this post was submitted on 18 Jun 2026
418 points (97.7% liked)
Technology
85539 readers
3494 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Eh, it protects against a certain class of attack when the attacker has physical access e.g. reading memory with memory probes while the computer is (still) on to get passwords etc., i.e. sophisticated attackers like customs, FBI. If they have physical access you're probably hosed anyway, but if you have the presence of mind to shut the machine off (not sleep, hard off if needed) memory encryption becomes irrelevant.
That is not correct. Data can persist in RAM even when powered off, especially if the sticks are frozen. https://en.wikipedia.org/wiki/Cold_boot_attack
Isn't that attack only viable within minutes of a machine being powered down? That seems like a huge caveat...
Not even, try seconds at most.
All things considered, a cold boot attack is only remotely feasible if the system is powered on when the attack begins. If it's powered off for any length of time, your memory will have decayed past the point of it being usable for the attack.
That actually is correct, because if you power your system down ahead of time, this attack is meaningless since there is only a VERY short window where this attack works. From your link:
If your attacker only has your cold machine that's been off since well before you hit the checkpoint, they can't do shit with that attack. At best they can boot the system up to verify your system operates as intended, but you don't have to provide any of the credentials to finish booting or unlock the TPM to load the key material into memory.
To add to that, even the original paper written with 1999-2007 era SDRAM/DDR/DDR2 is not optimistic about the scenario of a machine that was already powered down at regular operating temperatures:
And that only got worse with more advanced RAM, not to mention that they lost almost all of the data far quicker than that with only a couple % of bits surviving that long. For all practical intents and purposes, cold boot against an already-powered-down machine is a myth, the cooling has to be applied while it's on.
Ah, thanks, I stand corrected. Still a good practice.
FYI, the cold boot attack is only viable for a handful of seconds before your memory decays enough for it to be worthless for that attack.
Powering your system down yourself prevents this. Just make sure your system doesn't have fastboot enabled or hibernates instead of a true power off.
TIL. Thanks.