>KON can't do it all, and hard disk crypto seems to be the one thing >that stops this fun little tool cold. I think from a white hat >perspective, it makes for an amazing demo of why FDE is needed.
FDE has some flaws. If you have access to the computer while it's running, there are a few approaches to defeat full disk encryption. They make use of flaws in implementations. 1) Searching memory for crypto material. AES uses tables that contain info for the block scrambling. If you can find this, you might find the encryption key nearby. The coldboot stuff does this. 2) The BIOS-based terminal buffer. http://www.securityfocus.com/bid/15751 You can use coldboot, USB/switchblade, or live hacks to get this info. I know one company that uses FDE, and #2 recovers the password in some cases. Social someone to run a program that e-mails you the FDE password first. I still have to spend some time in reverse engineering the MBR of a disk with FDE. _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
