Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

ElcomSoft Tool Cracks BitLocker, PGP, TrueCrypt In Real-Time

timothy posted about a year and a half ago | from the well-that-puts-a-spin-on-things dept.

Encryption 268

An anonymous reader writes "Russian firm ElcomSoft on Thursday announced the release of Elcomsoft Forensic Disk Decryptor (EFDD), a new forensic tool that can reportedly access information stored in disks and volumes encrypted with desktop and portable versions of BitLocker, PGP, and TrueCrypt. EFDD runs on all 32-bit and 64-bit editions of Windows XP, Windows Vista, and Windows 7, as well as Windows 2003 and Windows Server 2008." All that for $300.

cancel ×

268 comments

Sorry! There are no comments related to the filter you selected.

Key theft != cracking encryption (5, Informative)

Anonymous Coward | about a year and a half ago | (#42350845)

Yeah, this is really just exploiting retarded key control. The encryption standards themselves are still secure

Re:Key theft != cracking encryption (2)

iluvcapra (782887) | about a year and a half ago | (#42351011)

Yeah, this is really just exploiting retarded key control.

I dunno, I've let my laptop go into hibernate with a TrueCrypt volume mounted. It's "retarded" but that doesn't mean it doesn't work.

Re:Key theft != cracking encryption (5, Insightful)

Anonymous Coward | about a year and a half ago | (#42351391)

It's still a key control problem.

If Windows notifies programs about suspends/shutdowns (not sure it really does), TrueCrypt needs to dismount immediately and do whatever it needs to do to protect its key.

None of these processes attack the encryption directly, just control of its keys. Of course, that still means data disclosure, but rather than meaning P=NP or some other news, it simply means that keys are being poorly protected by the software, which in the case of hibernation can hopefully be fixed.

Firewire doesn't matter...it's equivalent to a malicious PCI device, without (as far as I know) the possible protection of VT-d. Epoxy or X-acto. If you can read the system's memory space, you can do a *WHOLE* lot more than just recovering the key...the data itself is likely in there while being read or even the entire unencrypted volume if it's memory mapped. Let alone kernel memory etc. So that is not news really.

Re:Key theft != cracking encryption (5, Interesting)

icebike (68054) | about a year and a half ago | (#42351715)

Exactly: They aren't breaking encryption, they are simply surfing for keys.

Quote TFA:

So, how does it work? Elcomsoft Forensic Disk Decryptor acquires the necessary decryption keys by analyzing memory dumps and/or hibernation files obtained from the target PC. You’ll thus need to get a memory dump from a running PC (locked or unlocked) with encrypted volumes mounted, via a standard forensic product or via a FireWire attack. Alternatively, decryption keys can also be derived from hibernation files if a target PC is turned off.

Note the basic misunderstanding embedded in that last sentence: Turned off != Hibernated.

While this tool might help you break into a computer you found hibernated, or running while locked, it won't do any good if the power cord is yanked, or the encryption software was intelligently written to only store its key an some volatile memory.

Re:Key theft != cracking encryption (5, Informative)

_Shad0w_ (127912) | about a year and a half ago | (#42351717)

You can register an interest in knowing about power events by calling RegisterPowerSettingNotification(); your application then gets sent the WM_POWERBROADCAST message when the the power setting changes, that includes suspending the system (PBT_APMSUSPEND). You get about two seconds to actually do something with this information.

Re:Key theft != cracking encryption (1)

timeOday (582209) | about a year and a half ago | (#42351443)

The problem is the key control isn't all that retarded. Re-entering your password every time a disk block is read from disk isn't too appealing.

Re:Key theft != cracking encryption (2)

icebike (68054) | about a year and a half ago | (#42351753)

But holding it in volatile memory, and entering it once upon boot up is not all that bad. There are a lot of ways this can be done such that the private key never need be stored on the disk in unencrypted form.

I bet EFDD is... (5, Funny)

Anonymous Coward | about a year and a half ago | (#42350861)

...just a hammer.

Obligatory: http://xkcd.com/538/

Re:I bet EFDD is... (1)

Anonymous Coward | about a year and a half ago | (#42350897)

...just a hammer.

