RE: [Full-disclosure] Firewire Attack on Windows Vista
>>You're mistaken in thinking that we're conflating sleep and hibernate
modes.
>>Microsoft's response of using two factor authentication is silly. It
doesn't actually stop our attacks. In certain circumstances, it may
shorten the window of attack for a specific type of user but it's mostly
irrelevant. Consider a mail server with an encrypted drive, no proximity
sensor or two factor authentication is going to help you. A seizure will
still result in someone getting the keys that are in memory
- unless you're using some sort of secure crypto co-processor (which no
one is).
>From your own paper:
> Microsoft ... recommends configuring BitLocker in "advanced
> mode," where it protects the disk key using the TPM along with a
password or a key on a removable
> USB device. However, even with these measures, BitLocker is vulnerable
if an attacker gets to the system
> while the screen is locked or the computer is asleep (though not if it
is hibernating or powered off).
So in other words, hibernate does make a difference, especially if you
follow their guidelines.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.seltzer@xxxxxxxxxxxxxxxxxxxxxxx