>>You're mistaken in thinking that we're conflating sleep and hibernate modes. >>Microsoft's response of using two factor authentication is silly. It doesn't actually stop our attacks. In certain circumstances, it may shorten the window of attack for a specific type of user but it's mostly irrelevant. Consider a mail server with an encrypted drive, no proximity sensor or two factor authentication is going to help you. A seizure will still result in someone getting the keys that are in memory - unless you're using some sort of secure crypto co-processor (which no one is). >From your own paper: > Microsoft ... recommends configuring BitLocker in "advanced > mode," where it protects the disk key using the TPM along with a password or a key on a removable > USB device. However, even with these measures, BitLocker is vulnerable if an attacker gets to the system > while the screen is locked or the computer is asleep (though not if it is hibernating or powered off). So in other words, hibernate does make a difference, especially if you follow their guidelines. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.seltzer@xxxxxxxxxxxxxxxxxxxxxxx
