A cold boot attack is one such means by which an intruder can defeat encryption despite system security, if they can gain physical access to the running machine.
Usually a cold boot attack involves cooling memory chips or quickly restarting the computer, and exploiting the fact that data is not immediately lost (or not lost if power is very quickly restored) and the data that was held at the point of intervention will be left accessible to examination.
TRESOR is a software approach that seeks to resolve this insecurity by storing and manipulating encryption keys almost exclusively on the CPU alone, and in registers accessible at ring 0 (the highest privilege level) only—the exception being the brief period of initial calculation at the start of a session.
He left the latter for others to examine, and developed a proof of concept distribution called Paranoix based on the SSE register method.
[3] Its developers state that "running TRESOR on a 64-bit CPU that supports AES-NI, there is no performance penalty compared to a generic implementation of AES",[4] and run slightly faster than standard encryption despite the need for key recalculation, a result which initially surprised the authors as well.