Hi gang,
Been thinking about modes of attack against FDE in Windoze and
came up with a question I can't seem to find a reasonable answer to.
The are two modes of authentication to decrypt data on a sector
based encryption scheme as I understand it:
1. Pre-boot authentication - i.e, before the OS starts
2. Post-boot authentication - i.e. after the OS starts
Assuming that one was able to shoulder surf the user name and
password, but that the user was not listed as an administrator
and so has very limited rights to access the SAM or other
critical system files, which mode protects better against an
attack by using a USB key/LiveCD based *nix where the BIOS allows
booting from USB/CD ahead of the HD?
Intuitively it seems to me that a post-boot authentication is
better because the specific OS that boots has the authentication
is within itself. It seems to me that a pre-boot authentication
could perhaps be defeated by allowing the sectors to be unlocked
by whatever OS boots, even if it was not the OS that was intended.
Does this make sense? Large holes welcome.
Best,
Allen
_______________________________________________
FDE mailing list
[email protected]
http://www.xml-dev.com/mailman/listinfo/fde
