Isn’t that attack only viable within minutes of a machine being powered down?
Not even, try seconds at most.
All things considered, a cold boot attack is only remotely feasible if the system is powered on when the attack begins. If it’s powered off for any length of time, your memory will have decayed past the point of it being usable for the attack.
That actually is correct, because if you power your system down ahead of time, this attack is meaningless since there is only a VERY short window where this attack works. From your link:
Attackers execute cold boot attacks by forcefully and abruptly rebooting a target machine and then booting a pre-installed operating system from a USB flash drive, CD-ROM or over the network.
If your attacker only has your cold machine that’s been off since well before you hit the checkpoint, they can’t do shit with that attack. At best they can boot the system up to verify your system operates as intended, but you don’t have to provide any of the credentials to finish booting or unlock the TPM to load the key material into memory.
To add to that, even the original paper written with 1999-2007 era SDRAM/DDR/DDR2 is not optimistic about the scenario of a machine that was already powered down at regular operating temperatures:
with the fastest exhibiting complete data loss in approximately 2.5 seconds and the slowest taking an average of 35 seconds
And that only got worse with more advanced RAM, not to mention that they lost almost all of the data far quicker than that with only a couple % of bits surviving that long. For all practical intents and purposes, cold boot against an already-powered-down machine is a myth, the cooling has to be applied while it’s on.
That is not correct. Data can persist in RAM even when powered off, especially if the sticks are frozen. https://en.wikipedia.org/wiki/Cold_boot_attack
Isn’t that attack only viable within minutes of a machine being powered down? That seems like a huge caveat…
Not even, try seconds at most.
All things considered, a cold boot attack is only remotely feasible if the system is powered on when the attack begins. If it’s powered off for any length of time, your memory will have decayed past the point of it being usable for the attack.
That actually is correct, because if you power your system down ahead of time, this attack is meaningless since there is only a VERY short window where this attack works. From your link:
If your attacker only has your cold machine that’s been off since well before you hit the checkpoint, they can’t do shit with that attack. At best they can boot the system up to verify your system operates as intended, but you don’t have to provide any of the credentials to finish booting or unlock the TPM to load the key material into memory.
To add to that, even the original paper written with 1999-2007 era SDRAM/DDR/DDR2 is not optimistic about the scenario of a machine that was already powered down at regular operating temperatures:
And that only got worse with more advanced RAM, not to mention that they lost almost all of the data far quicker than that with only a couple % of bits surviving that long. For all practical intents and purposes, cold boot against an already-powered-down machine is a myth, the cooling has to be applied while it’s on.
Ah, thanks, I stand corrected. Still a good practice.
FYI, the cold boot attack is only viable for a handful of seconds before your memory decays enough for it to be worthless for that attack.
Powering your system down yourself prevents this. Just make sure your system doesn’t have fastboot enabled or hibernates instead of a true power off.
TIL. Thanks.