Pull Crypto Keys from My Cold (Dead) RAM Chips!

So perhaps you want to ensure the privacy of your computer files and encrypt them, or perhaps simply just encrypt the entire disk. You certainly can, but where do you store your crypto keys (on a USB stick?), in a TPM, encrypted on the disk? But at some point in time, it does not really matter, because the crypto keys will likely be copied to RAM so that they can be used to encrypt/decrypt the files… and it’s possible to dump the memory in RAM itself. So you may think that just powering off the PC will effectively erase the RAM – and your crypto keys are gone right? … well, not entirely, as some CS students at Princeton have revealed and was reported on news.com by politechbot journalist Declan McCullagh.

One thing I’ve always been curious about, is just “how long” does the data persist on “DRAM” chips after the system power is shut down. (When referring to “RAM” in a PC, this usually means DRAM or “Dynamic” RAM as opposed to SRAM or “Static” RAM, which has different properties.) Unfortunately I still do not understand the ‘exact’ physics details as to how RAM works (I assume it’s stored magnetic/electrical charge). What is fascinating to me though, is that the RAM can be read after power is lost and also that it can be read nearly perfectly for up to 10 minutes or longer after power loss if cooled properly! Peter Gutmann revealed this even back in his famous 1996 publication on secure deletion, but I’m impressed that students were able to finally test these results and publish them to the public!

Leave a Reply