Asset Protection BLOG - Mark Nestmann

In my most recent blog entry, I described a fundamental vulnerability in several popular disk encryption technologies. 

This vulnerability, which researchers have dubbed the "Cold Boot Attack," can leave your encrypted data vulnerable to attack and exposure.  Any information remaining in your PC's memory—including your encryption keys and passphrases—may be recovered.

Fortunately, you can take several precautions to avoid having your data compromised.  They're suggested by PGP, the company that produces PGP Whole Disk Encryption, my top-rated encryption product:

• When possible, place computers in hibernation instead of sleep mode.  Hibernation mode (at least in the case of PGP) removes encryption keys from computer memory.
• Shut your PC down a few minutes before you leave your office or present it for physical inspection (e.g., at a U.S. border crossing).  This gives the memory chips in your PC time to cool off and the contents of the memory to dissipate, lessening your susceptibility to this type of attack.
• If you use PGP Whole Disk Encryption, use PGP Virtual Disk (a part of the program) to prevent this attack.  Keep your confidential files in a virtual disk.  When you unmount your virtual disk, your data is secure from the Cold Boot Attack.  Configure PGP Desktop to unmount virtual disks if the computer goes into sleep mode.
• Finally, never "cache" your encryption keys.  PGP and other popular encryption programs permit you to store your encryption keys in your PC's memory so that you don't have to type the passphrase each time you open an encrypted file. 

I should emphasize that this is a hardware issue—it has nothing to do with the strength or weakness of encryption programs.  But by practicing these encryption "good housekeeping" practices, you can insure your encrypted data remains secure.

Copyright © 2008 by Mark Nestmann