Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Data remanence
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== {{Anchor|RAM}}Data in RAM === Data remanence has been observed in [[static random-access memory]] (SRAM), which is typically considered volatile (''i.e.'', the contents degrade with loss of external power). In one study, [[data retention]] was observed even at room temperature.<ref name="skorobogatov">{{cite journal|title=Low temperature data remanence in static RAM|author=Sergei Skorobogatov|publisher=University of Cambridge, Computer Laboratory|date=June 2002|doi=10.48456/tr-536 |url=http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-536.html}}</ref> Data remanence has also been observed in [[dynamic random-access memory]] (DRAM). Modern DRAM chips have a built-in self-refresh module, as they not only require a power supply to retain data, but must also be periodically refreshed to prevent their data contents from fading away from the capacitors in their integrated circuits. A study found data remanence in DRAM with data retention of seconds to minutes at room temperature and "a full week without refresh when cooled with liquid nitrogen."<ref name="Halderman" /> The study authors were able to use a [[cold boot attack]] to recover cryptographic [[key (cryptography)|keys]] for several popular [[full disk encryption]] systems, including Microsoft [[BitLocker Drive Encryption|BitLocker]], Apple [[FileVault]], [[dm-crypt]] for Linux, and [[TrueCrypt]].<ref name="Halderman" />{{rp|page=12}} Despite some memory degradation, authors of the above described study were able to take advantage of redundancy in the way keys are stored after they have been expanded for efficient use, such as in [[key scheduling]]. The authors recommend that computers be powered down, rather than be left in a "[[power management|sleep]]" state, when not in physical control of the owner. In some cases, such as certain modes of the software program BitLocker, the authors recommend that a boot password or a key on a removable USB device be used.<ref name="Halderman">{{cite journal|title=Lest We Remember: Cold Boot Attacks on Encryption Keys|author=J. Alex Halderman|author-link=J. Alex Halderman|date=July 2008|url=https://www.usenix.org/legacy/event/sec08/tech/full_papers/halderman/halderman.pdf|display-authors=etal}}</ref>{{rp|page=12}} [[TRESOR]] is a [[kernel (operating system)|kernel]] [[patch (software)|patch]] for Linux specifically intended to prevent [[cold boot attack]]s on RAM by ensuring that encryption keys are not accessible from user space and are stored in the CPU rather than system RAM whenever possible. Newer versions of the disk encryption software [[VeraCrypt]] can encrypt in-RAM keys and passwords on 64-bit Windows.<ref>https://www.veracrypt.fr/en/Release%20Notes.html VeraCrypt release notes, version 1.24</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)