allen2 Posted June 13, 2010 Share Posted June 13, 2010 It seems Passware found a way to "hack" bitlocker or brute force it : http://www.lostpassword.com/hdd-decryption.htm. Link to comment Share on other sites More sharing options...
cluberti Posted June 13, 2010 Share Posted June 13, 2010 It isn't so much a hack as it is a physical access problem - the keys for a running encrypted volume have to be stored *somewhere* in memory, and due to the design of Windows, they'll very likely be in the paging file. If you can get access to a running system with any encryption software (not just bitlocker) to run this, then you have physical access to the system already - decryption of the disk at that point is the least of one's problems. Bitlocker (or any other encryption package) won't protect you if someone has physical access to the system that the drive is encrypted on, and the keys are stored locally. If you're really worried about losing your machine and the data on it, don't let the firewire ports be enabled in the BIOS, and this hack can't work. That'll leave brute-force password key decryption as the only option, and that could take the attacker a very, very long time.Nothing's foolproof if it runs on the machine, especially security software. It's just there to make the task of data theft harder, not impossible . Link to comment Share on other sites More sharing options...
joakim Posted June 13, 2010 Share Posted June 13, 2010 Like already mentioned, it highly depends on wether you have access to the system in a running state. There are more ways to "circumvent" such if you can get access to the running system.Last year I posted a video about how one can remove McAfee Endpoint Encryption without the Authorisation Code and without the Windows password, by using MetaSploit remotely (given some assumptions); http://sanbarrow.com/phpBB2/viewtopic.php?t=1671But, in a fully patched and locked down environment, this should not be possible (unless you can exploit the OS)..Joakim Link to comment Share on other sites More sharing options...
jaclaz Posted June 13, 2010 Share Posted June 13, 2010 Yep, it's nothing like a crack or a password finding.The "assumptions", just like in the nice procedure by joakim is that the "encrypted something" is ALREADY mounted or however accessible (possibly on the "native" hosting machine).The known "firewire backport" is used to try and get a physical dump of memory, which is then searched for the encryption key.Another more theoretical that practical (though interesting) exploit.jaclaz Link to comment Share on other sites More sharing options...
gosh Posted June 22, 2010 Share Posted June 22, 2010 When i went to the windows 7 launch a jerk in the audience yelled out to the technet guy that bitlocker was cracked. The MS guy said as long as you follow normal security practices you cant crack bitlocker, and i agree. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now