Search results
Results from the WOW.Com Content Network
Microsoft released BitLocker Countermeasures [3] defining protection schemes for Windows. For mobile devices that can be stolen and attackers gain permanent physical access (paragraph Attacker with skill and lengthy physical access) Microsoft advise the use of pre-boot authentication and to disable standby power management.
Authentication on power up of the drive must still take place within the CPU via either a software pre-boot authentication environment (i.e., with a software-based full disk encryption component - hybrid full disk encryption) or with a BIOS password. In additions, some SEDs are support IEEE 1667 standard. [2]
When used in conjunction with a compatible Trusted Platform Module (TPM), BitLocker can validate the integrity of boot and system files before decrypting a protected volume; an unsuccessful validation will prohibit access to a protected system. [6] [7] BitLocker was briefly called Secure Startup before Windows Vista's release to manufacturing. [6]
Whole disk: Whether the whole physical disk or logical volume can be encrypted, including the partition tables and master boot record. Note that this does not imply that the encrypted disk can be used as the boot disk itself; refer to pre-boot authentication in the features comparison table.
This key is itself encrypted in some way using a password or pass-phrase known (ideally) only to the user. Thereafter, in order to access the disk's data, the user must supply the password to make the key available to the software. This must be done sometime after each operating system start-up before the encrypted data can be used.
The password changing feature is also prone to errors, so password blanking is highly recommended (in fact, for later versions of Windows it is the only possible option). Furthermore, the bootable image might have problems with controllers requiring 3rd party drivers.
Kon-Boot was originally designed as a proof of concept, freeware security tool, mostly for people who tend to forget their passwords. The main idea was to allow users to login to the target computer without knowing the correct password and without making any persistent changes to system on which it is executed.
Some implementations such as BitLocker Drive Encryption can make use of hardware such as a Trusted Platform Module to ensure the integrity of the boot environment, and thereby frustrate attacks that target the boot loader by replacing it with a modified version. This ensures that authentication can take place in a controlled environment without ...