%s/hammer/wrench/g

FTFY

Re:I bet EFDD is... (5, Funny)

mar.kolya (2448710) | about a year and a half ago | (#42351413)

In Russia this often called 'thermorectal cryptanalysis' and soldering iron is a tool of choice for this sort of job.

Going to need some proof. (0)

Anonymous Coward | about a year and a half ago | (#42350863)

Pics or it didn't happen.

Re:Going to need some proof. (1)

Anonymous Coward | about a year and a half ago | (#42350971)

http://xkcd.com/538/

Re:Going to need some proof. (1)

Janek Kozicki (722688) | about a year and a half ago | (#42351087)

(Pics) || (didn't happen):

False

Re:Going to need some proof. (1)

Anonymous Coward | about a year and a half ago | (#42351203)

class It(){

if (Pics){

happen();

}

}

What kind of access? (1)

menegator (539434) | about a year and a half ago | (#42350867)

Access to some information or access to encrypted data?

Re: What kind of access? (1)

menegator (539434) | about a year and a half ago | (#42350907)

Ok, now the page is accessible. I won't however believe it if i don't test it myself.

Re: What kind of access? (1)

snemarch (1086057) | about a year and a half ago | (#42351239)

Acquires protection keys from RAM dumps, hibernation files

What's not to believe?

Nooooo ooooo ooooooo ooooo.... (-1)

Anonymous Coward | about a year and a half ago | (#42350875)

oooo oooooooo ooooo ooooo ooooo ooooo!
Lameness filter encountered. Post aborted!
Lameness filter encountered. Post aborted!
Filter error: Too much repetition.

Not as clever as it sounds (5, Informative)

Anonymous Coward | about a year and a half ago | (#42350883)

It reads the encryption key from memory.

Re:Not as clever as it sounds (5, Funny)

blueg3 (192743) | about a year and a half ago | (#42351185)

What did you expect it to do? Magic?

Re:Not as clever as it sounds (5, Funny)

smitty_one_each (243267) | about a year and a half ago | (#42351275)

I, for one, expected a pagan ritual involving Cthulhu; Natalie Portman, naked and petrified and covered in hot grits; and a traveling salesman walk of all your base.

Re:Not as clever as it sounds (1)

Anonymous Coward | about a year and a half ago | (#42351569)

I would like to subscribe to your newsletter.

Re:Not as clever as it sounds (0)

Anonymous Coward | about a year and a half ago | (#42351673)

What a generic route to take with the conversation.

Re:Not as clever as it sounds (4, Insightful)

HeckRuler (1369601) | about a year and a half ago | (#42351315)

Yeah, I would consider the ability to crack hard-encryption in a reasonable amount of time and processing power as a good definition for "magic". I'm under the impression that such a feat is mathmatically impossible. At least as far as we know. And the summary lead me to believe that they had somehow found a flaw in the underlying encryption scheme.

Re:Not as clever as it sounds (1)

blueg3 (192743) | about a year and a half ago | (#42351605)

That would, in fact, basically be magic. Which is why it's always likely that an article that says some encryption "is cracked" usually has some big caveats. Or they're actually talking about something that is not, in fact, "cracked" at all.

Re:Not as clever as it sounds (0)

Anonymous Coward | about a year and a half ago | (#42351321)

yes! duh!

Re:Not as clever as it sounds (4, Insightful)

gmuslera (3436) | about a year and a half ago | (#42351417)

The first thing you think about "PGP encryption cracked" is that a random .pgp file that you got isolated somehow (i.e. intercepting a mail with it attached) could be cracked and decrypted in minutes, no extra hardware required.

But this goes to the RAM of the computer where still resides somehow the passphrase to decrypt the file. Is a bit more serious, but not so much different than claiming that you cracked pgp encryption because you had a keylogger installed.

Re:Not as clever as it sounds (4, Insightful)

blueg3 (192743) | about a year and a half ago | (#42351647)

Security articles pretty much always dramatically overstate what they are capable of. Generally "cracked" gets used any time something is decrypted and the person who encrypted it didn't intend for it to be.

It sounds like it should be super easy, since the encryption key is "just sitting in memory", but it's not. A lot of those programs actively take steps to try to prevent the key from being captured from memory. Elcomsoft is by no means the first person to demonstrate this attack, but they like to aggressively promote whenever they make tools for applying techniques that researchers have already developed.

