Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Bitlocker No Real Threat To Decryption?

Zonk posted more than 7 years ago | from the keep-this-under-your-hat dept.

Security 319

An anonymous reader writes "The Register is running a story called 'Vista encryption 'no threat' to computer forensics'. The article explains that despite some initial concerns that lawbreakers would benefit from built-in strong encryption, it's unlikely the Bitlocker technology will slow down most digital forensic analysts. What kind of measures does one need to take to make sure no one but yourself has access to your data? Is Bitlocker just good enough (keeping out your siblings) or does it miss the whole purpose of the encryption entirely?" One would hope an international criminal mastermind could do better than the encryption built into Vista.

cancel ×

319 comments

Sorry! There are no comments related to the filter you selected.

international criminal mastermind ? (4, Funny)

SpaceLifeForm (228190) | more than 7 years ago | (#17898918)

Well, he could, but he likes to do things slowly so that most people won't notice.

Re:international criminal mastermind ? (0)

Anonymous Coward | more than 7 years ago | (#17899526)

Well, he could, but he likes to do things slowly so that most people won't notice.

Like what? Attempted kidnapping and assault? Only if you are an astronaut [nasawatch.com] .

Re:international criminal mastermind ? (1)

Bin Naden (910327) | more than 7 years ago | (#17899748)

A criminal mastermind would likely not use a windows software for protecting his secrets. Sharks with lasers on their heads, on the other hand...

Well for one (-1, Troll)

Araxen (561411) | more than 7 years ago | (#17898920)

It has a backdoor built into it for the NSA, so I doubt it's stopping anyone that would really want that information anytime soon. You would think this would be common knowledge.

Re:Well for one (3, Informative)

DimGeo (694000) | more than 7 years ago | (#17898962)

There is a way to implement secure backdoors. Like encrypt the encryption key with the public key of NSA and store it on the drive itself. There you go, now only NSA can read your drive.

Re:Well for one (2, Informative)

Anonymous Coward | more than 7 years ago | (#17899620)

One key to rule them all. Brilliant idea. And no one will ever, ever, ever steal that key. And technology will never progress to the point where that key becomes crackable.

And the guarding of the "secure" back door will always be much much better than I could possibly guard the "front door," so it's no problem for my security. And of course I can still implement defense-in-depth with a back door that I can confidently rely on will never open.

Sorry, secure back doors are possible in theory. The difference between theory and practice, of course, is that in theory they are the same, but in practice, they aren't.

Re:Well for one (1, Insightful)

644bd346996 (1012333) | more than 7 years ago | (#17899048)

Source?

Stupid moderators.

Re:Well for one (5, Insightful)

westlake (615356) | more than 7 years ago | (#17899116)

It has a backdoor built into it for the NSA

so anything said against Vista will be modded "Insightful" without the barest show of proof? news for nerds, indeed.

Re:Well for one (1, Interesting)

HomelessInLaJolla (1026842) | more than 7 years ago | (#17899192)

> so anything said against Vista will be modded "Insightful" without the barest show of proof?

It's a logical conclusion--not only is it "a" logical conclusion but it is the most probable conclusion. The people with the strongest backgrounds in computer security, working for Microsoft, will be associated with other people with the strongest backgrounds in computer security. Those with the strongest backgrounds in computer security are most likely to be associated with governmental agencies, and in possession of the necessary security clearances, which allow them to work there.

Thus, those who know the most deeply buried exploits for Windows Vista (especially the exploits which may even be specific to particular hardware) are in the social circles which are closest to organizations such as the NSA.

It's all very statistical and it makes perfect sense. The only possible defeat would be if Vista had no security exploits and we don't need to cite any links to know that is false.

Re:Well for one (1, Insightful)

Anonymous Coward | more than 7 years ago | (#17899234)

Those with the strongest backgrounds in computer security are most likely to be associated with governmental agencies

Alright. I'll bite. What governmental agencies? Looking at the Federal pay scale, I can tell you where they ain't.

Re:Well for one (1)

ravenshrike (808508) | more than 7 years ago | (#17899490)

I wasn't aware the individual pay scales for No Such Agency was public knowledge.

