Author Topic: Access a website/service during boot-time (before authentification)  (Read 2089 times)

slob

  • Newbie
  • *
  • Posts: 2
Would it be possible to access a website/service during boot-time (before authentification) - entering some data which is then transmitted to the website and which returns a result ? For example (stupid example but for simplicity) I enter "diskcryptor" at boot time which is then transmitted to http://www.google.com/search?q=diskcryptor which would return a result form the website. Or is that impossible because no network drivers are loaded at that time and libraries like libcurl etc. cant be integrated into the bootloader?

ntldr

  • Administrator
  • Hero Member
  • *****
  • Posts: 1079
Re: General question
« Reply #1 on: January 09, 2009, 07:44:04 pm »
This is possible. You must implement network driver for you network card, TCP/IP stack and HTTP client protocol.
Links:
Network driver and some network stack parts in bootloader: http://etherboot.org/
Small TCP/IP stack for microconlrollers: http://www.sics.se/~adam/uip/index.php/Main_Page

decebal

  • Newbie
  • *
  • Posts: 12
Re: General question
« Reply #2 on: February 23, 2009, 05:11:03 am »
this is an interesting question, may I ask why you would need that for security reasons to have the authorization done remote over the internet?

slob

  • Newbie
  • *
  • Posts: 2
Re: General question
« Reply #3 on: February 23, 2009, 07:11:39 pm »
The idea is to use it for one-time-passwords verification generated by a yubikey (www.yubico.com), so even if a hw keylogger or whatever gets your password it would be useless. However there are some problems:

1.) How to fit the one-time-password into the derived key for the encryption/decryption. The easiest scenario would probably be to use the OTP just as another layer before one has to enter the password the key is derived from for decryption.

2.) If the OTP is just another layer I dont know if it adds any security -> possible to just mount the volume without the OTP? Possible to prevent this if the encryption key is not derived from the OTP?

...havent given it too much thought - head filled with other problems ;)