Bootloader - Timeout and Cancel Timeout on Key Strike?
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
Diskcryptor has provided a much better Bootloader than Truecrypt for a long time.
The bootloader of Diskcryptor allows:
Bootloader Timeout:
The bootloader prompts for a password, for which a timeout can be set
e.g. 3 seconds. If nothing is pressed within 3 seconds, the bootloader continues.
However, if the user strikes a key within 3 seconds, the timeout is cancelled and the bootloader waits until the user has attempted a password.
Incorrect Password:
If no password is entered (i.e. timeout) or an incorrect password is entered, the bootloader continues to load the Boot Disk MBR.
It would be very helpful if you can implement this in Veracrypt (i.e. timeout and cancel timeout on key strike)
as it means no need to run both Diskcryptor and Truecrypt which slows system down too much due to dual encryption!
Some screenshots showing Diskcryptor bootloader settings:
Boot Method - http://postimg.org/image/z46j038rt/
Authentication Method - http://postimg.org/image/b2heuqh7h/
What Happens with Invalid/No Password - http://postimg.org/image/ire96ghp9/
I like the idea of timeout, especially is boot loader custom message could be more than 20 characters to create an illusion of continuous boot without authentication.
View and moderate all "Feature requests" comments posted by this user
Mark all as spam, and block user from posting to "Forums"
I was just going to make this request when I saw this thread. My ideal even-more-secure version would be as follows, assuming a hidden and decoy OS have been set up:
Some innocuous message is provided (instead of a password prompt) such as: "Starting Windows..."
An absolute, non-reactive timeout countdown is used, such as 20 seconds.
If nothing is entered in this time, it auto-boots ot the outer/decoy os.
If anything incorrect is typed, either with or without hitting the Enter key, it still does not react until after 20 seconds, and then still boots into the decoy OS.
If the correct password is typed, followed by the Enter key, it takes note of this silently but still does not react until after 20 seconds, at which point it boots the hidden OS.
The important thing is that it does NOT abort or skip the 20 second count, just because someone starts typing characters. Otherwise, it is possible for someone to distinguish two different behaviour sets: Boot after 20 seconds if nothing typed, versus doesn't boot at all, if someone starts typing garbage, but never hits Enter. The invisible countdown has to be constant, and non-reactive to be effective.
I suppose the count could be skipped if the correct password was entered, since that would presumably mean the authorized user was in command and no need for camouflage.
But if someone unauthorized just turns on the computer and starts striking keys at random (like at a border crossing), the system must not tip them off that something is different, by waiting indefinitely for the Enter key to be pressed, and booting the decoy OS precisely at that moment. 20 second constant timeout accomplishes this.