mailing list archives
Re: Laptop - Full Disk Encryption? (Booting defeats FDE)
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Wed, 24 Oct 2007 02:15:58 +0200
On 2007-10-23 Bill Stout wrote:
How to defeat full disk encryption: Boot up
Wow, you mean disk encryption won't protect from attack vectors it
wasn't designed to protect from in the first place? Big surprise here.
For protection of data on the computer _after_ it's running, you may
consider products that offer more granular file-level encryption like
Credant Technologies or Information Security Corp. These products
encrypt what's important (user files and temp files), but allow for
standard support, backup and recovery practices.
For protection of data on the computer _after_ it's running, you have a
kernel which implements and enforces access controls and privileges.
Besides, how do those file-level encryption systems make sure every kind
of temporary data an application may create on the disk is encrypted?
How do they ensure no unencrypted user data is left after the encryption
system is put in place? How do they handle paged data? How do they
handle (read "ensure confidentiality of") the keys?
"All vulnerabilities deserve a public fear period prior to patches
--Jason Coombs on Bugtraq