Re:Not as clever as it sounds (1)

spazdor (902907) | about a year and a half ago | (#42351713)

I was expecting anything which is properly referred to as a "crack" which is what TFS called it.

A known-key attack is not a "crack", it's just a "decrypt."

With a huge exception (5, Informative)

Anonymous Coward | about a year and a half ago | (#42350889)

It requires a memory dump of the system where the keys are used. Bad submitter. Is anyone filtering the submissions? This is starting to look like reddit.

Re:With a huge exception (5, Insightful)

BradleyUffner (103496) | about a year and a half ago | (#42350953)

It requires a memory dump of the system where the keys are used. Bad submitter. Is anyone filtering the submissions? This is starting to look like reddit.

Which you can get VERY easily if the computer has a firewire port.
http://blogs.gnome.org/muelli/2010/04/reading-ram-using-firewire/ [gnome.org]

Re:With a huge exception (1)

ColdWetDog (752185) | about a year and a half ago | (#42351051)

Except that only things in recent history that routinely have Firewire are Macs - which this software (apparently) doesn't deal with.

(But Saint Jobs is thinking of the Faithful and deprecating Firewire, just in case).

Re:With a huge exception (0)

Anonymous Coward | about a year and a half ago | (#42351277)

The only laptops worth purchasing all have firewire ports. {Thinkpad W500, W510,W520, W530}

Re:With a huge exception (1)

Jeng (926980) | about a year and a half ago | (#42351503)

That can be easily disabled in the bios and no one will miss the functionality since no one uses firewire.

Ok, some niche professions use firewire, so probably under 2% of those who have firewire use it.

Re:With a huge exception (1)

AliasMarlowe (1042386) | about a year and a half ago | (#42351607)

My Dell M6400 (work laptop) even has a Firewire port, and so did the Dell M4400 which it recently replaced. In both laptops it's a 6-pole IEEE1394 port, not the 4-pole DV port that my home laptop has (8½ year old Sony VAIO A117S).

Re:With a huge exception (3, Informative)

kagaku (774787) | about a year and a half ago | (#42351695)

This works with anything that provides DMA access - including FireWire, ExpressPort, PCMCIA, Thunderbolt, etc..

Re:With a huge exception (5, Insightful)

torkus (1133985) | about a year and a half ago | (#42351777)

That article is 2+ years old and deals with XP. Also the author chews on words for the first paragraph or two and makes me want to shoot myself (not to mention being wrong on a few points...) but anyhow..

Does the memory dump apply to Win 7/8? Fully patched XP? FW ports are a niche and rather uncommon. Of more interesting concern - are hibernate files encrypted on a bitlocker encrypted drive?

I agree with GP - this is a terribly written submission (and/or just an advertizement.) Bitlocker, PGP, and trucrypt ALL decrypt in realtime already - if you provide them with keys!!!

Re:With a huge exception (1)

jchevali (171711) | about a year and a half ago | (#42351653)

Today slashdot has let me down.

soo? (0)

Anonymous Coward | about a year and a half ago | (#42350899)

qoute from website: "Elcomsoft Forensic Disk Decryptor needs the original encryption keys in order to access protected information stored in crypto containers. The encryption keys can be derived from hibernation files or memory dump files acquired while the encrypted volume was mounted."

Not (5, Informative)

Maximum Prophet (716608) | about a year and a half ago | (#42350901)

So, how does it work? Elcomsoft Forensic Disk Decryptor acquires the necessary decryption keys by analyzing memory dumps and/or hibernation files obtained from the target PC. You’ll thus need to get a memory dump from a running PC (locked or unlocked) with encrypted volumes mounted, via a standard forensic product or via a FireWire attack. Alternatively, decryption keys can also be derived from hibernation files if a target PC is turned off.

That's not really cracking. It's more like looking under the keyboard for sticky-notes.

Re:Not (0)

Anonymous Coward | about a year and a half ago | (#42351445)

So, how does it work? Elcomsoft Forensic Disk Decryptor acquires the necessary decryption keys by analyzing memory dumps and/or hibernation files obtained from the target PC. You’ll thus need to get a memory dump from a running PC (locked or unlocked) with encrypted volumes mounted, via a standard forensic product or via a FireWire attack. Alternatively, decryption keys can also be derived from hibernation files if a target PC is turned off.

