search

Black Box Version 1.0 Manual de usuario Pagina 28

  • Descarga
  • Añadir a mis manuales
  • Imprimir
  • Pagina
    / 31
  • Tabla de contenidos
  • MARCADORES
    • Valorado. / 5. Basado en revisión del cliente
Vista de pagina 27
Keybags
• Literally a container of encryption keys
• Used to decrypt protected data
• (Also used for syncing and for remote unlock)
• Lock: delete in-memory bag
• Unlock: decrypt copy with passcode and load
into memory
New Bug
• MDM sends “Clear Passcode”
• Device loads unlocked keybag
• But doesn’t set “keybag in memory” flag
(Note: Inference. I don’t really know how it works)
• User sets new passcode and locks
• Device looks locked...but....
• ...device never clears in memory keybag
• SO DEVICE NOT COMPLETELY LOCKED
The keybag contains keys used to decrypt data on the device stored
with the various protection classes, for both files and keychain entries.
For example, data marked as "ProtectionComplete" is encrypted
whenever the device is locked. The key to decrypt this data is stored in
the keybag.
When you lock the device, the unencrypted keybag in memory is
deleted, which means the device no longer has access to keys for the
protected data. They simply don't exist in memory. So the device can no
longer access those protected files.
When you unlock the device, an encrypted copy of the keybag is
decrypted using the passcode, and loaded into memory, restoring the
keys for current use.
I don't know exactly how this bug works, but my supposition is this:
There's some flag that indicates that an unlocked keybag is currently
loaded into memory. When you unlock a device, and it decrypts the
keybag, this flag is set. Then, when you lock it again, the operating
system looks at that flag. If it's set, then it knows there's a keybag in
memory that needs to be deleted, and so it clears it.
It appears that this flag isn't set when the keybag in memory was loaded
through the MDM "ClearPasscode" command. So the device doesn't
even realize that the keybag is in memory, so it never takes steps to
clear it. Which means the keys remain available, and operations which
don't require direct user access (the screen is still locked) will succeed
even for what should be protected data.
Vista de pagina 27
1 2 ... 23 24 25 26 27 28 29 30 31

Comentarios a estos manuales

Sin comentarios
Relacionado con productos y manuales para Redes Black Box Version 1.0
Redes Black Box DEH-P7300R Especificaciones   (4 paginas)
Redes Black Box Standard Antenna MDU21-STD Manual de usuario   (2 paginas)
Redes Black Box MDR220A Manual de usuario   (26 paginas)
Redes Black Box V5.1 Manual de usuario   (20 paginas)
Redes Black Box DVH-P5000MP Especificaciones   (34 paginas)
Redes Black Box MD403A Manual de usuario   (3 paginas)
Redes Black Box DEH-P8400MP Manual de servicio   (99 paginas)
Redes Black Box DESKTOP TELCO Especificaciones   (48 paginas)
Redes Black Box IC108AE IC109C Manual de usuario   (54 paginas)
Redes Black Box DVH-P5000MP Manual de instalación   (4 paginas)
Redes Black Box V5.1 Guía para resolver problemas   (43 paginas)
Redes Black Box IEEE 1284 Guía de usuario   (98 paginas)
Redes Black Box Version 1.0 Manual de usuario   (42 paginas)
Redes Black Box MDS920C-10BT Especificaciones   (13 paginas)
Redes Black Box DEH-P88RS Manual de servicio  (114 paginas)
Redes Black Box USB Single-Port Hub IC266A Especificaciones    (26 paginas)
Redes Black Box MWU2000-G703 Especificaciones   (23 paginas)
Redes Black Box 5000 Series Manual de usuario   (6 paginas)
Redes Black Box DVH-P5000MP Manual de usuario    (6 paginas)
Redes Black Box LPJ016A-F Especificaciones   (43 paginas)
  • COOL BANANAS Seaside Communications AeroGarden Domeos Bondiolipavesi
  • Avaya Servidores ICC Adaptadores de fibra óptica SINGER Calentadores espaciales Marantz Receptores AV Pelonis Ventiladores domésticos
  • Sony DSLR-A900 Canon LEGRIA HF G30 Fisher Paykel RF135BDRUX4 Canon IR2016 Dell Active Fabric Manager
  • Asus Eee PC 1011CX Manual de usuario Sony ICD-SX700 Manual de usuario Samsung MM-D530D Manual de usuario Sony PS2 Manual de usuario Conair HCT495 Manual de usuario