# Cold Boot Attacks: Reading RAM After Power Off

**Source**: https://quantumsequrity.com/blog/cold-boot-attacks
**Category**: Threats & Attacks

---

[← Back to Blog](../../blog.html) Threats & Attacks

# Cold Boot Attacks: Reading RAM After Power Off

10 min read

In 2008, a team of researchers at Princeton, the Electronic Frontier Foundation, and Wind River Systems pulled the power on a running laptop, sprayed the memory chips with compressed air to keep them cold, and read the contents of RAM minutes after the operating system had shut down. They recovered full disk encryption keys. The attack became known as the cold boot attack, and it forced a fundamental rethink of what physical possession of a powered-off laptop means for data security.

The intuition that RAM forgets the moment power is removed turned out to be wrong. Dynamic RAM, the cheap memory that fills laptops and servers, holds its contents for seconds at room temperature and minutes at low temperature. That is enough time for an attacker with physical access to recover encryption keys from a system that, by all appearances, was switched off.

This post examines the original attack, the physics that make it possible, the modern threat landscape, and the mitigations that hardware vendors and operating systems now deploy. The lessons apply to disk encryption, to file encryption tools like QNSQY, and to any cryptographic system where keys live in memory while a computer is running.

## What Halderman et al. Actually Did in 2008

The paper "Lest We Remember: Cold Boot Attacks on Encryption Keys" was presented at USENIX Security 2008 by J. Alex Halderman and his coauthors. The setup was straightforward. They took laptops running BitLocker, FileVault, dm-crypt, or TrueCrypt with the disk encryption keys loaded in memory. They cut the power. Then they tried to recover the keys from the memory chips.

The attack had two phases. First, freeze the memory. Compressed air canisters, when held upside down, spray a cold liquid that drops the chip temperature to around minus 50 degrees Celsius. At that temperature, DRAM cells hold their charge for several minutes instead of milliseconds. Second, transplant the memory or boot a minimal recovery operating system that dumps RAM to disk before the operating system can scrub it.

The team showed that 99.9 percent of bits remained correct after one minute at minus 50 degrees Celsius. Standard DRAM at room temperature loses about half its bits in five seconds. Frozen DRAM transferred to a different machine retained data for ten minutes or more. Once the bits were dumped, the team used heuristics to find encryption keys inside the memory image. AES key schedules have a recognizable structure because they expand from a small key into many round keys with predictable relationships. RSA private keys have similar redundancy. Software tools could scan a memory dump and pinpoint keys with high reliability.

## DRAM Remanence: The Physics

DRAM stores each bit as a tiny charge on a capacitor inside a memory cell. The cell leaks charge over time, which is why DRAM controllers refresh every cell every few milliseconds. When power is cut, refresh stops, and the charge slowly drains. Two factors determine how fast a bit decays. The first is temperature. Capacitor leakage current depends exponentially on temperature, so cooling the chip dramatically slows decay. The second is the bit pattern. Cells in DRAM physically encode either a "1" or "0" as a charged or discharged capacitor. The orientation of which is charged depends on the cell's layout, which means after enough time, all cells decay toward the same physical resting state, but until that point, the original pattern remains readable.

The Princeton paper measured these effects across multiple DRAM generations from DDR1 through DDR2. Newer DDR3, DDR4, and DDR5 modules behave similarly because the basic capacitor-and-transistor cell structure has not changed. Higher-density modules can have shorter remanence at room temperature because cells are smaller and leak faster, but freezing extends the window in all generations.

## Beyond the Lab: Real Attack Scenarios

The cold boot attack is not limited to nation-state adversaries. Border crossings, hotel break-ins, and stolen-laptop scenarios all fit the threat model. The attacker needs physical access for a few minutes. They do not need to know the user's password. They do not need to break the cryptography. They just need to read the keys before they fade.

In 2018, F-Secure researchers Olle Segerdahl and Pasi Saarinen demonstrated that even modern laptops with TPM-protected disk encryption were vulnerable to a variant of the attack. They showed that the firmware-level memory overwrite that newer systems perform on boot could be bypassed by reflashing a small portion of firmware before forcing the reboot. Their work was published as "The Chilling Reality of Cold Boot Attacks" and triggered another round of vendor patches.