That's not really cracking. It's more like looking under the keyboard for sticky-notes.

Net result is the same. If there's a whole in the security, it's a flaw regardless of whether you think it's k3wl or not.

Re:Not (3, Insightful)

bill_mcgonigle (4333) | about a year and a half ago | (#42351657)

Net result is the same. If there's a whole in the security, it's a flaw regardless of whether you think it's k3wl or not.

Yes, there's a hole in the security, but not in the WDE products. Identifying the correct attack surfaces allows the security-minded to mount proper defenses.

From this perspective, the article title is misleading and counter-productive.

Better: "ElcomSoft Demonstrates Bypass Tool for BitLocker, PGP, and TrueCrypt".

Re:Not (1)

Maximum Prophet (716608) | about a year and a half ago | (#42351725)

Except that if they really can crack the underlying encryption of PGP, they can crack anything like PGP. Since this exploits keys lying around in memory or page space, only those products that don't actively manage keys have the vulnerability.

AFAIK, the machine encryption used at the company I work for, scambles and re-encrypts the keys when you suspend or hibernate your machine. It also clears the CPU caches and registers. Any attacker with a Lead Pipe could take your machine while you were working on it, but that's a problem for all mobile computing.

Re:Not (2)

Kjella (173770) | about a year and a half ago | (#42351581)

Yes, except certain standards basically give your peripherals practically free reign to roam through your memory, specifically Firewire and Thunderbolt or if the attacker can add such a port through extension cards and the drivers are installed automatically. This is rather well documented behavior [microsoft.com] , and the small price you have to pay for closing this loophole:

The drawback of this mitigation is that external storage devices can no longer connect by using the 1394 port, and all PCI Express devices that are connected to the Thunderbolt port will not work. Because USB and eSATA are so prevalent, and because DisplayPort often works even when Thunderbolt is disabled, the adverse effect caused by these mitigations should be limited.

of course, misleading topic (0)

Anonymous Coward | about a year and a half ago | (#42350905)

This reads keys from RAM, it doesn't actually break encryption.

Also, first post.

Re:of course, misleading topic (0)

Anonymous Coward | about a year and a half ago | (#42351033)

This reads keys from RAM, it doesn't actually break encryption.

Also, first post.

nonono, mine is the first one!!1!

Re:of course, misleading topic (0)

Anonymous Coward | about a year and a half ago | (#42351499)

This reads keys from RAM, it doesn't actually break encryption.

Also, first post.

You must be using some academic definition of "breaking encryption" that I'm not familiar with.

The typical use of that term is to mean "we can read your encrypted data without you choosing to divulge your key to us". If this software can reliably retrieve keys from arbitrary computers I'd say it has defeated the encryption in question.

Re:of course, misleading topic (1)

Bert64 (520050) | about a year and a half ago | (#42351665)

It still doesn't break encryption, the encryption part is still performing exactly as it's supposed to.
What's broken is the method of protecting the key, ie the means by which you "choose not to divulge the key"...

Re:of course, misleading topic (1)

Java Pimp (98454) | about a year and a half ago | (#42351689)

If this software can reliably retrieve keys from arbitrary computers...

It can't retrieve keys from arbitrary computers. There are specific circumstances that need to exist before they can do anything.

If the computer is on, it can potentially read the decrypted key from RAM. The computer must have been first turned on AND the correct passphrase entered to decrypt they they key to decrypt the volumes. If it's turned on but the decryption hasn't been performed yet, they gain nothing. They can't just turn on the computer and expect to crack it.

The other method they mention is reading it from hibernation files if the system is not powered on. However, if the system drive is encrypted they can't get to the hibernation files.

If you shut the machine down when you walk away you are pretty safe. Of course this doesn't prevent anyone determined enough to install a hardware key logger or something...

DRM? (1)

Voyager529 (1363959) | about a year and a half ago | (#42350913)

At $300 and being from Russia, one would assume that they wouldn't just release it as a DRM-free application...which raises the question whether they add DRM to it, and how they're going to protect it, especially if they've got the means of decrypting all of these high-security encryption mechanisms.

I'm wondering if there isn't an alternative business model here - a bounty for encrypted laptops, decrypting the data internally, and using that data for ransom. I'm pretty sure it'd work much better than selling licenses at $300 a pop.

