On The Insider: HSM Stars: Not So Innocent
BNET Business Network:
BNET
TechRepublic
ZDNet
Step 1: The test

Step 1: The test
A team of security researchers on Thursday reported serious vulnerabilities in disk encryption products including Microsoft's BitLocker, Apple's FileVault, and the open-source TrueCrypt. Because memory contents are not deleted when the computer is rebooted, someone can gain access to the contents of the encrypted volume by restarting it and extracting the encryption keys. Another way to extract the keys is to supercool the memory--a can of compressed air held upside-down works--and transfer the RAM to another computer where it can be read.

We decided to put their claims to the test. Because I'm an Apple user, I wanted to see if they could extract the AES encryption key from a MacBook running OS X Tiger. AES is, of course, the Advanced Encryption Standard used in innumerable security applications.

Step 1 involved creating a new password-protected account called "Breakme" with FileVault turned on and encrypted swap activated. I turned on the locking screensaver and presented Jacob Applebaum, one of the researchers on the team, with the FileVault-protected laptop. To pass the test, Applebaum needed to extract the 128-bit AES key used to encrypt the Breakme account.

Text by Declan McCullagh

  • Talkback
  • Most Recent of 17 Talkback(s)
Bit Locker
It seems to me that the problem resides in the TPM. I do not use it. I store my password on a memory stick whereas using TPM stores it in the RAM. If the password is not on the computer to begin with it can't be hacked.... (Read the rest)
Posted by: cobra96ds@... Posted on: 02/25/08 You are currently: Logged In | Log out
Supercooled memory? Eriamjh   | 02/21/08
Millions at stake in corporate espionage ... terry flores   | 02/21/08
re: back doors CobraA1   | 02/21/08
Clearing memory at reboot would not work. ye   | 02/22/08
RE: Supercooled memory? bfilipiak@...   | 02/22/08
A few things to note CobraA1   | 02/21/08
Careful there georgeou   | 02/21/08
hdiutil was simply used to show successful crack terry flores   | 02/21/08
RE: (Images: How to bypass FileVault, BitLocker security) d1g1tal_ph3r3t   | 02/21/08
RE: (Images: How to bypass FileVault, BitLocker security) riverab0@...   | 02/22/08
Addition riverab0@...   | 02/22/08
Cox CassidyJames   | 02/22/08
I would like to see this tried with Firmware locked duane@...   | 02/22/08
Info still unencrypted in RAM... robert.rohr@...   | 02/22/08
Bit Locker cobra96ds@...   | 02/25/08
Encyption Law wagonhitch5@...   | 02/22/08
This is freaky John Musbach   | 02/24/08

What do you think?

advertisement
Click Here.

More ZDNet Photo Galleries

The Green Enterprise

advertisement
Click Here