BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Re: fringe: Researchers: Disk Encryption Not Secure

From: Paul Stevens <paul () nosignal net>
Date: Fri, 22 Feb 2008 16:37:27 +0200
Some FDE products already provide a feature which applies a limitation  
to the time your passphrase will be be held in memory. Typically  
though, there's a checkbox underneath which allows it to remain cached  
permanently. Ease of use trumps security every time.

On 22 Feb 2008, at 4:25 PM, Friedlander, Gary S wrote:


Maybe the software can be patched to wipe the key from memory after so
many minutes of inactivity - requiring re-entering the passphrase to
re-mount the drive or re-enter the folder.

-----Original Message-----
From: dataloss-bounces () attrition org
[mailto:dataloss-bounces () attrition org] On Behalf Of Evan Francen
Sent: Friday, February 22, 2008 8:14 AM
To: Roy M. Silvernail
Cc: security curmudgeon; dataloss () attrition org
Subject: Re: [Dataloss] fringe: Researchers: Disk Encryption Not  
Secure

Do you think it would be possible to patch encryption products with
routines to wipe the memory address(es) where the key is stored at
specific times (i.e. on lock, hibernate, sleep, and shutdown)?


On 2/21/08, Roy M. Silvernail <roy () rant-central com> wrote:

On Thu, Feb 21, 2008 at 04:34:09PM -0500, Rory Wasserman wrote:

Roy,

I agree with what you are saying, however if a portable hardware

device is

used for multifactor authentication and the key is stored in a

secure place

on the device, off of the hard drive, then this type of attack

would be

futile.



I think you still misunderstand the threat model.  The threat is not
against authentication.  That has already been done and the
target machine is in a running state (though perhaps waiting at a
screensaver password).  In this state, the fully-encrypted disc is
mounted and decrypting for its proper user.  That means the FDE key
*must* be in core somewhere, so that the disc drivers can use it to
encrypt and decrypt the data as it is used.

And once Mallory has the FDE key, he don' need no steenkin'
authentication.  He grabs an image of the disc and trots off to

decrypt

at leisure.

--
Roy M. Silvernail is roy () rant-central com, and you're not
  "A desperate disease requires a dangerous remedy."
                  - Guy Fawkes
           http://www.rant-central.com

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance

monitoring

solutions for large and small networks. Scan your network and monitor

your

traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml




-- 
Evan Francen, CISSP CCNP MCSE
email: evan.francen () gmail com
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor
your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and  
monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml


_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml
Previous By Date Next
Previous By Thread Next

Current thread: