Silk Road forums

Discussion => Security => Topic started by: sudo on July 17, 2012, 05:40 am

Title: Is regular encryption immune to cold boot attacks etc.?
Post by: sudo on July 17, 2012, 05:40 am
I use an old app called CryptNote,

http://members.ozemail.com.au/~nulifetv/freezip/freeware/

which according to the faq is standalone, doesn't alter any registry values and stores nothing in RAM. Are the encrypted files immune to CBA's , password recovery etc.?
Title: Re: Is regular encryption immune to cold boot attacks etc.?
Post by: fuckthepolice101 on July 17, 2012, 08:43 am
I use an old app called CryptNote,

http://members.ozemail.com.au/~nulifetv/freezip/freeware/

which according to the faq is standalone, doesn't alter any registry values and stores nothing in RAM. Are the encrypted files immune to CBA's , password recovery etc.?

I thought about this question for a while.

I think this program ( along with many others ) could be exploited by a cold boot attack only if the passphrase is in ram - and at some point it will be in ram.

If an attacker has the chase to do a cold boot attack on this program chances are that they have a chance to extract they passphrase from memory another way without having to shut the computer down.
 

Like Guru says, there's no way to know without ripping the program apart and looking for flaws. It is a closed source program.

Title: Re: Is regular encryption immune to cold boot attacks etc.?
Post by: sudo on July 17, 2012, 12:40 pm
>>Given that the program is closed-source, that is anyone's guess. If may be secure, IF the algorithms are implemented properly

>I think this program ( along with many others ) could be exploited by a cold boot attack only if the passphrase is in ram - and at some point it will be in ram.

So basically, using any good encryption app puts you at some risk since RAM is always involved. I assume the chances of a successful brute force on an encrypted file, after the PC has been powered off for 20minutes+  are infinitesimal (assuming a strong pwd). There's always, One Time Pads... :D
Title: Re: Is regular encryption immune to cold boot attacks etc.?
Post by: sudo on July 18, 2012, 06:40 am
>The only safety you have (and will ever have) is to be anonymous.

The Zodiac Killer method.