Full disk encryption and sleep mode

Networking/Security Forums -> Windows

Author: multiplex77 PostPosted: Tue Mar 16, 2010 4:28 am    Post subject: Full disk encryption and sleep mode
I have done a full disk encryption using BitLocker and TrueCrypt on my laptop and desktop respectively. If I just put my laptop into standby/sleep mode when I leave, I notice that I’m only asked for my Windows (Vista) password when I wake it up. Does this mean that if someone steals my laptop while in sleep mode, the disk encryption will serve no purpose?

In this article (http://technet.microsoft.com/en-us/library/cc162804.aspx), it seems to suggest that “enabling the Prompt for password when computer resumes from sleep setting” is sufficient to mitigate the risk. So I’m confused.

How about if I hibernate it? Is that sufficient?

Last question: Will full disk encryption protect me against remote access to my machine via Trojan horses and other viruses? Or is that something that only anti-viruses can take care of?

Author: Fire AntLocation: London PostPosted: Tue Mar 16, 2010 2:33 pm    Post subject:
Hey multiplex77,

You pose some good questions, ones I get asked all the time regarding Whole Disk Encryption products.

So WDE does not protect you against rootkits, viruses and other malware. Nor does it protect against evil maid etc (http://en.wikipedia.org/wiki/Evil_Maid_attack#Boot_loader_level)

Sleep does not provide the same level of protection as Hibernation. Placing the system in Hibernation will cause the Bit Locker authentication on resume where as sleep relies on Windows credentials and there is a known yet potentially un-realistic attack against this.

Hope that clears a few things up.


Author: capiLocation: Portugal PostPosted: Wed Mar 17, 2010 12:43 am    Post subject:
The difference lies in the fact that "sleep" doesn't power the system down, while "hibernate" does.

The sleep state is also known as suspend-to-ram -- it means the system is placed in a very low power consumption mode, but it is still on. When you wake up from sleep mode, the systems is in the same state as you left it. You can password protect the wake-up, just like you can password protect the screen saver.

Hibernation, on the other hand, is suspend-to-disk. When entering hibernation, the contents of the RAM are written out to a reserved file on the disk, and the system is physically powered down. When you turn the computer on, it will do everything as though you were turning it on for the first time. It will go through the BIOS POST, load the bootloader -- which will need your password to decrypt the disk --, and load the operating system. Once it begins loading, the operating system (Windows in your case) will detect that there is a hibernation state stored, and it will load that state back to RAM.

In short: with hibernation all data is saved to disk and the system is physically powered off. You need the disk password to decrypt it and restore. With sleep, the system is simply put on standby, like your TV -- think of it as a screensaver that uses less power. The password in that case is simply used to unlock the screen, just like when you press Windows+L (lock screen).

Author: multiplex77 PostPosted: Wed Mar 17, 2010 3:40 am    Post subject:
Thanks both for your useful advice.

Author: dvdcd0211 PostPosted: Fri Mar 18, 2011 8:39 am    Post subject: Full disk encryption
PGP Whole Disk Encryption is fully compatible with hibernation in Windows. If the PGP Whole Disk Encryption Windows system goes into hibernation, in restoring power to the system, the BootGuard PGP will ask for your password. After entering your password on the disk is decrypted and returned to its previous state.Full disk encryption can be a great anti-forensic method but there is a risk that malware such as a keylogger could be installed by lack of proper anti-virus and anti-malware protection..

Networking/Security Forums -> Windows

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group