The new was released one month ago, but the vulnerability will remain without solution the next months/years. A team of the University of Princeton developed an attack against all the crypto filesystems. The attack exploits a discovery about most DRAMs in the market: the information doesn’t dissapear inmediately after powering off the machine. It remains some seconds, and, if you cold the machine with a simple cold spray, you have until 10 minutes around to reboot the machine with a program and recover the crypto keys from the memory. So, if anybody has phisical access to the machine (it is the main target to use crypto fs’s), they will be able to decrypt the information with some software and cheap hardware.
Some reactions:
- the new at Slashdot
- the brief at Securitifocus
- comment of the Electronic Frontier Foundation
- new, comment and PGPcorp announcement at Kriptópolis [ES]