Well, it looks like a group of people at Princeton University have found a way to do exactly this.  The fact that encrypted data can be stolen is not the thing that you should be worried about… it’s how easy it is to do that should have you concerned.  The only thing you need: a can of compressed air, which will run you probably a couple of bucks at any computer or affiliated store.  This being the case, it looks like more security measures need to be taken towards physically securing the tower.

SAN FRANCISCO — A group led by a Princeton University computer security researcher has developed a simple method to steal encrypted information stored on computer hard disks.

The technique, which could undermine security software protecting critical data on computers, is as easy as chilling a computer memory chip with a blast of frigid air from a can of dust remover. Encryption software is widely used by companies and government agencies, notably in portable computers that are especially susceptible to theft.

The development, which was described on the group’s Web site Thursday, could also have implications for the protection of encrypted personal data from prosecutors.

The move, which cannot be carried out remotely, exploits a little-known vulnerability of the dynamic random access, or DRAM, chip. Those chips temporarily hold data, including the keys to modern data-scrambling algorithms. When the computer’s electrical power is shut off, the data, including the keys, is supposed to disappear.[more]

Tags: Encryption