Democracy & Technology Blog Stealing encrypted data

Researchers at Princeton have figured out how to crack encrypted files stored on a computer’s hard drive, according to the New York Times.

“Cool the chips in liquid nitrogen (-196 °C) and they hold their state for hours at least, without any power,” Edward W. Felten, a Princeton computer scientist, wrote in a Web posting. “Just put the chips back into a machine and you can read out their contents.”

This technique — which enabled the researchers to retrieve encryption keys from DRAM chips — can’t be carried out remotely via the Internet or a WiFi connection, only if your computer is stolen or seized.
One way to look at this is to lament that one can’t be sure anything one stores on their computer is safe. But that’s pessimistic — a bit like lamenting it’s too bad someone can’t build a ship which can’t sink or a vehicle which can’t be stolen. Just as it is true that any secret code can be broken, it’s equally true there’s no limit on the complexity or redundancy one can add to secret codes to make them harder to compromise. Microsoft and Apple suggest how to protect one’s personal files in case their computer is stolen or seized:

Austin Wilson, director of Windows product management security at Microsoft, said the company recommended that BitLocker be used in some cases with additional hardware security. That might include either a special U.S.B. hardware key, or a secure identification card that generates an additional key string.
The Princeton researchers acknowledged that in these advanced modes, BitLocker encrypted data could not be accessed using the vulnerability they discovered.
An Apple spokeswoman said that the security of the FileVault system could also be enhanced by using a secure card to add to the strength of the key.

Hance Haney

Director and Senior Fellow of the Technology & Democracy Project
Hance Haney served as Director and Senior Fellow of the Technology & Democracy Project at the Discovery Institute, in Washington, D.C. Haney spent ten years as an aide to former Senator Bob Packwood (OR), and advised him in his capacity as chairman of the Senate Communications Subcommittee during the deliberations leading to the Telecommunications Act of 1996. He subsequently held various positions with the United States Telecom Association and Qwest Communications. He earned a B.A. in history from Willamette University and a J.D. from Lewis and Clark Law School in Portland, Oregon.