Dictionary Attack Behavior With Power-On Authentication; Dictionary Attack Defense - HP dc5700 - Microtower PC Manual

Dictionary Attack Behavior with Power-On Authentication

A dictionary attack is a method used to break into security systems by systematically testing all possible
passwords to break a security system. A dictionary attack against Embedded Security could try to detect
the Owner password, the Basic User password, or password-protected keys. Embedded Security offers
an enhanced Dictionary Attack Defense.

Dictionary Attack Defense

Embedded Security's defense against dictionary password attack is to detect failed authentication
attempts and temporarily disable the TPM when a certain failure threshold is reached. Once the failure
threshold is reached, not only is the TPM disabled and a reboot required, but ever increasing lockout
timeouts are enforced. During the timeout, entering the correct password will be ignored. Entering the
wrong password will double the last timeout.
Additional documentation on this process is located in the Embedded Security Help. Click Welcome to
the HP Embedded Security for ProtectTools Solution > Advanced Embedded Security
Operation > Dictionary Attack Defense.
NOTE
how many more attempts the user gets prior to the TPM disabling itself.
The Power-On Authentication process takes place in the ROM before the OS is loaded. Dictionary
Attack Defense is operational, but the only warning the user will get is the X key symbol.
10 Chapter 1 Introduction
Normally, a user receives warnings that their password is incorrect. The warnings state
ENWW