Bugtraq mailing list archives
Re: [Full-disclosure] Firewire Attack on Windows Vista
From: Jacob Appelbaum <jacob () appelbaum net>
Date: Mon, 10 Mar 2008 20:56:48 -0700
Larry Seltzer wrote:
You're mistaken in thinking that we're conflating sleep and hibernatemodes.Microsoft's response of using two factor authentication is silly. Itdoesn't actually stop our attacks. In certain circumstances, it may shorten the window of attack for a specific type of user but it's mostly irrelevant. Consider a mail server with an encrypted drive, no proximity sensor or two factor authentication is going to help you. A seizure will still result in someone getting the keys that are in memory - unless you're using some sort of secure crypto co-processor (which no one is).From your own paper:Microsoft ... recommends configuring BitLocker in "advanced mode," where it protects the disk key using the TPM along with apassword or a key on a removableUSB device. However, even with these measures, BitLocker is vulnerableif an attacker gets to the systemwhile the screen is locked or the computer is asleep (though not if itis hibernating or powered off). So in other words, hibernate does make a difference, especially if you follow their guidelines.
Holy cow. That's a butchered email! Please quote more carefully Larry, it makes it hard for people to follow the discussion. To be clear, I fully understand that when operating in an advanced mode, Microsoft claims that hibernate mode clears the cryptographic keys from memory. This claim was tested and we did not recover keys after a machine configured for the advanced mode went into a hibernating state. However, my point was _not_ that in a very specific configuration you're at risk directly after power off. If you get to direct the machine into such a hibernated state, you may be just fine. My point was that a machine configured with multi-factor authentication is still at risk. Regardless of how many password dongles you use, BitLocker still copies the key into the main system memory. In addition, if the machine is configured to hibernate, you may be safe if you can _guarantee_ that it will reach that state. Here's my main point: a server configured in such a mode will almost certainly _never_ reach that state. Likewise, a laptop may also _never_ reach that state. It depends on the point in time of seizure! It depends greatly on what you can detect and how you take actions when you react. Sleep and hibernate modes both have their advantages and disadvantages. As I said before: certain settings may _reduce_ the window of attack for _some_ users but they by no means eliminate the risks posed by the attacks presented in our preprint paper. Furthermore, I'm only talking about Microsoft's BitLocker. It is not a universal property of hibernate that it is automatically safe. Depending on the implementation, it may be _worse_ for your operational security as your keys may be written out to the hard drive without _any_ crypto at all. It appears that TuxOnIce does the right thing while other systems are all over the map. Regards, Jacob Appelbaum
Current thread:
- RE: [Full-disclosure] Firewire Attack on Windows Vista, (continued)
- RE: [Full-disclosure] Firewire Attack on Windows Vista Thor (Hammer of God) (Mar 07)
- RE: [Full-disclosure] Firewire Attack on Windows Vista Larry Seltzer (Mar 07)
- RE: [Full-disclosure] Firewire Attack on Windows Vista Larry Seltzer (Mar 07)
- RE: [Full-disclosure] Firewire Attack on Windows Vista Thor (Hammer of God) (Mar 07)
- Message not available
- RE: [Full-disclosure] Firewire Attack on Windows Vista Larry Seltzer (Mar 08)
- Re: [Full-disclosure] Firewire Attack on Windows Vista Tim (Mar 08)
- RE: [Full-disclosure] Firewire Attack on Windows Vista Larry Seltzer (Mar 08)
- Re: [Full-disclosure] Firewire Attack on Windows Vista Tim (Mar 10)
- Re: [Full-disclosure] Firewire Attack on Windows Vista Jacob Appelbaum (Mar 10)
- RE: [Full-disclosure] Firewire Attack on Windows Vista Larry Seltzer (Mar 10)
- Re: [Full-disclosure] Firewire Attack on Windows Vista Jacob Appelbaum (Mar 11)
- Re: Firewire Attack on Windows Vista Stefan Kanthak (Mar 10)
- RE: [Full-disclosure] Firewire Attack on Windows Vista Larry Seltzer (Mar 10)
- Re: [Full-disclosure] Firewire Attack on Windows Vista Stefan Kanthak (Mar 10)
- Re: [Full-disclosure] Firewire Attack on Windows Vista Ansgar -59cobalt- Wiechers (Mar 10)
- Re: Firewire Attack on Windows Vista Steve Shockley (Mar 11)
- Re: Firewire Attack on Windows Vista Stefan Kanthak (Mar 13)
- Re: [Full-disclosure] Firewire Attack on Windows Vista FD (Mar 11)
- RE: Firewire Attack on Windows Vista Thor (Hammer of God) (Mar 07)