On TV.com: Who's Absent From LOST's Final Season?
BNET Business Network:
BNET
TechRepublic
ZDNet
Step 6: Testing

Step 6: Testing
How can we tell whether Applebaum is actually able to glean the encryption key from the MacBook?

The answer is simple: an Apple utility called "hdiutil" can display the AES key for a FileVault volume as long as the passphrase is typed in first. If Applebaum's able to find it on his own, he's discovered a way to bypass FileVault--at least when the computer is turned on or is in sleep mode.

To use hdiutil, I logged out of the Breakme account, meaning the FileVault volume would be automatically unmounted. Then I made a copy of the breakme.sparseimage file and extracted the AES key by running hdiutil and typing in the passphrase. The key turned out to be: dd6a242a3a90ee1f60a8c53db59a4133.

The length of the AES key in OS X Tiger is 32 hexadecimal characters, or 128 bits. While FileVault in OS X Leopard can use a 256-bit AES key, the extraction process would be the same.

  • Talkback
  • Most Recent of 17 Talkback(s)
Bit Locker
It seems to me that the problem resides in the TPM. I do not use it. I store my password on a memory stick whereas using TPM stores it in the RAM. If the password is not on the computer to begin with it can't be hacked.... (Read the rest)
Posted by: cobra96ds@... Posted on: 02/25/08 You are currently: a Guest | | Terms of Use
Supercooled memory?  Eriamjh | 02/21/08
Millions at stake in corporate espionage ...  terry flores | 02/21/08
re: back doors  CobraA1 | 02/21/08
Clearing memory at reboot would not work.  ye | 02/22/08
RE: Supercooled memory?  bfilipiak@... | 02/22/08
A few things to note  CobraA1 | 02/21/08
Careful there  georgeou | 02/21/08
hdiutil was simply used to show successful crack  terry flores | 02/21/08
RE: (Images: How to bypass FileVault, BitLocker security)  d1g1tal_ph3r3t | 02/21/08
RE: (Images: How to bypass FileVault, BitLocker security)  riverab0@... | 02/22/08
Addition  riverab0@... | 02/22/08
Cox  CassidyJames | 02/22/08
I would like to see this tried with Firmware locked  duane@... | 02/22/08
Info still unencrypted in RAM...  robert.rohr@... | 02/22/08
Bit Locker  cobra96ds@... | 02/25/08
Encyption Law  benjaminwright75205 | 02/22/08
This is freaky  John Musbach | 02/24/08

What do you think?

advertisement

More ZDNet Photo Galleries

Enterprise Applications

  • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
  • New Online Dashboard
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline