This attack WOULD work, as it is preserving the AES keys in DRAM after the authentication has been completed.
At 6:28 PM -0500 2/21/08, Garrett M. Groff wrote: >Regarding the following statement: >"It's a pretty exotic attack if you're using authentication (ie not >Bitlocker in TPM mode, or some autoboot mode)." > >That is only an issue when using BitLocker's "transparent operation mode," >right? I.e., when using BitLocker+TPM and requiring that a PIN or USB key be >entered/present, this hardware-based attack doesn't work. Correct? > > >----- Original Message ----- >From: "SafeBoot Simon" <[EMAIL PROTECTED]> >To: <[email protected]> >Sent: Thursday, February 21, 2008 5:38 PM >Subject: Re: [FDE] Scary...... > > >It's a pretty exotic attack if you're using authentication (ie not >Bitlocker in TPM mode, or some autoboot mode). > >You'd have to attack a FDE protected machine that was on, or was on >only a very short time ago (minutes). Most data exposure comes from >people stealing drives or machines from cars etc which are long off. > >This is also not that new (though it seems to be creating a lot of >panic today) - it's an attack considered for many years. > >And of course with FDE, the simple act of zeroing all copies of the >key from memory on shutdown would resolve the "just off" scenario, >though nothing except something like Danbury or Seagate FDE solves the >"stolen while on" situation - but in that case, there are many good, >but perhaps more exotic attacks, like the firewire memory download, or >any potential network attack points. > > >On Feb 21, 3:19 pm, "Ali, Saqib" <[EMAIL PROTECTED]> wrote: >> http://citp.princeton.edu/memory/ >> >> However, hardware based encrypted drives like Seagate FDE would easily >> deter these type of attacks. >> _______________________________________________ >> FDE mailing list >> [EMAIL PROTECTED]://www.xml-dev.com/mailman/listinfo/fde > >_______________________________________________ >FDE mailing list >[email protected] >http://www.xml-dev.com/mailman/listinfo/fde > >_______________________________________________ >FDE mailing list >[email protected] >http://www.xml-dev.com/mailman/listinfo/fde _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
