[Discuss] Cold Boot Attacks on Encryption Keys

[Richard Pieri]

Tom Metro wrote:
> Oh, physical security is already excellent in this scenario. Locked
> cage, 24/7 CCTV, and a security guard. The weakness is that your server
> is in a data center owned by a 3rd party, who can simply hand the keys
> over to someone else.

I must disagree with your assessment of "excellent". If a third party 
has physical access to your equipment and data then that equipment and 
data are not secure. If that third party has a greater interest in 
serving itself or other parties than it has in serving you then that 
equipment and data are distinctly vulnerable.


> They're encrypted too, with keys only held in memory.

Then your disaster recovery options are nil. An encrypted backup that 
cannot be decrypted is mostly useless except for maybe being an example 
of how not to run a backup system.

Dan's suggestion is great if legal threats are included in your threat 
model. Otherwise locked in a safe requiring two different security 
officers to unlock.

-- 
Rich P.