Re: Microsoft BitLocker can be Cracked?

[Archangel Amael <archangel.amael () gmail com>]

The message is dated  Fri, Dec 4, 2009 at 3:06 PM  Apparently someone
decided to clean out the queue.

On Fri, Sep 10, 2010 at 9:21 PM, Riley, Steve <steriley () amazon com> wrote:
> That article's a bit old (4 Dec 2009); take a look at the comments: they pretty much eviscerate the breathless 
> reportage. Passware's product doesn't crack any keys. It works only if you (1) are or can become admin and (2) dump 
> the computer's RAM contents to disk. Then you can search that disk image to find the keys, which were stored in the 
> computer's memory. If the computer is powered off before you can get an image dump, then there are no keys to find; 
> clear-text keys are never stored on disk. This is why you should always hibernate or power off if you're using 
> BitLocker, don't simply put the computer to sleep. There's a GPO to help you enforce this control, too.
>
> I don't work for Microsoft anymore; however, I remain a fan of BitLocker. It does what it does very well, with no 
> noticeable performance impacts. The default setting of AES-128 plus Elephant diffuser will protect your data for a 
> very long time.
>
>
> -----Original Message-----
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of tvlillard () msn com
> Sent: Friday 04 December 2009 5:06
> To: security-basics () securityfocus com
> Subject: Microsoft BitLocker can be Cracked?
>
> Greetings,
>
> I saw this announce the other day.  First commercial tool to crack BitLocker arrives.
>
> http://arstechnica.com/microsoft/news/2009/12/first-commercial-tool-cracks-bitlocker.ars
>
> http://www.lostpassword.com/kit-forensic.htm
>
> Passware Kit Forensic version 9.5 can recover encryption keys for hard drives protected with BitLocker in just a few 
> minutes. It scans a physical memory image file of the target computer and extracts all the encryption keys for a 
> given BitLocker disk. As a result, Passware has crowned itself the creator of the first commercially available 
> software to crack BitLocker Drive Encryption.
>
> Thanks
> Terrence
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------