View previous topic :: View next topic |
Author |
Message |
multiplex77 Just Arrived
Joined: 18 Jan 2008 Posts: 0
|
Posted: Tue Mar 16, 2010 4:28 am Post subject: Full disk encryption and sleep mode |
|
|
I have done a full disk encryption using BitLocker and TrueCrypt on my laptop and desktop respectively. If I just put my laptop into standby/sleep mode when I leave, I notice that I’m only asked for my Windows (Vista) password when I wake it up. Does this mean that if someone steals my laptop while in sleep mode, the disk encryption will serve no purpose?
In this article (http://technet.microsoft.com/en-us/library/cc162804.aspx), it seems to suggest that “enabling the Prompt for password when computer resumes from sleep setting” is sufficient to mitigate the risk. So I’m confused.
How about if I hibernate it? Is that sufficient?
Last question: Will full disk encryption protect me against remote access to my machine via Trojan horses and other viruses? Or is that something that only anti-viruses can take care of?
|
|
Back to top |
|
|
Fire Ant Trusted SF Member
Joined: 27 Jun 2008 Posts: 3 Location: London
|
Posted: Tue Mar 16, 2010 2:33 pm Post subject: |
|
|
Hey multiplex77,
You pose some good questions, ones I get asked all the time regarding Whole Disk Encryption products.
So WDE does not protect you against rootkits, viruses and other malware. Nor does it protect against evil maid etc (http://en.wikipedia.org/wiki/Evil_Maid_attack#Boot_loader_level)
Sleep does not provide the same level of protection as Hibernation. Placing the system in Hibernation will cause the Bit Locker authentication on resume where as sleep relies on Windows credentials and there is a known yet potentially un-realistic attack against this.
Hope that clears a few things up.
Matt_s
|
|
Back to top |
|
|
capi SF Senior Mod
Joined: 21 Sep 2003 Posts: 16777097 Location: Portugal
|
Posted: Wed Mar 17, 2010 12:43 am Post subject: |
|
|
The difference lies in the fact that "sleep" doesn't power the system down, while "hibernate" does.
The sleep state is also known as suspend-to-ram -- it means the system is placed in a very low power consumption mode, but it is still on. When you wake up from sleep mode, the systems is in the same state as you left it. You can password protect the wake-up, just like you can password protect the screen saver.
Hibernation, on the other hand, is suspend-to-disk. When entering hibernation, the contents of the RAM are written out to a reserved file on the disk, and the system is physically powered down. When you turn the computer on, it will do everything as though you were turning it on for the first time. It will go through the BIOS POST, load the bootloader -- which will need your password to decrypt the disk --, and load the operating system. Once it begins loading, the operating system (Windows in your case) will detect that there is a hibernation state stored, and it will load that state back to RAM.
In short: with hibernation all data is saved to disk and the system is physically powered off. You need the disk password to decrypt it and restore. With sleep, the system is simply put on standby, like your TV -- think of it as a screensaver that uses less power. The password in that case is simply used to unlock the screen, just like when you press Windows+L (lock screen).
|
|
Back to top |
|
|
multiplex77 Just Arrived
Joined: 18 Jan 2008 Posts: 0
|
Posted: Wed Mar 17, 2010 3:40 am Post subject: |
|
|
Thanks both for your useful advice.
|
|
Back to top |
|
|
dvdcd0211 Just Arrived
Joined: 03 Mar 2011 Posts: 0
|
Posted: Fri Mar 18, 2011 8:39 am Post subject: Full disk encryption |
|
|
PGP Whole Disk Encryption is fully compatible with hibernation in Windows. If the PGP Whole Disk Encryption Windows system goes into hibernation, in restoring power to the system, the BootGuard PGP will ask for your password. After entering your password on the disk is decrypted and returned to its previous state.Full disk encryption can be a great anti-forensic method but there is a risk that malware such as a keylogger could be installed by lack of proper anti-virus and anti-malware protection..
|
|
Back to top |
|
|
|