Post by John Smith Post by thang ornithorhynchus
The BIOS keyboard buffer retains the pre-boot PW for Drivecrypt plus
pack (and TRuecrypt, possibly others). This can quite easily be
extracted via USB tools or more sophisticated means up to X time after
boot, in plain text. Major hole in the process. I need to know if
there is an automated utility which will invoke with M$ and flush the
buffer? Even a DOS routine, BASIC or similar which can be batched?
I think the maximum time any passwords in ram or otherwise can be
recovered with special tools is 30 min after shut down, regards
You think wrong. Modern RAM is completely unrecoverable after 30 seconds
or less - well under 5 seconds is typical.
It is only if the memory can be strongly cooled that it preserves state
for periods up to hours or days. However, it is exceedingly unlikely
that anyone, even in a no-knock raid, could open your computer and chill
your RAM fast enough after you shut the computer off.
Most of this nonsense traces back to the recent hysterical, self-
promoting, and fundamnetally dishonest paper from Princeton:
Lest We Remember: Cold Boot Attacks on Encryption Keys
Note in the paper that that for modern DDR2 RAM (types D, E, & F) memory
state was completely lost in 5 seconds for F, 2 seconds for D & E!