lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <47D60300.3040405@appelbaum.net>
Date: Mon, 10 Mar 2008 20:56:48 -0700
From: Jacob Appelbaum <jacob@...elbaum.net>
To: Larry Seltzer <Larry@...ryseltzer.com>
Cc: Tim <tim-security@...tinelchicken.org>,
	full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: [Full-disclosure] Firewire Attack on Windows Vista

Larry Seltzer wrote:
>>> You're mistaken in thinking that we're conflating sleep and hibernate
> modes.
>>> Microsoft's response of using two factor authentication is silly. It
> doesn't actually stop our attacks. In certain circumstances, it may
> shorten the window of attack for a specific type of user but it's mostly
> irrelevant. Consider a mail server with an encrypted drive, no proximity
> sensor or two factor authentication is going to help you. A seizure will
> still result in someone getting the keys that are in memory
> - unless you're using some sort of secure crypto co-processor (which no
> one is).
> 
>>>From your own paper:
> 
>> Microsoft ... recommends configuring BitLocker in "advanced
>> mode," where it protects the disk key using the TPM along with a
> password or a key on a removable
>> USB device. However, even with these measures, BitLocker is vulnerable
> if an attacker gets to the system
>> while the screen is locked or the computer is asleep (though not if it
> is hibernating or powered off). 
> 
> So in other words, hibernate does make a difference, especially if you
> follow their guidelines.


Holy cow. That's a butchered email! Please quote more carefully Larry,
it makes it hard for people to follow the discussion.

To be clear, I fully understand that when operating in an advanced mode,
Microsoft claims that hibernate mode clears the cryptographic keys from
memory. This claim was tested and we did not recover keys after a
machine configured for the advanced mode went into a hibernating state.

However, my point was _not_ that in a very specific configuration you're
at risk directly after power off. If you get to direct the machine into
such a hibernated state, you may be just fine.

My point was that a machine configured with multi-factor authentication
is still at risk. Regardless of how many password dongles you use,
BitLocker still copies the key into the main system memory. In addition,
if the machine is configured to hibernate, you may be safe if you can
_guarantee_ that it will reach that state. Here's my main point: a
server configured in such a mode will almost certainly _never_ reach
that state. Likewise, a laptop may also _never_ reach that state. It
depends on the point in time of seizure! It depends greatly on what you
can detect and how you take actions when you react.

Sleep and hibernate modes both have their advantages and disadvantages.
As I said before: certain settings may _reduce_ the window of attack for
_some_ users but they by no means eliminate the risks posed by the
attacks presented in our preprint paper.

Furthermore, I'm only talking about Microsoft's BitLocker. It is not a
universal property of hibernate that it is automatically safe. Depending
on the implementation, it may be _worse_ for your operational security
as your keys may be written out to the hard drive without _any_ crypto
at all. It appears that TuxOnIce does the right thing while other
systems are all over the map.

Regards,
Jacob Appelbaum

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