So Much for the Security of BitLocker

For a while, Microsoft had people thinking that its BitLocker encryption was (practically) impenetrable. Well, since that is no longer the case, I wonder what the reasoning for the purchase of Windows 7 Ultimate will be.

The tool to break the encryption is not cheap, but, if you really want to get at some data that currently is not readable, $795 is not that much to spend. I’m sure that lots of international spies are lining up right now for a copy of the software.

The rest of the story comes from Ars Technica -

BitLocker Drive Encryption can now be successfully cracked with Passware Kit Forensic version 9.5, though it will set you back $795.

Passware, a software firm that provides password recovery, decryption, and evidence discovery software for computer forensics, has updated its flagship application this week to support breaking Microsoft’s BitLocker hard drive encryption. Passware Kit Forensic version 9.5 can recover encryption keys for hard drives protected with BitLocker in just a few minutes. It scans a physical memory image file of the target computer and extracts all the encryption keys for a given BitLocker disk. As a result, Passware has crowned itself the creator of the first commercially available software to crack BitLocker Drive Encryption.

Passware claims that full disk encryption was a major problem for investigators and that its tool helps police, law enforcement, and private investigators bypass BitLocker encryption for seized computers. That may be, but since this is a commercially available product, anyone with $795 can now circumvent the encryption. Add to that the fact that previous versions of this software have been pirated (version 9.0 was released earlier this year), and it’s only a matter of time before even the price point doesn’t matter.

Passware Kit Forensic is a tool that can recover passwords from various file types, decrypt Microsoft Word and Excel files up to version 2003, and reset passwords for local and domain Windows administrators. It is a complete encrypted evidence discovery solution that reports all password-protected items on a computer and gains access to these items using the fastest decryption and password recovery algorithms at its disposal. There’s also a portable version of the software that runs from a USB drive and finds encrypted files, plus recovers files and website passwords without making any changes to the target computer.

BitLocker Drive Encryption is a full disk encryption feature available in the Ultimate and Enterprise editions of Windows Vista and Windows 7, as well as the Windows Server 2008 and Windows Server 2008 R2 operating systems. It is designed to protect data by providing encryption for entire volumes. By default, it uses the AES encryption algorithm in CBC mode with a 128 bit-key, combined with the Elephant diffuser for additional disk encryption security not provided by AES. It is meant to prevent a thief or thieves from using another operating system or hacking tool to get around file and system protections provided by Windows in order to view files stored on the drive.

Update

As pointed out in the comments, this isn’t exactly a “crack” for BitLocker. Like most similar digital forensics analysis software, Passware Kit Forensic requires access to a physical memory image file of the target computer before it can extract all the encryption keys for a BitLocker disk. If a forensics analyst or thief has physical access to a running system, it is possible to take advantage of the fact that the contents are in the computer’s memory. Other drive encryption programs have similar issues.

So there we have it. Another episode in the constant soap opera of one upsmanship, where someone or some entity makes something that is said to be unassailable, yet we all know that nothing is truly that way.

In sort of a backwards and convoluted way, using something like a simpler encryption protocol might work with bad guys geared up for BitLocker. Some simple mathematical binary work could do the trick.

§

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Opera, the fastest and most secure web browser

Famous Birthdays for December 4th

Wassily Kandinsky 1866Francisco Franco 1892Deanna Durbin 1921

Wink Martindale 1934

Max Baer Jr. 1937

John Cale 1940

Freddy “Boom Boom” Cannon 1940
Bob Mosley (Moby Grape) 1942

Chris Hillman (Flying Burrito Brothers, Byrds) 1942

Dennis Wilson (Beach Boys) 1944

Southside Johnny Lyon 1948

Jeff Bridges 1949

Patricia Wettig 1951

Gary Rossington (Lynyrd Skynyrd) 1951

Cassandra Wilson 1955

Brian Prout (Diamond Rio) 1955

Bob Griffin (The BoDeans) 1959

Vinnie Dombroski (Sponge) 1962

Jozef Sabovcik 1963

Marisa Tomei 1964

Chelsea Noble 1964

Tyra Banks 1973

Lila McCann 1981

Orlando Brown 1987