Every time I plugged in the drive, Windows would welcome this new device with "You need to format the disk in drive F: before you can use it." Perhaps, there is a switch somewhere deep down in the Windows engine room that would allow me to turn off this unnerving popup message. This is just a minor glitch however, after a while it got on my nerves. Of course, BitLocker can "automatically auto-mount" encrypted volumes. If these were the only clicks, I might just ignore this little hassle. Well, yes, only two clicks are required to "auto-mount" a TrueCrypt device. I always thought "auto" means that I don't have to do it manually. I like this "Auto-mount device" button in TrueCrypt. This way encryption becomes convenient and ensures that people use it. This is still secure as long as you are the only one who can log on to your computer. BitLocker also allows you to work without a password. Password plus hardware token is the most secure way to protect your encrypted data. This is what they teach hackers in elementary school. There are a myriad of ways to steal a password. Passwords are the weak point of any security mechanism. Thanks to the TPM, you don't have to type a password every time you connect the drive. The TPM significantly raises the bar to crack an encrypted system, and TrueCrypt doesn't reach this level of security. What counts is who possesses the capabilities to crack a system and how much effort is necessary. When it comes to security, vulnerabilities are absolutely unimportant. However, the procedure is extremely time consuming and can only be done by experts. You might have read the news that TPM was cracked, recently. Of course, you then need a computer with TPM, but BitLocker also works without TPM. This not only improves security, significantly, but it also makes the use of encryption technology more convenient. As always, encryption is no use without proper pre-boot authentication.One of the advantages of BitLocker is that it supports the Trusted Platform Module (TPM) chip. This is, to my knowledge, the first commercial implementation (or should that be exploitation?) of the Firewire memory attack, and should be considered by anyone intending to use products such as Bitlocker or Truecrypt, without making sure they implement them in a way which prevents this kind of exploitation. Click Next – Passware will now decrypt the disk image.Select the memory image file, and the disk image file.Click “Recover Hard Disk Passwords” within the Passware Kit.Create disk images using tools such as Encase.Boot the forensic computer off the USB stick from step 1 to capture the image.Connect the target computer to the forensic computer using a Firewire cable.Create the Firewire memory imager from the Passware Kit on a USB Stick.Step 1 – capture a forensic memory image and disk images As to how to do it, well they have implemented the exploit in a very neat and usable way: A feisty California company has released a version of their forensic software which will decrypt Bitlocker and TrueCrypt protected hard disks via the classic Firewire vulnerabilities.Ī full write-up can be found on the Passware site, but simply, given a machine that’s running, but has encrypted drives (for example one using Bitlocker in TPM-only mode, or a machine which is suspended, not hibernated). Following on from my post “ 10 Things You Don’t Want To Know About Bitlocker”, “ TPM Undressed” and “ Firewire Attacks Revisited” it recently came to my attention that Passware, Inc.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |