upvote

points

by nickjj8 hours ago |
comments
upvoteby shanoaice8 hours ago|
next
[-]
Physical Access to a computer is almost always the fastest and easiest way to crack it down. Additionally, both Windows's BitLocker and Linux's dm-crypt are data at "rest" encryption. They are not responsible for the safety when your machine boots up. MAC and user password are the proper method when it's running.
reply
upvoteby inigyou8 hours ago|
prev|
next
[-]
If they have liquid nitrogen and a memory dumping boot disk, or a memory bus interceptor.
reply
upvoteby beAbU7 hours ago|
parent|
[-]
Is this still a viable attack in 2026?
reply
upvoteby fc417fc8024 hours ago|
parent|
prev|
next
[-]
Yes. Also depending on the implementation (ie if it's not an outdated Intel machine) it is presumably also vulnerable to snooping the memory bus while it's running. Note that this active attack applies regardless of encryption and impacts even enterprise SKUs. https://tee.fail/
reply
upvoteby inigyou7 hours ago|
parent|
prev|
[-]
if you have liquid nitrogen and a memory dumping boot disk, or a memory bus interceptor
reply
upvoteby pshirshov8 hours ago|
prev|
[-]
This feature was off by default in all the mobos I've seen.

It causes many stability issues, as to my experience.

The attack is sophisticated, Mr.Nobody, generally, should not worry about expensive cryogenic attacks - three letter guys would extract your key with a wrench.

I mean the change is bad - it undermines already damaged trust, but the "average Joe" is extremely unlikely to be affected directly.

There are many much cheaper ways to force you to give up your keys.

reply
upvoteby kobalsky5 hours ago|
parent|
next
[-]
> three letter guys would extract your key with a wrench.

Are people still using this to justify no encryption? that comic sure did a lot of damage.

Mr. Nobody should be able to decide how much they want to protect themselves. If it's unstable maybe Mr Nobody is fine with it.

Raising the cost of achieving this to enterprise budgets, just because, seems suspect. Specially when there are so many attempts to undermine secure computing by the powers that be. [1] [2]

> There are many much cheaper ways to force you to give up your keys.

Yes, but that requires the Mr Nobody knowing you have access to them, which in itself is a big deal.

But let's think about it, why would they torture Mr Nobody by wrench? News stations would like to hear that, or do you think they will make Mr Nobody disappear too? Would they take those risks for a Mr Nobody?

Maybe the most realistic scenario is that people sometimes can hold onto their passwords. Scumbag or not. [3]

[1] https://en.wikipedia.org/wiki/Apple%E2%80%93FBI_encryption_d... [2] https://en.wikipedia.org/wiki/Chat_Control [3] https://arstechnica.com/tech-policy/2020/02/man-who-refused-...

reply
upvoteby m304734 minutes ago|
parent|
[-]
So we're shaving yaks here but instability undermines nonrepudiability. Mr. Nobody might welcome deniability in the appropriate circumstances...
reply
upvoteby vablings4 hours ago|
parent|
prev|
next
[-]
I would honestly them have rather communicated this first clearly.
reply
upvoteby deno8 hours ago|
parent|
prev|
next
[-]
Unless you live in North Korea, China, Russia, UK, France, Australia or Ireland it’s still illegal to coerce or force someone to give up their personal keys or passwords, so this feature is still useful against some law-bound adversaries in free countries.
reply
upvoteby pshirshov7 hours ago|
parent|
next
[-]
Well, I live in Ireland but not sure what you refer to.

Something being illegal does not imply it doesn't happen though.

reply
upvoteby deno7 hours ago|
parent|
[-]
law in question: https://www.irishstatutebook.ie/eli/2017/act/11/section/7/en...

and recent Supreme Court decision that upheld its constitutionality:

https://www.algoodbody.com/insights-publications/password-pr...

reply
upvoteby linkgoron6 hours ago|
parent|
[-]
What are you trying to prove? He never said you're wrong, just the fact that something is illegal doesn't mean that it won't happen to you, just that it's illegal - those are just words written in a book somewhere. Even so-called law bound adversaries break the law all the time. A cop beating you senseless or breaking into your home is illegal, but it happens all the time. You're welcome to sue after the fact.
reply
upvoteby deno5 hours ago|
parent|
[-]
This is not relevant to memory encryption, after all the police could just plant any false evidence. You use video camera/CCTV and other evidence gathering to document such illegal police action.

Suing after the fact is a valid strategy and in free countries this would allow you to exclude illegally obtained evidence or evidence lacking proper chain of custody.

reply
upvoteby iamnothere5 hours ago|
parent|
[-]
If you sue them they will just beat you with a wrench again. Courts are imaginary. You should stop resisting. /s
reply
upvoteby 5 hours ago|
parent|
[-]
deleted
reply
upvoteby ezconnect4 hours ago|
parent|
prev|
next
[-]
The West just a few years ago declared that at airport entry points, no one is including their citizen is not protected by any law when it comes to providing access to your private stuff.
reply
upvoteby deno4 hours ago|
parent|
[-]
Don’t bring your sensitive data to airports.
reply
upvoteby wang_li5 hours ago|
parent|
prev|
[-]
In a previous administration they apparently concluded that while the government can't violate your first amendment free speech rights, they can ask a third party to do so. So what makes you think that the CIA won't hire blackwater or the crips to hit your toes with a ball peen hammer until you tell them what you want to know, and then walk away having not violated your constitutional right to privacy and not incriminate yourself?
reply
upvoteby deno4 hours ago|
parent|
[-]
I don’t want to get into specifics because ultimately it just comes down to the logical argument that just because a strategy is not by itself successful against all possible threats it doesn’t mean it’s worthless. By this logic you wouldn’t lock your front doors.
reply
upvoteby akimbostrawman8 hours ago|
parent|
prev|
[-]
>It causes many stability issues, as to my experience

In my experience it very much does not, ram instability with this feature indicates a hardware issue same as with ECC.

>Mr.Nobody, generally, should not worry about expensive cryogenic attacks - three letter guys would extract your key with a wrench.

This is disingenuous framing. There exist valid threat models for average people between thieves and three letter agencies. Police forces and organized crime have been known to use ram freezing, the former is not known for wrench attacks. That scenario is only good for hand waving real concerns anyways.

reply
upvoteby pshirshov7 hours ago|
parent|
[-]
Well, I've experimented with this feature on several platforms (both ECC and non-ECC) starting with TRX40, most of the times I've been just getting hard freezes at GPU driver initialization. If it boots - it usually hangs when a VFIO VM spins up.
reply