Educause Security Discussion mailing list archives
Re: TrueCrypt and Windows Hibernate feature
From: "Bradley, Stephen W. Mr." <bradlesw () MUOHIO EDU>
Date: Sat, 11 Dec 2010 15:12:40 -0500
Must be one heck of a tool if it can decrypt anything powered off. Sent from my iPad Stephen Bradley bradlesw () muohio edu On Dec 10, 2010, at 7:26 PM, "Alexander Kurt Keller" <alkeller () SFSU EDU> wrote:
If the attacker has access to the OS file system, powered on or not, remotely or local, then it is game over. Moreover this attack is not viable if your OS drive is encrypted and powered down as there would be no way to obtain a copy of the hiberfil.sys file. That said, I can see how this would be concerning to folks who are NOT performing OS disk encryption and using BitLocker or TrueCrypt for external/virtual volumes. Press release is here: http://www.lostpassword.com/pdf/pr-101209.pdf I understand the proposed attack vector against an external/virtual volume that has been encrypted. But I can't wrap my head around this paragraph from the release: "The latest enhancements to Passware Kit make instant decryption for powered-off computers possible by analyzing a single hibernation file....If a computer with a mounted TrueCrypt or BitLocker To Go hard disk has hibernated at least once, Passware Kit will instantly decrypt the hard disk even if the computer is no longer running." Are they just saying you could mount the unencrypted OS drive on another computer, grab the hiberfil.sys file and parse that to obtain the Bitlocker/Truecrypt password for the encrypted external/virtual volume? Best, alex Alex Keller Systems Administrator Academic Technology, San Francisco State University Office: Burk Hall 153 Phone: (415)338-6117 Email: alkeller () sfsu edu From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Smith, Bob Sent: Friday, December 10, 2010 3:06 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] TrueCrypt and Windows Hibernate feature Wondering if anyone had seen this article and what impact, if any, it will have on your use of TrueCrypt? http://www.securityweek.com/microsoft-windows-sleep-feature-poses-security-risk?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek%29 We just implemented the campus-wide use of TrueCrypt, but for select folder/volume encryption and not for full disk encryption and are interested in how anyone else is responding to the claims contained in the article. Happy Holidays! Bob Smith AVP IITS & Information Security Officer Longwood University 201 High Street Farmville, Virginia 23901 www.longwood.edu/infosec
Current thread:
- TrueCrypt and Windows Hibernate feature Smith, Bob (Dec 10)
- Re: TrueCrypt and Windows Hibernate feature Eric Case (Dec 10)
- Re: TrueCrypt and Windows Hibernate feature Alexander Kurt Keller (Dec 10)
- Re: TrueCrypt and Windows Hibernate feature Bradley, Stephen W. Mr. (Dec 11)