not sure I really understand what you mean, but the benefit of pre- boot auth is that the entire user OS is opaque prior to authentication, so it's not possible to do anything with it.
post-boot auth means the Windows OS is running, so you have all the possible exploits re network attacks, firewire attacks etc. S. On Oct 10, 12:02 am, Allen <[EMAIL PROTECTED]> wrote: > Hi gang, > > Been thinking about modes of attack against FDE in Windoze and > came up with a question I can't seem to find a reasonable answer to. > > The are two modes of authentication to decrypt data on a sector > based encryption scheme as I understand it: > > 1. Pre-boot authentication - i.e, before the OS starts > 2. Post-boot authentication - i.e. after the OS starts > > Assuming that one was able to shoulder surf the user name and > password, but that the user was not listed as an administrator > and so has very limited rights to access the SAM or other > critical system files, which mode protects better against an > attack by using a USB key/LiveCD based *nix where the BIOS allows > booting from USB/CD ahead of the HD? > > Intuitively it seems to me that a post-boot authentication is > better because the specific OS that boots has the authentication > is within itself. It seems to me that a pre-boot authentication > could perhaps be defeated by allowing the sectors to be unlocked > by whatever OS boots, even if it was not the OS that was intended. > > Does this make sense? Large holes welcome. > > Best, > > Allen > > _______________________________________________ > FDE mailing list > [EMAIL PROTECTED]://www.xml-dev.com/mailman/listinfo/fde _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
