Monday, March 10, 2008

A possible way to protect disk encryption...

By now, many would have known that disk encryption is getting vulnerable because of the weakness of the designs of disk encryption where the encryption key is stored in the RAM. Rather than storing encryption keys, It would be useful if future software disk encryption designs would prompt user for the keys or passwords rather than storing it. When lock screen or hibernation or sleeping mode is engaged, the RAM could wipe out the key from memory so the next time the user wakes up the system, the user would need to key in the password or key again. When the computer is shutdown, the key can be wiped off after encryption of the data. To take to another step of security, rather than just wiping off, replacing the data with fake random data or turning the data into blanks or unused segments or sectors would be rather useful. The only thing left for the user to lose their data other than brute attacks to logins or crypto-attacks is for the user to be careless either to spill it out or leave the computer unlock while away.

There maybe other ways to improve disk encryption. But this is the best I can come up with for now.

Maybe, another way is not to apply a full disk encryption ... rather a file encryption.. so the only way to open the file is for you to authenticate it in some ways.

No comments: