For a while, Microsoft had people thinking that its BitLocker encryption was (practically) impenetrable. Well, since that is no longer the case, I wonder what the reasoning for the purchase of Windows 7 Ultimate will be.
The tool to break the encryption is not cheap, but, if you really want to get at some data that currently is not readable, $795 is not that much to spend. I’m sure that lots of international spies are lining up right now for a copy of the software.
The rest of the story comes from Ars Technica -
BitLocker Drive Encryption can now be successfully cracked with Passware Kit Forensic version 9.5, though it will set you back $795.
Passware, a software firm that provides password recovery, decryption, and evidence discovery software for computer forensics, has updated its flagship application this week to support breaking Microsoft’s BitLocker hard drive encryption. Passware Kit Forensic version 9.5 can recover encryption keys for hard drives protected with BitLocker in just a few minutes. It scans a physical memory image file of the target computer and extracts all the encryption keys for a given BitLocker disk. As a result, Passware has crowned itself the creator of the first commercially available software to crack BitLocker Drive Encryption.
Passware claims that full disk encryption was a major problem for investigators and that its tool helps police, law enforcement, and private investigators bypass BitLocker encryption for seized computers. That may be, but since this is a commercially available product, anyone with $795 can now circumvent the encryption. Add to that the fact that previous versions of this software have been pirated (version 9.0 was released earlier this year), and it’s only a matter of time before even the price point doesn’t matter.
Passware Kit Forensic is a tool that can recover passwords from various file types, decrypt Microsoft Word and Excel files up to version 2003, and reset passwords for local and domain Windows administrators. It is a complete encrypted evidence discovery solution that reports all password-protected items on a computer and gains access to these items using the fastest decryption and password recovery algorithms at its disposal. There’s also a portable version of the software that runs from a USB drive and finds encrypted files, plus recovers files and website passwords without making any changes to the target computer.
BitLocker Drive Encryption is a full disk encryption feature available in the Ultimate and Enterprise editions of Windows Vista and Windows 7, as well as the Windows Server 2008 and Windows Server 2008 R2 operating systems. It is designed to protect data by providing encryption for entire volumes. By default, it uses the AES encryption algorithm in CBC mode with a 128 bit-key, combined with the Elephant diffuser for additional disk encryption security not provided by AES. It is meant to prevent a thief or thieves from using another operating system or hacking tool to get around file and system protections provided by Windows in order to view files stored on the drive.
Update
As pointed out in the comments, this isn’t exactly a “crack” for BitLocker. Like most similar digital forensics analysis software, Passware Kit Forensic requires access to a physical memory image file of the target computer before it can extract all the encryption keys for a BitLocker disk. If a forensics analyst or thief has physical access to a running system, it is possible to take advantage of the fact that the contents are in the computer’s memory. Other drive encryption programs have similar issues.
So there we have it. Another episode in the constant soap opera of one upsmanship, where someone or some entity makes something that is said to be unassailable, yet we all know that nothing is truly that way.
In sort of a backwards and convoluted way, using something like a simpler encryption protocol might work with bad guys geared up for BitLocker. Some simple mathematical binary work could do the trick.
§
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
•
Famous Birthdays for December 4th
Wassily Kandinsky 1866Francisco Franco 1892Deanna Durbin 1921
Wink Martindale 1934
Max Baer Jr. 1937
John Cale 1940
Freddy “Boom Boom” Cannon 1940
Bob Mosley (Moby Grape) 1942
Chris Hillman (Flying Burrito Brothers, Byrds) 1942
Dennis Wilson (Beach Boys) 1944
Southside Johnny Lyon 1948
Jeff Bridges 1949
Patricia Wettig 1951
Gary Rossington (Lynyrd Skynyrd) 1951
Cassandra Wilson 1955
Brian Prout (Diamond Rio) 1955
Bob Griffin (The BoDeans) 1959
Vinnie Dombroski (Sponge) 1962
Jozef Sabovcik 1963
Marisa Tomei 1964
Chelsea Noble 1964
Tyra Banks 1973
Lila McCann 1981
Orlando Brown 1987
