Frontpage
Forums
Tutorials
Members
Calendar
Subscription
Donate
Links
Contact 
Help
It seems Passware found a way to "hack" bitlocker or brute force it : http://www.lostpassw...-decryption.htm.
Page 1 of 1
Passware hdd decryption
Rate Topic:
#1
- Not really Newbie
-
- Group: Members
- Posts: 1,754
- Joined: 13-January 06
Posted 13 June 2010 - 08:02 AM
Back to top
#2
- Gustatus similis pullus
-
- Group: Supervisor
- Posts: 11,222
- Joined: 09-September 01
- OS:Windows RT
-
Country:
-
Posted 13 June 2010 - 10:21 AM
It isn't so much a hack as it is a physical access problem - the keys for a running encrypted volume have to be stored *somewhere* in memory, and due to the design of Windows, they'll very likely be in the paging file. If you can get access to a running system with any encryption software (not just bitlocker) to run this, then you have physical access to the system already - decryption of the disk at that point is the least of one's problems. Bitlocker (or any other encryption package) won't protect you if someone has physical access to the system that the drive is encrypted on, and the keys are stored locally. If you're really worried about losing your machine and the data on it, don't let the firewire ports be enabled in the BIOS, and this hack can't work. That'll leave brute-force password key decryption as the only option, and that could take the attacker a very, very long time.
Nothing's foolproof if it runs on the machine, especially security software. It's just there to make the task of data theft harder, not impossible
.
Nothing's foolproof if it runs on the machine, especially security software. It's just there to make the task of data theft harder, not impossible
.
#3
- Member
-
- Group: Members
- Posts: 151
- Joined: 18-November 09
- OS:none specified
-
Country:
Posted 13 June 2010 - 01:24 PM
Like already mentioned, it highly depends on wether you have access to the system in a running state. There are more ways to "circumvent" such if you can get access to the running system.
Last year I posted a video about how one can remove McAfee Endpoint Encryption without the Authorisation Code and without the Windows password, by using MetaSploit remotely (given some assumptions); http://sanbarrow.com...opic.php?t=1671
But, in a fully patched and locked down environment, this should not be possible (unless you can exploit the OS)..
Joakim
Last year I posted a video about how one can remove McAfee Endpoint Encryption without the Authorisation Code and without the Windows password, by using MetaSploit remotely (given some assumptions); http://sanbarrow.com...opic.php?t=1671
But, in a fully patched and locked down environment, this should not be possible (unless you can exploit the OS)..
Joakim
#4
- The Finder
-
- Group: Developers
- Posts: 11,578
- Joined: 23-July 04
- OS:none specified
-
Country:
Posted 13 June 2010 - 05:55 PM
Yep, it's nothing like a crack or a password finding.
The "assumptions", just like in the nice procedure by joakim is that the "encrypted something" is ALREADY mounted or however accessible (possibly on the "native" hosting machine).
The known "firewire backport" is used to try and get a physical dump of memory, which is then searched for the encryption key.
Another more theoretical that practical (though interesting) exploit.
jaclaz
The "assumptions", just like in the nice procedure by joakim is that the "encrypted something" is ALREADY mounted or however accessible (possibly on the "native" hosting machine).
The known "firewire backport" is used to try and get a physical dump of memory, which is then searched for the encryption key.
Another more theoretical that practical (though interesting) exploit.
jaclaz
#5
- gosh 2.0
-
- Group: Patrons
- Posts: 2,347
- Joined: 03-October 03
- OS:none specified
-
Country:
Posted 22 June 2010 - 06:37 AM
When i went to the windows 7 launch a jerk in the audience yelled out to the technet guy that bitlocker was cracked. The MS guy said as long as you follow normal security practices you cant crack bitlocker, and i agree.
Share this topic:
Page 1 of 1