Security: PGP Responds to Cold Boot Attack Paper (February 2008)

PGP Responds to Cold Boot Attack Paper (February 2008)
SANS NewsBites Vol. 10 Num. 16, 02/26/08

PGP has posted a response to the recently published paper about the Cold Boot Attack, which describes how attackers with physical access to computers can take advantage of the fact that some encryption products store their keys in DRAM. PGP stresses the fact that attackers require physical access to the machines to conduct this sort of attack, and also points out that "all security tools techniques ... are designed to address specific threat models. Achieving comprehensive security in any given environment requires using a combination of security measures."

http://www.pgp.com/newsroom/cold_boot_attack_response.html

[Editor's Note (Northcutt): Good for PGP, calling all crypto vendors, we would love to highlight your cold boot responses as well, if you have posted a white paper on the subject, please send the link to stephen@sans.edu and copy isc@sans.org.

(Internet Storm Center: Frantzen) Excellent information from PGP is included in their answer, and it should be used to construct guidance for users of their tools. All vendors should release similar information needed to create such guidance.

- - For PGP WDE: the guidance is that if you "sleep" your laptop and it get's stolen the keys are still in RAM. They claim hibernating removes the keys from RAM.

- - For PGP Virtual Disk, the disk images need to be unmounted in order to remove the key from RAM.

At the Internet Storm Center were are collecting this guidance in an article. Vendors and users are invited to contribute.]