摘要 |
Computer hard disk security comprises encrypting data on a computer's hard disk with a cryptographic key depending partly on computer memory contents, RAM and/or BIOS memory. Memory contents changing with time are excluded. The SHA-1 algorithm cryptographically hashes the memory contents giving a hash for XORing with a user password. XORing provides a result which is used as a password for an encryption unit implementing a conventional full disk encryption technique, such as XORing the password with a hard disk dock number. The key is generated with the BIOS memory configured so that the computer boots only from the hard disk. Hostile alteration of the BIOS memory contents results in failure to decrypt because the key now cannot be used to decrypt the hard disk. This defeats an attacker who alters BIOS settings in an attack with rogue computer boot media such as a floppy disk or a CD ROM. |