Your Encrypted Data: Not So Safe After All

Researchers at Princeton have discovered that with a can of duster and a laptop, it takes only matter of minutes to crack most encryption software, including BitLocker, FileVault, dm-crypt and TrueCrypt. The weak link that makes this ridiculously simple hack possible is the DRAM chip. Here’s why: Any time your computer is on, that chip contains the key used to access encrypted data on your hard drive. Once that chip loses power, the bits stored on it are supposed to disappear immediately. But that’s not really what happens.

In reality, they fade away slowly—and if you cool the chip rapidly, that data doesn’t fade away for several minutes or longer. That’s long enough to pull out the chip and drop it in another computer, then run a key-finder program that within minutes can easily crack the code. (An FAQ on the Princeton team’s web site basically asks, “So… Can I have the source code for that key-finder program?” The answer: No.)

In other words, if you lose your password-protected laptop, you should by no means assume that the information in it is safe. Fortunately, the research team’s Web site lays out some preventative measures, as does this story on the study from the Times. Better safe than sorry.