> -----Original Message-----
> From: Joost De Cock [mailto:[EMAIL PROTECTED]]
> "Neither keys nor
> passwords are stored
> on the PC's hard disk. "
> and furthermore:
> "Finally, a secure challenge/ response procedure is available
> to re-issue
> the password, if a PC has been blocked because the pass-word has been
> entered incorrectly or forgotten."
> My question is, would it technically be possible to provide a means to
> authenticate a user before booting the OS without the use of special
> hardware, and not store any password on the disk? And if so, wouldn't
> booting from a floppy bypass that?
My guess would be that the password _is_ stored on the HDD (or if not
the HDD, somewhere nearby like the BIOS), just not in plain text. It's
reversibly encrypted (your answer to the challenge being decryption
key).
The HDD contents are, in turn, encrypted with the password.
This is one step above security through obscurity. It's reversible
security.
-- Matt
