Ed Felten Defeats Hard Drive Encryption
Found on Techdirt on Thursday, 21 February 2008
Felten and a group of colleagues have now shown that hard disk encryption is incredibly easy to beat. This should be a huge concern, considering how many people and organizations rely on data encryption to protect important data. In fact, with many of the "lost" hard drive stories over the past few years, many organizations have insisted the risk was minimal, since the data was all encrypted.
As the video notes, this won't work on some systems if the computer is turned completely off and the encryption package opens up before the operating system boots -- but otherwise, most systems are vulnerable.
This is indeed a problem. Under some circumstances, memory chips can still contain useful data even after 10 minutes without power. First of all, make sure that your computer won't boot from any external media, like CD-ROM or USB. Also, make it as hard as possible to remove the RAM.