Security Basics mailing list archives
Re: Microsoft BitLocker can be Cracked?
From: Archangel Amael <archangel.amael () gmail com>
Date: Sat, 11 Sep 2010 12:07:23 +0200
The message is dated Fri, Dec 4, 2009 at 3:06 PM Apparently someone decided to clean out the queue. On Fri, Sep 10, 2010 at 9:21 PM, Riley, Steve <steriley () amazon com> wrote:
That article's a bit old (4 Dec 2009); take a look at the comments: they pretty much eviscerate the breathless reportage. Passware's product doesn't crack any keys. It works only if you (1) are or can become admin and (2) dump the computer's RAM contents to disk. Then you can search that disk image to find the keys, which were stored in the computer's memory. If the computer is powered off before you can get an image dump, then there are no keys to find; clear-text keys are never stored on disk. This is why you should always hibernate or power off if you're using BitLocker, don't simply put the computer to sleep. There's a GPO to help you enforce this control, too. I don't work for Microsoft anymore; however, I remain a fan of BitLocker. It does what it does very well, with no noticeable performance impacts. The default setting of AES-128 plus Elephant diffuser will protect your data for a very long time. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of tvlillard () msn com Sent: Friday 04 December 2009 5:06 To: security-basics () securityfocus com Subject: Microsoft BitLocker can be Cracked? Greetings, I saw this announce the other day. First commercial tool to crack BitLocker arrives. http://arstechnica.com/microsoft/news/2009/12/first-commercial-tool-cracks-bitlocker.ars http://www.lostpassword.com/kit-forensic.htm Passware Kit Forensic version 9.5 can recover encryption keys for hard drives protected with BitLocker in just a few minutes. It scans a physical memory image file of the target computer and extracts all the encryption keys for a given BitLocker disk. As a result, Passware has crowned itself the creator of the first commercially available software to crack BitLocker Drive Encryption. Thanks Terrence ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Microsoft BitLocker can be Cracked? tvlillard (Sep 10)
- RE: Microsoft BitLocker can be Cracked? Riley, Steve (Sep 10)
- Re: Microsoft BitLocker can be Cracked? Archangel Amael (Sep 13)
- RE: Microsoft BitLocker can be Cracked? Riley, Steve (Sep 10)