Re:DRM? (2)

NemosomeN (670035) | about a year and a half ago | (#42351141)

Elcomsoft is a legitimate business, at least I always had that impression. (They are well known, in fact I've known of them for years, I think. Never knew they were Russian).

Re:DRM? (1)

AvitarX (172628) | about a year and a half ago | (#42351221)

I think Dmitry Sklyarov (PDF decrypting software, arrested in US for work done in Russia when going to a conference) worked for them.

How it works (0)

Anonymous Coward | about a year and a half ago | (#42350917)

*Requires* a memory dump or hibernation file to scan for the decryption keys. So it can decrypt Bitlocker, PGP, and TrueCrypt, if it can find the decryption keys.

Misleading title (5, Insightful)

RenHoek (101570) | about a year and a half ago | (#42350921)

Unlike the title claims, it doesn't _crack_ in real time, it just allows you to mount the encrypted volume and lets you decrypt it with the keys you found. I.e. make it work just like truecrypt when you mount a partition.

If they were able to _crack_ in real time, then they'd have just solved P = NP.

Re:Misleading title (1)

GodBlessTexas (737029) | about a year and a half ago | (#42350989)

EXACTLY! Mod parent up please! This is not exactly new. Snagging encryption keys from hibernation files or RAM dumps is nothing new. And the Truecrypt win32 binary will allow you mount the volume in read only mode if you want to view the contents and have the acquired key. So, this does everything you can already do for free, but with the added benefit of being a $300 product. I guarantee you that law enforcement is going to be the biggest purchaser of this product, even though this capability already exists and has existed without spending a dime.

Re:Misleading title (1)

snemarch (1086057) | about a year and a half ago | (#42351317)

Auto-locating the decryption keys (for multiple products) rather than manually digging through a 16gig ram dump is easily worth $300 :) - I'd kinda expect law enforcement companies to have already come up with tools, though (or, perhaps more likely, be paying (lots more) for already-existing products).

Re:Misleading title (1)

Anonymous Coward | about a year and a half ago | (#42351269)

And they would have to change their name from Elcomsoft to Setec Astronomy.

I LOVE literature! (0)

Anonymous Coward | about a year and a half ago | (#42351669)

If they were able to _crack_ in real time, then they'd have just solved P = NP.

To Pee or Not to Pee! That, is the fundamental computer science question.
  Tis' nobler to drink coffee or coke, one cannot say.

Shit, I can't remember the rest of my Shakespear!

Re:Misleading title (2, Informative)

Anonymous Coward | about a year and a half ago | (#42351671)

If they were able to _crack_ in real time, then they'd have just solved P = NP.

Neither AES nor Public Key Crypto (atleast as far as I'm aware) has ever been shown to be polynomial-time reducible to an NP-Complete problem..

So your claim is not tue...

I can do that too... (0)

Anonymous Coward | about a year and a half ago | (#42350923)

.. if I have the keys.

Re:I can do that too... (1)

Impy the Impiuos Imp (442658) | about a year and a half ago | (#42351705)

I can build walking robots, too, if I have the algorithms.

System drive encryption? (0)

Anonymous Coward | about a year and a half ago | (#42350933)

My setup is the following: win7, encrypted system drive, and one encrypted drive where I store all work-related stuff (including private keys to production servers etc).
Lets suppose my laptop get stolen.

I understand that:

a) if it was turned off I'm safe
b) if it was put in sleep mode then I'm not safe. To this date I assumed that the thief would just bounce off the login screen and restart the machine, sooner or later. Is is possible to obtain a memory dump on a running machine? Of course, USB auto-run is off
c) the same as b)

is that correct?

cheers,
jan

Re:System drive encryption? (4, Funny)

marcello_dl (667940) | about a year and a half ago | (#42351225)

>My setup is the following: win...

first mistake? ;)

Re:System drive encryption? (0)

Anonymous Coward | about a year and a half ago | (#42351307)

Herpity derpity. I r clevar1!!1111!

Re:System drive encryption? (1)

snemarch (1086057) | about a year and a half ago | (#42351369)

If you've got a firewire port in the machine, you're game over.

