toslap Posted October 9, 2006 Share Posted October 9, 2006 I've locked my laptop harddrive with PGP Desktop, how secure is this? It loads before windows and asks for the password, when I try to find the drive using tools in BackTrack, Auditor, or Hirens Boot Disk (DOS) it either doesn't show up or isn't accessible. Is there anyway for somebody to get the key without logging in. I'm sure there is a way to get the key once logged on, but should I feel relatively secure leaving my notebook around turned off? Thanks John Quote Link to comment Share on other sites More sharing options...
cooper Posted October 10, 2006 Share Posted October 10, 2006 You should worry because forgetting the password means no storage for you. Is it really that important to you that nobody touches your Windows or Office installation? Most people make a separate partition or something that is encrypted which gets the sensitive stuff. Quote Link to comment Share on other sites More sharing options...
toslap Posted October 10, 2006 Author Share Posted October 10, 2006 Is it really that important to you that nobody touches your Windows or Office installation?Most people make a separate partition or something that is encrypted which gets the sensitive stuff. Its not that important, just curious. But if I was to make a separate partition then wouldn't the key be stored on the non-encrypted accessible partition? I was just wondering if this is a good way to secure my laptop from physical access. Where are the keys stored, is there something with the MBR that loads PGP before windows? I figured if anyone knew the answers it might be someone here. Thanks Quote Link to comment Share on other sites More sharing options...
cooper Posted October 10, 2006 Share Posted October 10, 2006 The key isn't stored. The encrypted data is stored. You enter the key manually (which is only kept in memory, and a locked page at that so it doesn't get moved out to swapspace). The key isn't compared to a stored copy to allow you access to your data. Your stored data in its encrypted form is entirely useless to everybody (if the crypto is any good) and you require the key to convert the data (again, on the fly and only in memory) to something comprehensible. Quote Link to comment Share on other sites More sharing options...
mpt Posted October 13, 2006 Share Posted October 13, 2006 Is it really that important to you that nobody touches your Windows or Office installation? But it may be possible to load a program into the the windows or office installation that could grab the data from the encrypted file system once it is mounted. You could just replace the executable (w/ a live CD) of some common program that the user will launch or the OS will launch with your program that sends the content of the encrypted drive to your computer. You could prevent someone from using a live cd by adding a password at the BIOS level, so you would have to log in before your computer boots. Although this attack requires a very concerted effort to get one user's data. The attack would require you to mount the filesystem, so your data would still be safe if someone just stole the hard drive. Quote Link to comment Share on other sites More sharing options...
PoyBoy Posted October 14, 2006 Share Posted October 14, 2006 Not really, like cooper said, you enter the password, and it is encrypted, in the ram, where it is locked, meaning that it will *always* stay in ram untill the power is turned off and go nowhere else. It is encrypted in ram, and the hash is checked against the stored hash. This is the only place that the password can get out, but it is in encrypted form. Usually, there is a pretty sophisticated way of stopping people from even getting at the wncrypted hash in the first lace Quote Link to comment Share on other sites More sharing options...
billybob Posted October 19, 2006 Share Posted October 19, 2006 i have a bios pass, a hdd pass, a grub pass, and of course my main login pass to windows, backtrack, or ubuntu. basically if you lock the bios, boot first from hdd (nonremovable), and dont let people remove the cmos battery :P you will be fairly secure. that is if you simply want to prevent access to the machine it self. you said that you are talking about a laptop, many laptops have a builtin hdd locking feature, look and see if yours does. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.