Regarding the following statement: "It's a pretty exotic attack if you're using authentication (ie not Bitlocker in TPM mode, or some autoboot mode)."
That is only an issue when using BitLocker's "transparent operation mode," right? I.e., when using BitLocker+TPM and requiring that a PIN or USB key be entered/present, this hardware-based attack doesn't work. Correct? ----- Original Message ----- From: "SafeBoot Simon" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Thursday, February 21, 2008 5:38 PM Subject: Re: [FDE] Scary...... It's a pretty exotic attack if you're using authentication (ie not Bitlocker in TPM mode, or some autoboot mode). You'd have to attack a FDE protected machine that was on, or was on only a very short time ago (minutes). Most data exposure comes from people stealing drives or machines from cars etc which are long off. This is also not that new (though it seems to be creating a lot of panic today) - it's an attack considered for many years. And of course with FDE, the simple act of zeroing all copies of the key from memory on shutdown would resolve the "just off" scenario, though nothing except something like Danbury or Seagate FDE solves the "stolen while on" situation - but in that case, there are many good, but perhaps more exotic attacks, like the firewire memory download, or any potential network attack points. On Feb 21, 3:19 pm, "Ali, Saqib" <[EMAIL PROTECTED]> wrote: > http://citp.princeton.edu/memory/ > > However, hardware based encrypted drives like Seagate FDE would easily > deter these type of attacks. > _______________________________________________ > FDE mailing list > [EMAIL PROTECTED]://www.xml-dev.com/mailman/listinfo/fde _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
