Jump to content

Passware hdd decryption


allen2

Recommended Posts


It isn't so much a hack as it is a physical access problem - the keys for a running encrypted volume have to be stored *somewhere* in memory, and due to the design of Windows, they'll very likely be in the paging file. If you can get access to a running system with any encryption software (not just bitlocker) to run this, then you have physical access to the system already - decryption of the disk at that point is the least of one's problems. Bitlocker (or any other encryption package) won't protect you if someone has physical access to the system that the drive is encrypted on, and the keys are stored locally. If you're really worried about losing your machine and the data on it, don't let the firewire ports be enabled in the BIOS, and this hack can't work. That'll leave brute-force password key decryption as the only option, and that could take the attacker a very, very long time.

Nothing's foolproof if it runs on the machine, especially security software. It's just there to make the task of data theft harder, not impossible ;).

Link to comment
Share on other sites

Like already mentioned, it highly depends on wether you have access to the system in a running state. There are more ways to "circumvent" such if you can get access to the running system.

Last year I posted a video about how one can remove McAfee Endpoint Encryption without the Authorisation Code and without the Windows password, by using MetaSploit remotely (given some assumptions); http://sanbarrow.com/phpBB2/viewtopic.php?t=1671

But, in a fully patched and locked down environment, this should not be possible (unless you can exploit the OS)..

Joakim

Link to comment
Share on other sites

Yep, it's nothing like a crack or a password finding.

The "assumptions", just like in the nice procedure by joakim is that the "encrypted something" is ALREADY mounted or however accessible (possibly on the "native" hosting machine).

The known "firewire backport" is used to try and get a physical dump of memory, which is then searched for the encryption key.

Another more theoretical that practical (though interesting) exploit.

jaclaz

Link to comment
Share on other sites

  • 2 weeks later...

When i went to the windows 7 launch a jerk in the audience yelled out to the technet guy that bitlocker was cracked. The MS guy said as long as you follow normal security practices you cant crack bitlocker, and i agree.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...