Otherwise, it depends on whether there's any direct remote exploits on the version of Windows you're running - I haven't heard of any of those for a long time.

Re:System drive encryption? (1)

Jeng (926980) | about a year and a half ago | (#42351577)

He most likely has absolutely no use for firewire and can simply disable it in the bios.

Re:System drive encryption? (1)

Hatta (162192) | about a year and a half ago | (#42351441)

b) if it was put in sleep mode then I'm not safe. To this date I assumed that the thief would just bounce off the login screen and restart the machine, sooner or later. Is is possible to obtain a memory dump on a running machine? Of course, USB auto-run is off

If they have physical access to the computer, they can just blast the RAM with compressed gas to freeze it. At low temperatures, the RAM keeps its data for a few seconds. Then they pull the RAM and stick it in a device that dumps it.

Re:System drive encryption? (1)

BLKMGK (34057) | about a year and a half ago | (#42351527)

If your machine has FireWire ports they can be used to directly access memory and obtain the keys - it would not be safe in this case. This is a well known forensic technique for doing memory dumps. Do not allow the machine to sleep or hibernate as this will also write memory to disk where it can be examined offline.

Encryption is not broken (5, Informative)

RatRagout (756522) | about a year and a half ago | (#42350935)

They are simply extracting the encryption keys from the memory of a running computer using DMA and firewire. @breaknenter has been doing this with inception and some scripts for years.

Re:Encryption is not broken (5, Informative)

RatRagout (756522) | about a year and a half ago | (#42350963)

Link to inception: http://www.breaknenter.org/projects/inception/ [breaknenter.org]

Re:Encryption is not broken (2)

SeaFox (739806) | about a year and a half ago | (#42351575)

You didn't include the link in your first post, and make us go deeper to get to Inception? ;-)

Not the whole story (0)

Anonymous Coward | about a year and a half ago | (#42350961)

If you note, in the article, it even says you have to do a few very specific things. For the most part, that includes either mounting the partition/drive beforehand (second two methods), which defeats the purpose of someone wanting to do that. The first method is access the hibernation file. I doubt, with a full-drive encryption, that you'd be able to access it. Even if you only had an encrypted container, you'd still have to be stupid enough to leave it mounted and allow the computer to go into hibernation at least once. If you're leaving your encrypted partitions/drives mounted that long and leaving the computer to go afk and let it hibernate, keeping the data secure must not mean that much to you.

Encrypted swap? (5, Informative)

Anonymous Coward | about a year and a half ago | (#42350979)

I don't use windows, but on other OSs, the swap where "hibernation" data goes, is encrypted to avoid such trivial exploits.

As for the firewire attack, that was first developed on Linux, and immediately prevented on Linux. On Windows, it has been available since XP days, and MS notified of the issue back then. So, no excuse it is still trivial to unlock, disk dump, mem dump a windows box through the DMA firewire hack, now 3 major versions on since this attack was well known.

This tool requires catching the encryption key (1)

Anonymous Coward | about a year and a half ago | (#42350983)

... with three ways to locate it:

  By analyzing the hibernation file (if the PC being analyzed is turned off);
  By analyzing a memory dump file *
  By performing a FireWire attack ** (PC being analyzed must be running with encrypted volumes mounted).
  (or sniffing it with a key-logger, using a rubber hose, etc.)

To thwart it: Don't hibernate, don't leave a memory dump laying around, disable fire-wire, and power-down.

Dear Slashdot, (0)

Anonymous Coward | about a year and a half ago | (#42350995)

Mounted or dismounted? (0)

Anonymous Coward | about a year and a half ago | (#42351003)

So the volume would need to be mounted at the time the decrypter is running? So a dismounted encrypted volume should be secure?

But only if you have the key (1)

AmiMoJo (196126) | about a year and a half ago | (#42351025)

What TFS does not mention is that you need to acquire the encryption key for it to work. Hardly trivial.

Elcomsoft suggest attacking the hibernation file (Windows only, encrypted along with the system drive so probably inaccessible anyway, may not actually have the key) or using a Firewire attack on a live system with the volumes already mounted (useless for an offline attack, easily circumvented by disabling Firewire, not all machines even have it).

Nothing to see here.

