 02/21/08
|
|
RE: (Images: How to bypass FileVault, BitLocker security)
riverab0@... | 02/22/08
|
|
Addition
riverab0@... | 02/22/08
|
Cox
CassidyJames | 02/22/08
|
|
I would like to see this tried with Firmware locked
duane@... | 02/22/08
|
|
Info still unencrypted in RAM...
robert.rohr@... | 02/22/08
|
|
Bit Locker
cobra96ds@... | 02/25/08
|
|
Encyption Law
benjaminwright75205 | 02/22/08
|
|
This is freaky
John Musbach | 02/24/08
|
What do you think?
More ZDNet Photo Galleries
SmartPlanet
- Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
- More from IBM
-
- Can your business work smarter? Learn more about Lotus Symphony
- Learn how to work smarter and optimize cost using the IBM Smart SOA approach Download the eBook
- Smarter ways to make smarter products Read the brief from IBM
