Måns Rullgård <mans@mansr.com> writes:
> David Schwartz <davids@webmaster.com> writes:
>> On Feb 27, 9:29 am, phil-news-nos...@ipal.net wrote:
>>> I'd also recommend wiping the data with random bits instead of zeros.
>>
>> Why? To protect against possible even more bizarre, even more
>> hypothetical attacks?
>
> Even if there were residual patterns left after overwriting with
> zeros, which I doubt, it wouldn't matter. When powered up again, the
> memory will read as zeros, assuming it is done before it randomises
> again. If this wasn't the case, DRAM wouldn't work at all. Besides,
> such traces of previous data would fade much quicker, and the time
> window for this attack is small enough as it is.
>
>> This attack is so bizarre, it's barely worth doing much of anything
>> about.
>
> Yes, being abducted by aliens seems more likely.

I have just yesterday been required to read through a long marketing
text trying to sell TPM-based 'security solutions' (software) because
it is (claimed to be) immune against reading keys still available from
RAM. Assuming that it is, this is still complete bullshit, because the
protected data itself needs to reside in RAM in decrypted form if it
is supposed to be used by software for anything, so 'reading the
decryption key' isn't even necessary to access the data.

But that's presumably already to technical and to complicated for
quite a few people ...