Step 8: Success!
Wow! It worked. The AES encryption key is the same. FileVault has been bypassed.
As you can see in this photograph, the AES key that the "keyfind" utility extracted from the MacBook's RAM is dd6a242a3a90ee1f60a8c53db59a4133. That's the same secret 128-bit key that Apple's utility shows is associated with the FileVault volume. (When you type in your FileVault passphrase, OS X unlocks this AES key.)
I just tested FileVault, of course, but the test shows that people using Microsoft's BitLocker, TrueCrypt, and similar products should also be concerned. Screensavers and suspend-to-RAM can no longer be trusted to keep the contents of a mounted encrypted disk secure. Servers with encryption keys in RAM, perhaps for
There are still ways of protecting your privacy. One is to turn off the computer for at least one minute. That gives the memory enough time to decay.
Another is to keep sensitive data in a separate encrypted file system, such as a PGP disk, that is mounted only when necessary and immediately unmounted when not in use. That should, if the application is designed properly, scrub the keys from memory so they can't be captured with a memory scan.
- Talkback
- Most Recent of 17 Talkback(s)
- Thread View
- Flat View
- Bit Locker
- It seems to me that the problem resides in the TPM. I do not use it. I store my password on a memory stick whereas using TPM stores it in the RAM. If the password is not on the computer to begin with it can't be hacked.... (Read the rest)
- Posted by: cobra96ds@... Posted on: 02/25/08 You are currently: Logged In | Log out
 Supercooled memory? Eriamjh | 02/21/08 |
 Millions at stake in corporate espionage ... terry flores | 02/21/08 |
 re: back doors CobraA1 | 02/21/08 |
| Clearing memory at reboot would not work. ye | 02/22/08 |
| RE: Supercooled memory? bfilipiak@... | 02/22/08 |
| A few things to note CobraA1 | 02/21/08 |
| Careful there georgeou | 02/21/08 |
| hdiutil was simply used to show successful crack terry flores | 02/21/08 |
| RE: (Images: How to bypass FileVault, BitLocker security) d1g1tal_ph3r3t | 02/21/08 |
| RE: (Images: How to bypass FileVault, BitLocker security) riverab0@... | 02/22/08 |
| Addition riverab0@... | 02/22/08 |
 Cox CassidyJames | 02/22/08 |
| I would like to see this tried with Firmware locked duane@... | 02/22/08 |
| Info still unencrypted in RAM... robert.rohr@... | 02/22/08 |
| Bit Locker cobra96ds@... | 02/25/08 |
| Encyption Law wagonhitch5@... | 02/22/08 |
| This is freaky John Musbach | 02/24/08 |
What do you think?
More ZDNet Photo Galleries
Ultraportables
- Understanding Ultraportable Laptops (BNET)
- Five steps to protect mobile devices anywhere, anytime (TechRepublic)
- View all ZDNet Toshiba laptop reviews
- From our sponsors
- Toshiba Satellite® U400 Series
-
- The ultra-portable, ultra-stylish Satellite® U405 is a smart choice for you and your small business. Only from the laptop expert, Toshiba. Explore the complete laptop lineup »
-
