Re: Laptop - Full Disk Encryption? (Booting defeats FDE)

[Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>]

On 2007-10-23 Bill Stout wrote:
> How to defeat full disk encryption:  Boot up

Wow, you mean disk encryption won't protect from attack vectors it
wasn't designed to protect from in the first place? Big surprise here.
Not.

[...]
> For protection of data on the computer _after_ it's running, you may
> consider products that offer more granular file-level encryption like
> Credant Technologies or Information Security Corp.  These products
> encrypt what's important (user files and temp files), but allow for
> standard support, backup and recovery practices.

For protection of data on the computer _after_ it's running, you have a
kernel which implements and enforces access controls and privileges.

Besides, how do those file-level encryption systems make sure every kind
of temporary data an application may create on the disk is encrypted?
How do they ensure no unencrypted user data is left after the encryption
system is put in place? How do they handle paged data? How do they
handle (read "ensure confidentiality of") the keys?

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq