lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <47D32F12.40909@appelbaum.net>
Date: Sat, 08 Mar 2008 16:28:02 -0800
From: Jacob Appelbaum <jacob@...elbaum.net>
To: Larry Seltzer <Larry@...ryseltzer.com>
Cc: Tim <tim-security@...tinelchicken.org>,
	full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: [Full-disclosure] Firewire Attack on Windows Vista

Larry Seltzer wrote:
>>> The funniest is using hibernate...
>>> Did you perchance read: http://www.eff.org/press/archives/2008/02/21-0
> ?? 
> 
> Yeah, I made specific reference to that attack in my message. There's a
> big difference between sleep mode and hibernate mode. In hibernate the
> system is powered off. Even if the memory has some residual charge I'm
> sure it's far less reliable than with sleep. 
> 
> Everything I've seen in descriptions of that attack tells me they are
> unfairly conflating sleep and hibernate.
> 

Hi,

I've been watching this thread for a while and I guess it's time to
chime in. You're mistaken in thinking that we're conflating sleep and
hibernate modes.

Furthermore, Microsoft's response of using two factor authentication is
silly. It doesn't actually stop our attacks. In certain circumstances,
it may shorten the window of attack for a specific type of user but it's
mostly irrelevant. Consider a mail server with an encrypted drive, no
proximity sensor or two factor authentication is going to help you. A
seizure will still result in someone getting the keys that are in memory
- unless you're using some sort of secure crypto co-processor (which no
one is).

Regards,
Jacob Appelbaum

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