[FDE] Scary......
Garrett M. Groff
groffg at gmgdesign.com
Thu Feb 21 16:28:35 MST 2008
Regarding the following statement:
"It's a pretty exotic attack if you're using authentication (ie not
Bitlocker in TPM mode, or some autoboot mode)."
That is only an issue when using BitLocker's "transparent operation mode,"
right? I.e., when using BitLocker+TPM and requiring that a PIN or USB key be
entered/present, this hardware-based attack doesn't work. Correct?
----- Original Message -----
From: "SafeBoot Simon" <hunt.simon at gmail.com>
To: <fde at www.xml-dev.com>
Sent: Thursday, February 21, 2008 5:38 PM
Subject: Re: [FDE] Scary......
It's a pretty exotic attack if you're using authentication (ie not
Bitlocker in TPM mode, or some autoboot mode).
You'd have to attack a FDE protected machine that was on, or was on
only a very short time ago (minutes). Most data exposure comes from
people stealing drives or machines from cars etc which are long off.
This is also not that new (though it seems to be creating a lot of
panic today) - it's an attack considered for many years.
And of course with FDE, the simple act of zeroing all copies of the
key from memory on shutdown would resolve the "just off" scenario,
though nothing except something like Danbury or Seagate FDE solves the
"stolen while on" situation - but in that case, there are many good,
but perhaps more exotic attacks, like the firewire memory download, or
any potential network attack points.
On Feb 21, 3:19 pm, "Ali, Saqib" <docbook.... at gmail.com> wrote:
> http://citp.princeton.edu/memory/
>
> However, hardware based encrypted drives like Seagate FDE would easily
> deter these type of attacks.
> _______________________________________________
> FDE mailing list
> F... at www.xml-dev.comhttp://www.xml-dev.com/mailman/listinfo/fde
_______________________________________________
FDE mailing list
FDE at www.xml-dev.com
http://www.xml-dev.com/mailman/listinfo/fde
More information about the FDE
mailing list