Re: fringe: Researchers: Disk Encryption Not Secure

["Roy M. Silvernail" <roy () rant-central com>]

On Thu, Feb 21, 2008 at 04:34:09PM -0500, Rory Wasserman wrote:
> Roy,
>
> I agree with what you are saying, however if a portable hardware device is
> used for multifactor authentication and the key is stored in a secure place
> on the device, off of the hard drive, then this type of attack would be
> futile.

I think you still misunderstand the threat model.  The threat is not 
against authentication.  That has already been done and the 
target machine is in a running state (though perhaps waiting at a 
screensaver password).  In this state, the fully-encrypted disc is 
mounted and decrypting for its proper user.  That means the FDE key 
*must* be in core somewhere, so that the disc drivers can use it to 
encrypt and decrypt the data as it is used.

And once Mallory has the FDE key, he don' need no steenkin' 
authentication.  He grabs an image of the disc and trots off to decrypt 
at leisure.
-- 
Roy M. Silvernail is roy () rant-central com, and you're not
   "A desperate disease requires a dangerous remedy."
                   - Guy Fawkes
            http://www.rant-central.com

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml