Encryption software designed to guard sensitive data on laptops can be circumvented by searching the computers' volatile memory for traces of the encryption keys, a group of computer-security researchers said in a paper published on Thursday.

The paper, Lest We Remember: Cold Boot Attacks on Encryption Keys, explores the security implications of data's tendency to remain in a computer's random access memory (RAM) even after the system is shut down. While RAM requires data to be periodically refreshed, the data -- including encryption keys from Microsoft's BitLocker, Apple's FileVault and other formats -- can still retrieved from memory a significant amount of time after the power is turned off, the researchers discovered.

"People trust encryption to secure their data when their computer is out of their immediate control," Seth Schoen, staff technologist at the Electronic Frontier Foundation and an author of the paper, said in a statement. "But this new class of vulnerabilities shows it is not a sure thing."

The research found that -- while some computers exhibit complete data loss in a few seconds at room temperature -- by lowering the temperature of the memory to -50 degrees Celsius using compressed air, 99.9 percent of the data stored in memory can be reliably retrieved up to a minute later. In some cases, the researchers could retrieve the data more than 10 minutes after the computer was shutdown.

By using error-correction methods, the researchers were able to retrieve encryption keys stored to memory, even in the presence of significant errors.

Security researchers have poked holes in encryption algorithms in the past. In 2003, Swiss security researchers found a timing attack that could reveal the keys to messages encrypted with Secure Sockets Layer (SSL). In 2005, three Chinese researchers found ways to successively weaken a hash function known as the Secure Hash Algorithm (SHA-1) commonly used to digitally sign documents.

To defend against the latest attack, full-disk encryption software should scrub memory as much as possible and avoid calculating certain cryptographic primitives and storing them in memory. Computer makers could also better protect the memory from manipulation by making the chips harder to access. Finally, users can protect themselves by keeping track of the machines for at least a minute following system shutdown, the researchers stated in their paper.

If you have tips or insights on this topic, please contact SecurityFocus.