BreachExchange mailing list archives
Re: fringe: Researchers: Disk Encryption Not Secure
From: Paul Stevens <paul () nosignal net>
Date: Fri, 22 Feb 2008 16:37:27 +0200
Some FDE products already provide a feature which applies a limitation to the time your passphrase will be be held in memory. Typically though, there's a checkbox underneath which allows it to remain cached permanently. Ease of use trumps security every time. On 22 Feb 2008, at 4:25 PM, Friedlander, Gary S wrote:
Maybe the software can be patched to wipe the key from memory after so many minutes of inactivity - requiring re-entering the passphrase to re-mount the drive or re-enter the folder. -----Original Message----- From: dataloss-bounces () attrition org [mailto:dataloss-bounces () attrition org] On Behalf Of Evan Francen Sent: Friday, February 22, 2008 8:14 AM To: Roy M. Silvernail Cc: security curmudgeon; dataloss () attrition org Subject: Re: [Dataloss] fringe: Researchers: Disk Encryption Not Secure Do you think it would be possible to patch encryption products with routines to wipe the memory address(es) where the key is stored at specific times (i.e. on lock, hibernate, sleep, and shutdown)? On 2/21/08, Roy M. Silvernail <roy () rant-central com> wrote:On Thu, Feb 21, 2008 at 04:34:09PM -0500, Rory Wasserman wrote:Roy, I agree with what you are saying, however if a portable hardwaredevice isused for multifactor authentication and the key is stored in asecure placeon the device, off of the hard drive, then this type of attackwould befutile.I think you still misunderstand the threat model. The threat is not against authentication. That has already been done and the target machine is in a running state (though perhaps waiting at a screensaver password). In this state, the fully-encrypted disc is mounted and decrypting for its proper user. That means the FDE key *must* be in core somewhere, so that the disc drivers can use it to encrypt and decrypt the data as it is used. And once Mallory has the FDE key, he don' need no steenkin' authentication. He grabs an image of the disc and trots off todecryptat leisure. -- Roy M. Silvernail is roy () rant-central com, and you're not "A desperate disease requires a dangerous remedy." - Guy Fawkes http://www.rant-central.com _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliancemonitoringsolutions for large and small networks. Scan your network and monitoryourtraffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml-- Evan Francen, CISSP CCNP MCSE email: evan.francen () gmail com _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- fringe: Researchers: Disk Encryption Not Secure security curmudgeon (Feb 21)
- Re: fringe: Researchers: Disk Encryption Not Secure B.K. DeLong (Feb 21)
- Re: fringe: Researchers: Disk Encryption Not Secure Roy M. Silvernail (Feb 21)
- Re: fringe: Researchers: Disk Encryption Not Secure Rory Wasserman (Feb 21)
- Re: fringe: Researchers: Disk Encryption Not Secure B.K. DeLong (Feb 21)
- Re: fringe: Researchers: Disk Encryption Not Secure Roy M. Silvernail (Feb 21)
- Re: fringe: Researchers: Disk Encryption Not Secure Evan Francen (Feb 22)
- Re: fringe: Researchers: Disk Encryption Not Secure Friedlander, Gary S (Feb 22)
- Re: fringe: Researchers: Disk Encryption Not Secure Paul Stevens (Feb 22)
- Re: fringe: Researchers: Disk Encryption Not Secure Chris Walsh (Mar 06)
- Re: fringe: Researchers: Disk Encryption Not Secure Roy M. Silvernail (Feb 21)
- Re: fringe: Researchers: Disk Encryption Not Secure B.K. DeLong (Feb 21)