We will give in this article an overview about the security problems with preboot encryption on the light of local hardware (laptop) and VPS and dedicated server.
Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images.
Micah Lee gives here a very good overview:
We directly would like to add the best operational security for this is using a laptop that does not have firewire or firewire is physical destroyed.
encryption just helps against an attacker who has to shutdown the server (see dedicated server), otherwise he can just dump the ram of the VPS. This way he gains access to the encryption key.
So it is quite worthless.
Same problems like a laptop but with the different problem for the attacker that a server does not have a battery power supply (can be solved easily, even more in case there is a second power supply to the server)
Make sure opening the case and removing the ram from the slots take a few minutes so the keys is most likely destroyed. (Glue them into the slots)
Do not use Bitlocker with TPM, this will cause security problems, we recommend LUKS under Linux or Veracrypt for Windows machines. (Veracrypt is a Truecrypt fork and does well also under Linux)
Research about cold boot attacks:
- 1 Users Found This Useful