1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Toolkit breaks FileVault and BitLocker

Discussion in 'Article Discussion' started by Tim S, 22 Jul 2008.

  1. Tim S

    Tim S OG

    Joined:
    8 Nov 2001
    Posts:
    18,881
    Likes Received:
    78
  2. Da Dego

    Da Dego Brett Thomas

    Joined:
    17 Aug 2004
    Posts:
    3,913
    Likes Received:
    1
    I'm not sure how I feel about this. I mean, I don't care that the source code is released and obviously the exploit has been around since we last reported on it. The question is whether it's truly notable.

    At some point, there's a hardware flaw and that can't be helped - we're talking about needing genuine local access to the machine, PLUS reboot ability, plus some type of bootable media ability. And all of this goes back to that encryption is as good as the user's technique in utilizing it, which should include unmounting encrypted drives when you're done using them (as Gareth mentions).

    The only computers that have a lot to fear from this, then, are laptops which can be stolen before you've unmounted your secure partition. And in that case, were your data THAT sensitive, you could be using something like Seagate's Momentus FDE (full disk encryption) drive or the Silverstone encrypting enclosure. Neither of these should leave a key in your RAM.

    So I guess it's good to point out the weakness, but it's important to realize that there's just no perfect system. A little common-sense from a user perspective turns this into a non-issue, and more of an academic finding as to the weakness of RAM technology.
     
  3. cjmUK

    cjmUK Old git.

    Joined:
    9 Feb 2004
    Posts:
    2,551
    Likes Received:
    85
    I think the point is, for most people, BitLocker et al are fine, but if you are one of the countries top spies, you can choose different tools or modify your behaviour and you are still relatively safe.

    Currently, I'm more concerned that the government give away my entire digital identity on weekly basis by posting CDs to strangers, than I am about a determined infiltrator gaining physical access to my encrypted PC.
     
  4. Tomm

    Tomm I also ride trials :¬)

    Joined:
    12 Apr 2004
    Posts:
    2,249
    Likes Received:
    0
    I wonder if either of those guys has ever touched a girl.
     
  5. theevilelephant

    theevilelephant New Member

    Joined:
    5 Jan 2006
    Posts:
    1,334
    Likes Received:
    36
    does their mother count?

    but seriously as mentioned before, you would have to have something really important for someone to bother going to these lengths to get the data. and if it was that important methinks you would use something other than bitlocker
     
  6. Buzzons

    Buzzons Active Member

    Joined:
    21 Jul 2005
    Posts:
    2,980
    Likes Received:
    21
  7. knyghtryda

    knyghtryda New Member

    Joined:
    2 Jan 2006
    Posts:
    101
    Likes Received:
    0
    this may not seem like a big deal for most people (and it isn't) but say you had a corporate/government environment and you wanted encryption keys for a project, which happen to be sitting on an somebody's computer. All you'd have to do is plug in, reboot the machine, grab the keys (assuming no bios password was set) and leave, letting the machine finish booting. Think about it... this could be done in a span of minutes, which is plenty of time if say the entire floor is out for lunch. Kinda scary stuff..
     
  8. p3ri0d

    p3ri0d New Member

    Joined:
    9 Jul 2008
    Posts:
    245
    Likes Received:
    0
    Yeah, real scary.

    I knew it was possible but no pub tool was out for it, only papers.
     
  9. cjmUK

    cjmUK Old git.

    Joined:
    9 Feb 2004
    Posts:
    2,551
    Likes Received:
    85
    Only works when the user doesn't expressly close the encrypted file/volume in true crypt.

    When you close the volume, truecrypt overwrites any passwords & keys in memory.

    They've already put a statement out to this effect in the last couple of weeks.
     
  10. p3ri0d

    p3ri0d New Member

    Joined:
    9 Jul 2008
    Posts:
    245
    Likes Received:
    0
    You are forgetting that you can encrypt a whole windows system partition with TrueCrypt.

    P.S: I think Ubuntu fixed that bug as of 8.04. Not sure though.
     
  11. Bluephoenix

    Bluephoenix Spoon? What spoon?

    Joined:
    3 Dec 2006
    Posts:
    968
    Likes Received:
    1
    one interesting thing is that if a PC is networked and you use the appropriate code, you can use the same trick but pull the right data from right over the network if a machine has wake on lan enabled (and that can be changed through other methods)


    I've tried it in a lab setup here and it works, I was able to snag a friend's key from his laptop while he was connected to the network, and I was 3 buildings away. :worried:
     
Tags: Add Tags

Share This Page