The attack on PGP, BitLocker and TrueCrypt described by the Russian developer Vladimir Katalov described in his blog is in part possible due to a typical vulnerability of whole disk encryption tools. What appears to be maximum security – everything is encrypted all the time – actually is the opposite: Everything is accessible all the time (at least as long as the disk is decrypted, and obviously even in standby mode).
At Steganos, we do not offer whole disk encryption, but volume encryption, for example in our Steganos Safe or Steganos Privacy Suite products. The technology used there works in a totally different way:
1st: As Vladimir points out, “[i]t’s important that encrypted volumes are mounted at the time a memory dump is obtained or the PC goes to sleep; otherwise, the decryption keys are destroyed and the content of encrypted volumes cannot be decrypted without knowing the original plain-text password.”
Therefore, the users of Steganos Safe or Privacy Suite only opens and closes the encrypted volume (the “Safe”) when they need it. There is no need to keep it open all the time.
2nd: When the computer goes into standby (or sleep/hibernation) the Safe is automatically closed. Therefore there is no way to access its contents.
It should also be said that, if an attacker does gain access to the user’s computer to run such an attack while an encrypted volume is open, the attacker could simply steal the user’s data, since at this point in time, user data is simply not encrypted.
Learnings: Whole disk encryption can be a risk, since unencrypted data is available to the user – and an attacker – all the time. Software which does not close encrypted volumes before hibernation is a problem, too (Steganos Safe and Steganos Privacy Suite are not affected by this issue).