Step 7: Running 'keyfind'
Meanwhile, over at his laptop, Applebaum has transfered the contents of the MacBook's 1.25 GB of memory to his own computer in the "/tmp/declan-macbook" memory file.
Part of what makes this research so interesting are the cunning techniques the researchers invented to identify AES encryption keys in memory files. They work by using a feature of the AES algorithm called a key schedule as a kind of error-correcting code. That lets them reconstruct keys even if the contents of the dynamic RAM chips have begun to decay. The paper says: "Applying this method to keys with 10 percent of bits decayed, we can reconstruct nearly any 128-bit AES key within a few seconds. We have devised reconstruction techniques for AES, DES, and RSA keys, and we expect that similar approaches will be possible for other cryptosystems."
In this photograph, Applebaum is using a program called "keyfind" to examine the contents of the memory file. It doesn't take long to report back its first possible match for an AES key.
- Talkback
- Most Recent of 17 Talkback(s)
- Thread View
- Flat View
- Bit Locker
- It seems to me that the problem resides in the TPM. I do not use it. I store my password on a memory stick whereas using TPM stores it in the RAM. If the password is not on the computer to begin with it can't be hacked.... (Read the rest)
- Posted by: cobra96ds@... Posted on: 02/25/08 You are currently: Logged In | Log out
 Supercooled memory? Eriamjh | 02/21/08 |
 Millions at stake in corporate espionage ... terry flores | 02/21/08 |
 re: back doors CobraA1 | 02/21/08 |
| Clearing memory at reboot would not work. ye | 02/22/08 |
| RE: Supercooled memory? bfilipiak@... | 02/22/08 |
| A few things to note CobraA1 | 02/21/08 |
| Careful there georgeou | 02/21/08 |
| hdiutil was simply used to show successful crack terry flores | 02/21/08 |
| RE: (Images: How to bypass FileVault, BitLocker security) d1g1tal_ph3r3t | 02/21/08 |
| RE: (Images: How to bypass FileVault, BitLocker security) riverab0@... | 02/22/08 |
| Addition riverab0@... | 02/22/08 |
 Cox CassidyJames | 02/22/08 |
| I would like to see this tried with Firmware locked duane@... | 02/22/08 |
| Info still unencrypted in RAM... robert.rohr@... | 02/22/08 |
| Bit Locker cobra96ds@... | 02/25/08 |
| Encyption Law wagonhitch5@... | 02/22/08 |
| This is freaky John Musbach | 02/24/08 |
What do you think?
More ZDNet Photo Galleries
- Sports and Technology
-
Major League Baseball pitches new app to iPhone users
At Apple's Worldwide Developers Conference in San Francisco, Jeremy Schoenherr of MLB.com demos At-Bat, a new iPhone app from Major League Baseball.
View the ZDNet video to learn more -
The SF Giants' new hi-tech ballpark
SF Giants CIO Bill Schlough discusses new technology upgrades at AT&T Park and outlines his dual role- managing technology operations at the backend while using hi-tech to improve player performance on the field.
View the ZDNet CIO Vision Series video - From our Sponsors
- Fantasy Football
-
-
3 Great Ways To Play Fantasy Football
Play for free, play to win cash prizes- up to $3500, or customize your own league.
Learn More » -
