Cold boot attacks expose a gap between what disk encryption promises and what it delivers on a running computer. This post explains the attack mechanically, who it realistically affects, and which mitigations work. The 2008 Princeton Paper In 2008, a team of researchers from Princeton, the EFF, and Wind River Systems published "Lest We Remember: Cold Boot Attacks on Encryption Keys." They demonstrated that DRAM (dynamic random-access memory) retains its contents for seconds to minutes after power is removed — sometimes longer when cooled. By cutting power to a running machine, chilling the RAM modules, and booting from a custom USB tool, they dumped full RAM contents including the AES keys BitLocker, FileVault, and dm-crypt had been using to protect encrypted disks. The fundamental physics has not changed: DRAM cells are capacitors that lose charge over time, but "over time" can mean seconds at room temperature or minutes when chilled with compressed air or liquid nitrogen.…