Re: Laptop - Full Disk Encryption? (Booting defeats FDE)

["Rob Thompson" <my.security.lists () gmail com>]

On Oct 23, 2007 9:34 AM, Bill Stout <billbrietstout () yahoo com> wrote:
> S,
>
> How to defeat full disk encryption:  Boot up

I must be missing something here...

Boot up?  Do you mean authenticate to the encryption scheme?  Or do
you mean, just turning on the power?

Great, you've booted the computer, if the disk was encrypted, you
would have had to know the password to allow the boot process to
continue.  The data is still secured physically on the disk though.
Any good encryption program, worth its weight in gold, encrypts and
decrypts, on the fly.

Just because you signed into the computer doesn't mean that the disks
are now decrypted.  It means that now you can access them.

If I am thinking in a wrong direction for your explanation, please
explain further.

Full disk encryption is a very secure and IMO the only real way to
secure your hard drive.  Just encrypting a few files here and there is
not adequate.  Windows makes more temporary files than I think a lot
of people realize and when you encrypt that file in it's folder and
then access it, do you really think that it's going to just keep a
copy there?  Nope, now you have an unencrypted copy laying around in a
temp directory on your hard drive.

> A workmate reminded me that the disk is decrypted during startup by the decryption drivers.  It's an all or nothing 
> deal.

That is not correct.  The disk is not decrypted.  (If it is, you are
using the wrong product.)



-- 
Rob