Well, duh. (0)

Anonymous Coward | about a year and a half ago | (#42351029)

Three Ways to Acquire Encryption Keys

Elcomsoft Forensic Disk Decryptor needs the original encryption keys in order to access protected information stored in crypto containers. The encryption keys can be derived from hibernation files or memory dump files acquired while the encrypted volume was mounted. There are three ways available to acquire the original encryption keys:
By analyzing the hibernation file (if the PC being analyzed is turned off);
By analyzing a memory dump file *
By performing a FireWire attack ** (PC being analyzed must be running with encrypted volumes mounted).
* A memory dump of a running PC can be acquired with one of the readily available forensic tools such as MoonSols Windows Memory Toolkit
** A free tool launched on investigator’s PC is required to perform the FireWire attack (e.g. Inception)

So it uses well-know techniques to access encrypted data. Whoop-dee-doo. Tag: slashvertisement

Disable hibernate, wipe dumps with ccleaner and? (0)

Anonymous Coward | about a year and a half ago | (#42351069)

So no mem dumps, no hibernate file (I hate hibernate anyway)...

Does that render this $300 wasted, without those two options?

Re:Disable hibernate, wipe dumps with ccleaner and (1)

alen (225700) | about a year and a half ago | (#42351229)

not if you're law enforcement

use the swat team and take control of computers while they are still on. or turn them on at suspect's home. transport in hibernated state and then "crack"

No. (2, Informative)

Anonymous Coward | about a year and a half ago | (#42351095)

This tool IS NOT capable of "cracking" disks encrypted by these methods. It is capable of locating the keys, should you be able to get a memory dump of the running system or obtain hibernation files, and decrypting the disks using the keys. In short, if you have something to hide, do not use hibernate and always power off your machine when you are not actively using it.

I'm I secured ? (1)

faustoc4 (2766155) | about a year and a half ago | (#42351113)

If I use a keyfile in Truecrypt, does this file also get loaded into RAM? Say, the keyfile is stored in a USB key that is removed after the Truecrypt partition is mounted.

Re:I'm I secured ? (1)

Hatta (162192) | about a year and a half ago | (#42351463)

Yes, yes it does. The key is used to do math with the data on your hard disk. It has to be in RAM to do that.

Re:I'm I secured ? (1)

snemarch (1086057) | about a year and a half ago | (#42351519)

AFAIK, the keyfile is only useful to avoid brute-force attacks against your passphrase - it is still derived down to the same encryption/decryption key length as would have been derived from your passphrase. If you've got encrypted partitions loaded, the key is in memory, and the keyfile is utterly irrelevant.

extracting keys from RAM (4, Informative)

interiot (50685) | about a year and a half ago | (#42351137)

This tool extracts the keys from RAM dumps. There are free tools [forensicswiki.org] that do this too, of course.

But isn't it difficult to get a RAM dump, you say? Not really:

  • Hibernating a computer writes this data to disk. Starting in Windows 8, "shutdown" actually writes some hibernate data by default.
  • VMs also have their own suspend functionality that does a RAM dump, as well as non-SAN VM migration.
  • Firewire ports actually allow devices to scan RAM of the machine they're connected to. [breaknenter.org]
  • Obviously, if you have access to a live machine, you can get the keys directly from RAM.

Re:extracting keys from RAM (0)

Anonymous Coward | about a year and a half ago | (#42351261)

All of this assumes that you haven't encrypted the system volume. Good luck getting my key from a hibernation file on an encrypted partition.

Re:extracting keys from RAM (0)

Anonymous Coward | about a year and a half ago | (#42351309)

So how does a TruCrypt user defend against these sorts of tools?

Re:extracting keys from RAM (1)

TheSpoom (715771) | about a year and a half ago | (#42351431)

Unmount the TrueCrypt volume before hibernating / shutting down. Don't let people attach random Firewire devices to your system. Lock your system before walking away (really, unmount the TrueCrypt volume then, too, if you can). Don't run it in a VM unless you know what you're doing.

Common sense stuff, really.

Re:extracting keys from RAM (2)

bill_mcgonigle (4333) | about a year and a half ago | (#42351613)

Disable Firewire in your BIOS if you can.
If you can't, snip the leads on your motherboard.
If you can't, fill the port with hot glue.

