Friday, March 14, 2008

To sleep, power off or hibernate - cold boot and user behaviour..

Interesting weeks - the last couple. Lots of folks debating whether the cold boot risk is real - is it too esoteric? Who do we know lugs around cans of liquid nitrogen to bring DRAM to 0 degree Kelvin!?! Maybe the guy who makes the Terminator movies...

I must admit the video was cool to watch - frozen chips... And therefore, most of the focus seems to have gone in that direction - thinking that one needs to cool the chips to extract the memory contents. But in reality, one needs only a USB drive with code to peek into DRAM - no need to even cool the chips! And Mr McGrew already has a tool - check out his comments "I did this as a small side project..." Nice!

Got me thinking on another topic - would be cool to do a survey on this. How many of us who lug around our laptops, travelling the country, shut it down? I personally never do - I only shut down my laptop when it starts to behave a bit erratic and slow. Else, I keep it on and when I travel just shut the lid.

I prefer sleep since it awakes quickly, hibernation seems to take longer. And with FDE enabled systems, this becomes more interesting:
-More RAM, larger hibernation file
-Larger hibernation file -> longer time to encrypt, i.e. close
-Larger hibernation file-> much longer time to decrypt and open

Hmm... I see sleep or power off as the only viable options for most folks with FDE!!

Now how does that compute with the risk scenario from the cold boot attack.. If I were an IT pro in a large organization, I would take a serious look at the power modes my mobile users use on their laptops...