For files protected with strong encryption like the post-quantum schemes in QNSQY, cold boot attacks target the keys in RAM during the encryption or decryption operation. Once a file has been encrypted and the keys have been zeroed from memory, a cold boot attack on a powered-off machine will not recover anything useful. The window of vulnerability is the time the keys live in RAM.

## Mitigations: What Hardware and Software Now Do

The first line of defense is to keep keys out of RAM as much as possible. Modern Intel CPUs include extensions like SGX, AMD has SEV, and ARM has TrustZone. These technologies create an isolated execution environment where memory is encrypted before it leaves the CPU and reaches DRAM. An attacker who reads the DRAM contents sees only ciphertext. The keys for encrypting DRAM live inside the CPU and are destroyed when the chip loses power.

The second line of defense is memory encryption at the platform level. AMD's Transparent Secure Memory Encryption, branded as TSME, encrypts all DRAM contents using a key derived inside the chip at boot. Intel's Total Memory Encryption serves the same purpose. These features are increasingly enabled by default on server platforms and high-end client systems. They do not protect against attacks that compromise the running operating system, but they neutralize cold boot attacks against the DRAM modules themselves.

The third line of defense is software. The Linux kernel's mm/cma.c and the careful handling of cryptographic key buffers in libsodium and OpenSSL try to limit how long keys spend in RAM and where they go. The Zeroize trait in Rust and the explicit_bzero function in modern C standard libraries provide a way to scrub keys from memory after use. The QNSQY codebase uses Zeroizing wrappers around all sensitive material, including derived AES keys, ML-KEM ciphertexts, and Falcon private keys, to ensure that when a key falls out of scope, it is overwritten before the memory is freed.

The fourth line of defense is the platform's own boot path. UEFI firmware now includes memory overwrite routines that scrub RAM during boot, denying cold boot attackers the data they need. The Trusted Computing Group standardized the Memory Overwrite Request Control specification, known as MOR, which lets an operating system tell the firmware to overwrite memory on the next boot if it suspects an attack.

## The Suspend-to-RAM Problem

Disk encryption with TPM-bound keys has a tricky interaction with sleep mode. When a laptop suspends to RAM, the operating system enters a low-power state but keeps DRAM refreshed. The keys remain in memory. An attacker who steals a sleeping laptop has the same window of opportunity as one who pulls power on a running machine. Some platforms now treat suspend-to-RAM as a security event and re-prompt for credentials on resume, which forces the disk encryption layer to derive fresh keys.

Suspend-to-disk, by contrast, encrypts the entire RAM contents to a hibernation file before powering off. If the hibernation file itself is encrypted with a key not stored in RAM, this is safer than suspend-to-RAM. Microsoft Windows BitLocker and Linux dm-crypt both support encrypted hibernation, and modern best practice for high-security laptops is to use hibernate, not sleep, when leaving the machine unattended.

For users of file encryption tools like QNSQY, the practical advice is straightforward. Encrypt files when you need to protect them, then close the application. The encryption tool should not keep keys in memory after an operation completes. QNSQY zeroes ephemeral keys, password buffers, and intermediate state after every encrypt or decrypt call. To understand why this matters in the broader threat model, see [Harvest Now, Decrypt Later](harvest-now-decrypt-later.md).

## What About DDR5 and Modern Hardware?

DDR5, introduced in 2020 and now common in 2024-era machines, includes on-chip ECC and slightly different cell geometries. The fundamental physics of capacitor remanence has not changed. Researchers have continued to demonstrate viable cold boot attacks against DDR4 and DDR5 systems, especially when memory encryption is not enabled by default.

The 2018 paper "Spectre Returns! Speculation Attacks using the Return Stack Buffer" and follow-up work on transient execution showed that even with cold boot mitigations in place, side channels can leak key material from a running system. Cold boot is one piece of a larger physical and microarchitectural attack surface. To understand how transient execution attacks compound the threat, see our coverage of speculative execution attacks.

