You've no doubt seen the latest handywork of Ed Felten and his team from the Princeton Center for Information Technology Policy regarding cold boot attacks on encryption keys:
Abstract: Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We use cold reboots to mount attacks on popular disk encryption systems — BitLocker, FileVault, dm-crypt, and TrueCrypt — using no special devices or materials. We experimentally characterize the extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay. Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them.
Check out the video below (if you have scripting disabled, here's the link.) Fascinating and scary stuff.
Would a TPM implementation mitigate this if they keys weren't stored (even temporarily) in RAM?
Given the surge lately toward full disk encryption products, I wonder how the market will react to this. I am interested in both the broad industry impact and response from vendors. I won't be surprised if we see new products crop up in a matter of days advertising magical defenses against such attacks as well as vendors scrambling to do damage control.
This might be a bit of a reach, but equally as interesting to me are the potential implications upon DoD/Military crypto standards such as FIPS140.2 ( I believe the draft of 140.3 is circulating...) In the case of certain products at specific security levels, it's obvious based on the video that one wouldn't necessarily need physical access to a crypto module (or RAM) in order to potentially attack it.
It's always amazing to me when really smart people think of really creative, innovative and (in some cases) obvious ways of examining what we all take for granted.