Re:extracting keys from RAM (1)

bill_mcgonigle (4333) | about a year and a half ago | (#42351589)

Also many new devices have Intel Rapid Start which uses a memory-sized partition on SSD to do a hardware-level hibernate (very fast).

I'm the kind of guy who uses swap on LUKS to do secure hibernation and even I started to setup up a Rapid Start partition, thinking it would be very useful, before the little security lobe of my brain started shouting "no, your keys!". There's precious little about this risk on a Google search save a Dell tech document that says that it might be incompatible with software-based encryption like TrueCrypt.

And with block remapping, even using Rapid Start once is enough to potentially contaminate the SSD forever.

It would be nice if the kernel had a mode where it could encrypt all the memory pages that weren't needed for resume and do the inverse on the way back up to take advantage of the BIOS-skipping benefit of this feature.

funny (0)

Anonymous Coward | about a year and a half ago | (#42351145)

Does it work on Linux? If it doesn't, it's good or bad?

Sucks for you (0)

Anonymous Coward | about a year and a half ago | (#42351241)

Sucks for those who auto mount their encrypted drives at startup, or those who leave them mounted when they go get coffee.

Now show me a tool that can crack truecrypt with an encrypted volume not mounted, and a disk simply handed to you.

I have a question (0)

Anonymous Coward | about a year and a half ago | (#42351293)

This sounds like they are only able to open an encrypted file if they have access to a machine where the file has been accessed already. This sounds like an operating system security issue. The operating system is creating garbage that includes sensitive information that is available to anyone. Not good.

But then does anyone really believe computers are secure?

Don't be a Bear (0)

Anonymous Coward | about a year and a half ago | (#42351345)

Can you say -- set your system to NEVER hibernate....

It's really a decryption key finder (2)

girlinatrainingbra (2738457) | about a year and a half ago | (#42351375)

I would actually call this more of a "finder of the decryption key if left hiding in RAM or hibernation file while encrypted partition is mounted":
It works only if
(1) you can get a volatile memory dump while the encrypted partition is mounted and the decryption key currently resides in the volatile memory or
(2) if you can get access to a hibernation partition/file which contains the decryption key from when the encrypted partition was mounted.
From the linked article So, how does it work? Elcomsoft Forensic Disk Decryptor acquires the necessary decryption keys by analyzing memory dumps and/or hibernation files obtained from the target PC. Youâ(TM)ll thus need to get a memory dump from a running PC (locked or unlocked) with encrypted volumes mounted, via a standard forensic product or via a FireWire attack. Alternatively, decryption keys can also be derived from hibernation files if a target PC is turned off. So saying that this software is capable of decrypting PGP / Bitlocker / Truecrypt partitions is hyperbole. A more accurate assessment of this software is capable of finding the decrpytion/encryption key in RAM or hibernation files.

I thought Truecrypt, et al were smarter about RAM (4, Insightful)

swb (14022) | about a year and a half ago | (#42351385)

I thought TrueCrypt,et al were smarter with their RAM-based keys than that and made them more difficult to sniff in RAM, as this has long been a well-known weakness of any encryption software.

Or is there something about whole-disk encryption software that makes this more difficult (which I can see from a performance perspective)?

You would think they would randomize memory locations or have some kind of method of encrypting the keys in-memory and decrypting them and wiping as they did disk I/O. A race condition that would expose them, but with a smaller window for exploitation than leaving them in memory.

My Experience (0)

Anonymous Coward | about a year and a half ago | (#42351419)

off topic but.. was using encrypted usb touted as military grade secure encription. Just booted the system in linux and the text file was transparent. So... easy to defeat inline encryption in that case.

Re:My Experience (1)

Lumpy (12016) | about a year and a half ago | (#42351611)

That is military grade... That's exactly how military encryption works.

Fuck you, timothy (0)

Anonymous Coward | about a year and a half ago | (#42351447)

this isn't "real time cracking" and you know it

These guys make IT people look like gods.... (5, Funny)

Lumpy (12016) | about a year and a half ago | (#42351597)

I used to have their password kit for enterprise and it would make me look like a complete computer GOD to the users.

"I lost the password to my spreadsheet...."
"what is the password I used on this zip file?"
etc....

I would crack about 5-10 passwords a week with their tools and ended up never having to buy drinks when going out with office workers after work because of it.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>