For the strongest threat model, the right combination is full memory encryption at the platform level, plus disk encryption with TPM-bound keys, plus software that zeroes secrets aggressively, plus hibernate instead of sleep for unattended machines. No single mitigation is sufficient. Defense in depth is the only honest answer.

## How This Applies to Post-Quantum Encryption

When you encrypt a file with QNSQY in hybrid mode, the workflow is brief. The CLI generates an ephemeral X25519 keypair and an ML-KEM ephemeral keypair, performs key encapsulation against the recipient's public key, derives an AES-256-GCM session key via HKDF, encrypts the file, and zeroes every intermediate value. The total time the session key spends in RAM is measured in milliseconds for small files and seconds for large ones. After the operation completes, no key material remains in process memory.

This is fundamentally different from the cold boot scenario where disk encryption holds master keys in RAM continuously. File encryption tools have a much narrower window of vulnerability. To understand the cryptographic primitives at work, see [ML-KEM Explained](ml-kem-explained.md) and [AES-256-GCM Explained](aes-256-gcm-explained.md).

## FAQ

**Does a fully shut-down laptop protect me from cold boot attacks?**
Yes, after a few minutes at room temperature, DRAM cells lose their contents through normal leakage. The risk window is from the moment of power loss until the cells decay. Freezing extends this window significantly.

**Is my disk encryption useless against this attack?**
Not useless, but the master key in RAM is the weak point. Mitigations like Intel SGX, AMD SEV, and platform memory encryption neutralize the most direct cold boot attacks. Without these features, disk encryption protects data on the disk but leaves master keys exposed during system runtime.

**Should I use hibernate instead of sleep?**
For high-security workloads, yes. Hibernate writes the RAM contents to disk and powers off completely. If the hibernation image is encrypted, an attacker has nothing to read from RAM. Sleep keeps RAM powered and refreshed.

**Are mobile phones affected?**
Most modern phones use embedded LPDDR memory soldered to the board. The memory cannot be physically transplanted. Vendors also include TrustZone-style secure execution that keeps keys off main DRAM. The attack surface is much smaller than on traditional laptops.

**Can encrypted memory like Intel TME stop cold boot?**
Largely yes. With memory encryption enabled, the contents of DRAM are ciphertext using a key that lives inside the CPU. Reading the DRAM after power loss yields only encrypted bytes. The CPU key is destroyed when the chip loses power.

## Sources

1. Halderman, J. A. et al. "Lest We Remember: Cold Boot Attacks on Encryption Keys." USENIX Security 2008. https://www.usenix.org/legacy/event/sec08/tech/full_papers/halderman/halderman.pdf
2. Segerdahl, O. and Saarinen, P. "The Chilling Reality of Cold Boot Attacks." F-Secure 2018. https://blog.f-secure.com/cold-boot-attacks/
3. Trusted Computing Group. "TCG PC Client Platform Reset Attack Mitigation Specification." 2008, updated 2018. https://trustedcomputinggroup.org/resource/pc-client-work-group-platform-reset-attack-mitigation-specification/
4. AMD. "AMD Memory Encryption Whitepaper." 2021. https://www.amd.com/system/files/TechDocs/memory-encryption-white-paper.pdf
5. Intel. "Intel Software Guard Extensions Programming Reference." Order Number 329298-002. https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf
6. CVE-2014-7841 and related: Linux kernel cold boot mitigations history. https://cve.mitre.org/

## Related Articles

- [Harvest Now, Decrypt Later](harvest-now-decrypt-later.md)
- [What is Post-Quantum Cryptography?](what-is-post-quantum-cryptography.md)
- [AES-256-GCM Explained](aes-256-gcm-explained.md)
- [Hybrid Encryption](hybrid-encryption.md)
- [ML-KEM Explained](ml-kem-explained.md)

---

### Protect Your Data Before Q-Day Arrives

QNSQY's NIST-standardized post-quantum encryption protects files against both current and quantum-era threats.

[Try QNSQY](../../pricing.html)