Larry Seltzer wrote: >>> You're mistaken in thinking that we're conflating sleep and hibernate > modes. >>> Microsoft's response of using two factor authentication is silly. It > doesn't actually stop our attacks. In certain circumstances, it may > shorten the window of attack for a specific type of user but it's mostly > irrelevant. Consider a mail server with an encrypted drive, no proximity > sensor or two factor authentication is going to help you. A seizure will > still result in someone getting the keys that are in memory > - unless you're using some sort of secure crypto co-processor (which no > one is). > >>From your own paper: > >> Microsoft ... recommends configuring BitLocker in "advanced >> mode," where it protects the disk key using the TPM along with a > password or a key on a removable >> USB device. However, even with these measures, BitLocker is vulnerable > if an attacker gets to the system >> while the screen is locked or the computer is asleep (though not if it > is hibernating or powered off). > > So in other words, hibernate does make a difference, especially if you > follow their guidelines. Holy cow. That's a butchered email! Please quote more carefully Larry, it makes it hard for people to follow the discussion. To be clear, I fully understand that when operating in an advanced mode, Microsoft claims that hibernate mode clears the cryptographic keys from memory. This claim was tested and we did not recover keys after a machine configured for the advanced mode went into a hibernating state. However, my point was _not_ that in a very specific configuration you're at risk directly after power off. If you get to direct the machine into such a hibernated state, you may be just fine. My point was that a machine configured with multi-factor authentication is still at risk. Regardless of how many password dongles you use, BitLocker still copies the key into the main system memory. In addition, if the machine is configured to hibernate, you may be safe if you can _guarantee_ that it will reach that state. Here's my main point: a server configured in such a mode will almost certainly _never_ reach that state. Likewise, a laptop may also _never_ reach that state. It depends on the point in time of seizure! It depends greatly on what you can detect and how you take actions when you react. Sleep and hibernate modes both have their advantages and disadvantages. As I said before: certain settings may _reduce_ the window of attack for _some_ users but they by no means eliminate the risks posed by the attacks presented in our preprint paper. Furthermore, I'm only talking about Microsoft's BitLocker. It is not a universal property of hibernate that it is automatically safe. Depending on the implementation, it may be _worse_ for your operational security as your keys may be written out to the hard drive without _any_ crypto at all. It appears that TuxOnIce does the right thing while other systems are all over the map. Regards, Jacob Appelbaum
