[FDE] Scary......

Dave Jevans djevans at ironkey.com
Thu Feb 21 22:17:44 MST 2008 

This attack WOULD work, as it is preserving the AES keys in DRAM 
after the authentication has been completed.


At 6:28 PM -0500 2/21/08, Garrett M. Groff wrote:
>Regarding the following statement:
>"It's a pretty exotic attack if you're using authentication (ie not
>Bitlocker in TPM mode, or some autoboot mode)."
>
>That is only an issue when using BitLocker's "transparent operation mode,"
>right? I.e., when using BitLocker+TPM and requiring that a PIN or USB key be
>entered/present, this hardware-based attack doesn't work. Correct?
>
>
>----- Original Message -----
>From: "SafeBoot Simon" <hunt.simon at gmail.com>
>To: <fde at www.xml-dev.com>
>Sent: Thursday, February 21, 2008 5:38 PM
>Subject: Re: [FDE] Scary......
>
>
>It's a pretty exotic attack if you're using authentication (ie not
>Bitlocker in TPM mode, or some autoboot mode).
>
>You'd have to attack a FDE protected machine that was on, or was on
>only a very short time ago (minutes). Most data exposure comes from
>people stealing drives or machines from cars etc which are long off.
>
>This is also not that new (though it seems to be creating a lot of
>panic today) - it's an attack considered for many years.
>
>And of course with FDE, the simple act of zeroing all copies of the
>key from memory on shutdown would resolve the "just off" scenario,
>though nothing except something like Danbury or Seagate FDE solves the
>"stolen while on" situation - but in that case, there are many good,
>but perhaps more exotic attacks, like the firewire memory download, or
>any potential network attack points.
>
>
>On Feb 21, 3:19 pm, "Ali, Saqib" <docbook.... at gmail.com> wrote:
>>  http://citp.princeton.edu/memory/
>>
>>  However, hardware based encrypted drives like Seagate FDE would easily
>>  deter these type of attacks.
>>  _______________________________________________
>>  FDE mailing list
>>  F... at www.xml-dev.comhttp://www.xml-dev.com/mailman/listinfo/fde
>
>_______________________________________________
>FDE mailing list
>FDE at www.xml-dev.com
>http://www.xml-dev.com/mailman/listinfo/fde
>
>_______________________________________________
>FDE mailing list
>FDE at www.xml-dev.com
>http://www.xml-dev.com/mailman/listinfo/fde

More information about the FDE mailing list