wehuberconsultingllc.com

In a recent article on IT Security John Edwards stated:

Every business has secrets that it would prefer to shield from both the public and from rank-and-file employees. These private documents can include marketing strategies, production processes, product formulas, and even the home phone numbers and addresses of company officers.

One of the common uses of disk encryption is to protect this confidential information. For people who have confidential information on their laptops the use of disk encryption is highly recommended if not mandatory. Recently a group at Princeton University published a paper called Lest We Remember: Cold Boot Attacks on Encryption Keys which presented a suite of attacks that exploit DRAM remanence effects to recover cryptographic keys held in memory. In the video and paper they show how easy it is to break into laptops under the “right” circumstances. Since I am a fan of TrueCrypt and to a lesser degree BitLocker this presents quite a conundrum. Can we continue to use and recommend these disk encryption programs? The answer is yes but there are some configuration settings you may want review to be safe.

1. The default setup for TrueCrypt does not cache passwords. A quick way to detect cached passwords is if the Wipe Cache button is grayed out. If you cache passwords you should probably check the box to wipe the passwords on exit or auto-dismount.
2. I auto-dismount the encrypted drives when I log off or enter a power saving mode. For additional security in a large office environment you may want to auto-dismount when the computer enters a screen saving mode or if data has not been written to it for some period of time.
3. I power off my laptop when I travel. This eliminates the primary exploit path in the Princeton method.