There's a saying that nothing can stop a determined mind. Encryption software is widely used by companies and government agencies, notably in portable computers that are especially susceptible to theft. A group led by a Princeton University computer security researcher has developed a simple method to steal encrypted information stored on computer hard disks. The technique, which could undermine security software protecting critical data on computers, is as easy as chilling a computer memory chip with a blast of frigid air from a can of dust remover. The move, which cannot be carried out remotely, exploits a little-known vulnerability of the dynamic random access, or DRAM, chip. Those chips temporarily hold data, including the keys to modern data-scrambling algorithms. When the computer's electrical power is shut off, the data, including the keys, are supposed to disappear. The group demonstrated that standard memory chips actually retain their data for seconds or even minutes after power is cut off. When the chips were chilled using an inexpensive can of air, the data were frozen in place, permitting the researchers to easily read the keys - long strings of ones and zeros - out of the chip's memory. Cool the chips in liquid nitrogen (minus 196 degrees Celsius, or minus 321 degrees Fahrenheit) "and they hold their state for hours at least, without any power. The researchers at Princeton wrote that they were able to compromise encrypted information stored using special utilities in the Windows, Macintosh and Linux operating systems. Apple has had a FileVault disk encryption feature as an option in its OS X operating system since 2003.

Microsoft added file encryption last year with BitLocker features in its Windows Vista operating system. The programs both use the U.S. government's certified Advanced Encryption System algorithm to scramble data as it is read from and written to a computer hard disk. But both programs leave the keys in computer memory in an unencrypted form. Both of the software publishers said they ship their operating systems with the file encryption turned off: it is up to the customer to activate the feature. After knowing this vulnerability it's clear that nothing is as reliable as burning up & smashing your computer to smithereens in the name of data protection

Source