Is Microsoft really claiming pre-boot authentication (PBA) for Full Disk Encryption (FDE) is not necessary? One could certainly get that impression from recent articles (HERE and HERE) posted by the organization. The first article on “Types of attacks for volume encryption keys” lists a few known historical attacks that “could be used to compromise a volume encryption key, whether for BitLocker or a non-Microsoft encryption solution”, and the second makes statements like “For many years, Microsoft has recommended using pre-boot authentication to protect against DMA and memory remanence attacks. Today, Microsoft only recommends using pre-boot authentication on PCs where the mitigations described in this document cannot be implemented.”
Our previous blog posting established that storage encryption technologies, such as full disk encryption (FDE), and their associated key management functions should be separated from each other.
We have seen large password hacks recently including: LinkedIn, eHarmony, and Yahoo. Hacks so large some in the industry call this the Password Wars. Unfortunately for the general public—we are losing. However, before the trumpets play, let’s give them a fight. Our feature blogger Darren Leroux has touched on this subject before and inspired me to really take a look at innovations that may change the way you secure your information.