Sono sempre in letargo sul mio laptop, per un avvio più veloce, ho crittografato l'unità sensibile di BitLocker, e se il mio laptop rubato e attaccante sapeva che era in modalità hybernate, può decodificare il mio hard?
Utilizzando la vecchia arte marziale di Google-Fu sono riuscito a trovare questi due commenti sulla prima e seconda pagina dopo aver fornito i parametri di ricerca: "Sospensione di Bitlocker".
Dal sito Web Microsoft :
What are the implications of using the sleep or hibernate power management options?
BitLocker on operating system drives in its basic configuration (with a TPM but without advanced authentication) provides additional security for the hibernate mode. However, BitLocker provides greater security when it is configured to use an advanced authentication mode (TPM+PIN, TPM+USB, or TPM+PIN+USB) with the hibernate mode. This method is more secure because returning from hibernation requires BitLocker authentication. As a best practice, we recommend that sleep mode be disabled and that you use TPM+PIN for the authentication method.
Da sito Web msdn :
Use BitLocker Advanced Modes with Hibernation Note:
This is the primary and most effective way to protect your system from DRAM remanence and other platform attacks. Platform attacks that access encryption keys in DRAM obviously rely on those keys to be present in DRAM. As with all practical disk encryption approaches, these encryption keys must exist in system memory in order to provide the performance that makes disk encryption usable. When BitLocker is configured in its advanced modes, encryption keys are not loaded into system memory until after the authorized user has provided credentials like a PIN, dongle, or both. An attacker without these credentials will not be able to boot the system to a state where confidential information – including encryption keys – are in DRAM. There are some caveats though; one is a very practical threat, the other less so. If an attacker gains access to the system after the authorized user has authenticated with their BitLocker credentials, but before its owner turns it off or hibernates, the encryption keys are in DRAM and an attacker could use one of the Princeton researchers’ ‘DRAM remanence’ attacks or other platform attacks such as direct memory access (DMA) to gain access to those keys. This is why it’s important when using BitLocker’s advanced modes to use ‘hibernation’ rather than ‘sleep’. To provide high-performance for sleep transitions, BitLocker does not encrypt RAM contents nor does it require BitLocker re-authentication when waking up from sleep. With hibernation, a system is effectively ‘off’, and keys will not be resident in physical memory (I’ll get to the second caveat that discusses this shortly). On resume from hibernation, BitLocker will require the credentials I discussed earlier, and without those credentials, encryption keys will not be loaded into DRAM. During design and implementation, the BitLocker team worked with other teams within Microsoft to enable complete control of system-suspend settings by local and domain administrators through group policy. Instructions on how to configure this and other BitLocker settings can be found in the design and deployment guides available in BitLocker's online documentation. Now let me address the second caveat, which is less of a practical threat. As described in the Princeton researchers’ paper and elsewhere, DRAM may retain state under normal temperatures for several seconds or a few minutes. If an attacker gains access to a laptop within this window, they may be able to access information located in DRAM. Again, the risk of an attacker exploiting this is low relative to other platform threats. Again, this is the primary and most effective way to protect your system from DRAM remanence and other platform attacks.
Le migliori pratiche dipendono da ciò di cui sei preoccupato.
Il pericolo della modalità Sleep è che la chiave è ancora in memoria e può essere estratta da un utente malintenzionato con tale esperienza. L'ibernazione riduce significativamente il rischio in tutti gli scenari. Come indica la risposta di Lucas Kauffman, l'utilizzo delle modalità di implementazione avanzate di BitLocker offre maggiore sicurezza, oltre a prendere misure come disabilitare i meccanismi per ottenere facilmente l'accesso DMA o evitare tali meccanismi (ad esempio Firewire).
I tuoi controlli per i rischi dipendono da te. Se sei preoccupato per un ladro interessato principalmente al dispositivo fisico, non devi preoccuparti troppo di questo. Se stai proteggendo segreti commerciali, ecc., Devi leggere attentamente la documentazione, implementare e utilizzare il computer in modo appropriato.
Leggi altre domande sui tag windows encryption physical bitlocker