Oh, and I forgot to mention - post boot authentication with Software based FDE is only possible if the key is stored on the drive itself. Obvious problem of course and endemic in any security system which has the capibility to bypass itself.
So, if you were to implement FDE without the pre-boot auth, you have to realise that you just stored the key on the drive unprotected, so why did you bother encrypting it in the first place? On Oct 10, 11:34 am, SafeBoot Simon <[EMAIL PROTECTED]> wrote: > not sure I really understand what you mean, but the benefit of pre- > boot auth is that the entire user OS is opaque prior to > authentication, so it's not possible to do anything with it. > > post-boot auth means the Windows OS is running, so you have all the > possible exploits re network attacks, firewire attacks etc. > > S. > > On Oct 10, 12:02 am, Allen <[EMAIL PROTECTED]> wrote: > > > > > > > Hi gang, > > > Been thinking about modes of attack against FDE in Windoze and > > came up with a question I can't seem to find a reasonable answer to. > > > The are two modes of authentication to decrypt data on a sector > > based encryption scheme as I understand it: > > > 1. Pre-boot authentication - i.e, before the OS starts > > 2. Post-boot authentication - i.e. after the OS starts > > > Assuming that one was able to shoulder surf the user name and > > password, but that the user was not listed as an administrator > > and so has very limited rights to access the SAM or other > > critical system files, which mode protects better against an > > attack by using a USB key/LiveCD based *nix where the BIOS allows > > booting from USB/CD ahead of the HD? > > > Intuitively it seems to me that a post-boot authentication is > > better because the specific OS that boots has the authentication > > is within itself. It seems to me that a pre-boot authentication > > could perhaps be defeated by allowing the sectors to be unlocked > > by whatever OS boots, even if it was not the OS that was intended. > > > Does this make sense? Large holes welcome. > > > Best, > > > Allen > > > _______________________________________________ > > FDE mailing list > > [EMAIL PROTECTED]://www.xml-dev.com/mailman/listinfo/fde > > _______________________________________________ > FDE mailing list > [EMAIL PROTECTED]://www.xml-dev.com/mailman/listinfo/fde- Hide quoted text - > > - Show quoted text - _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