Sure, but... (1)

Anubis350 (772791) | more than 7 years ago | (#17899236)

There is whole lot of difference between people at the NSA knowing about security *holes* in vista and an intentionally implemented backdoor you know....

Re:Sure, but... (1)

HomelessInLaJolla (1026842) | more than 7 years ago | (#17899278)

If you've ever worked in the government or for a government contractor you would know that those are the people who have the most time to sit around, with nothing else to do, and play with such things as creating an exploit out of the hole.

The only other demographic which has as much "boredom time" are homeless people, teenagers, and extravagantly wealthy people. Homeless people don't have the access (per capita, probability), teenagers don't have the knowledge or the social connections (per capita, probability), and we already know that extravagantly wealthy people are associated with (usually pulling the strings on) the politicians and the federal agencies/contractors.

It all fits perfectly just the way I say it does.

Re:Sure, but... (1)

oracle128 (899787) | more than 7 years ago | (#17899412)

By the same logic, Linux is full of back doors too. Statistically, Linux is built by people who are only coding because they hate The Man and The Man's Operating System, and want to stick it to The Man in every which way. And because these people know that the best way to stick it to The Man is to attack His computer systems, they put back doors in the OSs to take control and attack His systems with brute force.

I swear, it makes perfectly logical sense! The Voices told me so!

The door swings both ways, moron.

Re:Sure, but... (1)

HomelessInLaJolla (1026842) | more than 7 years ago | (#17899590)

> By the same logic, Linux is full of back doors too

Yes, it is. Nobody has ever denied this.

> Linux is built by people who are only coding because they hate

Wrong. They do not hate. They have a hobby which they enjoy and Microsoft cannot employ every one of them.

> want to stick it to The Man in every which way

Convenient side effect of their hobby. Nothing more.

> they put back doors in the OSs

Except that, in open source, we all police each other.

> The Voices told me so!

You should have that checked out.

> The door swings both ways

FOSS/FSF/GNU has the proper doorstop.

Re:Well for one (1)

westlake (615356) | more than 7 years ago | (#17899624)

It's a logical conclusion--not only is it "a" logical conclusion but it is the most probable conclusion

pfui. this isn't logic. not even freshman logic. it is a mischievous chain of increasingly tenuous associations that doesn't in the end amount to a damn thing.

if you presented this argument in a classroom you would be stomped down flat.

either show me the backdoor or STFU.

Re:Well for one (1)

HomelessInLaJolla (1026842) | more than 7 years ago | (#17899714)

> show me the backdoor

If I did then I would be required, by law and my duty to my country, to kill you.

> this isn't logic

Seven steps to know anyone. It's mathematical fact and, given the effects which the demographics have on the math, it is the most probable conclusion.

LOL (0)

Anonymous Coward | more than 7 years ago | (#17899770)

That the parent god modded up proves you can't take anything you read on Slashdot seriously.

Couldn't you say the same thing aout SETI? That the smartest people working there have ties to governmental agencies such as NASA and are secrectly undermining their efforts to conceal the terrifying truth that our alien masters will visit in 2012 to enslave us all? My God, it's full of logic!

I decrypted some bitlocked files... (0)

Anonymous Coward | more than 7 years ago | (#17898922)

They said nothing to see here. Move along...

PGP? (1)

INeedAttention.com (958052) | more than 7 years ago | (#17898942)

"One would hope an international criminal mastermind could do better than the encryption built into Vista." I'm sure plenty of criminal masterminds already use PGP or GnuPG. Supposedly even using encryption can be deemed "criminal intent" in Minnesota. So naturally criminals must be using it. Right?

Re:PGP? (1)

AusIV (950840) | more than 7 years ago | (#17899052)

Supposedly even using encryption can be deemed "criminal intent" in Minnesota.

So does that mean logging into my bank's website is illegal in Minnesota? While there has certainly been some stupid legislation running around, I'm not going to believe that until I see a more detailed summary of the legislation from a semi-reputable source.

Re:PGP? (4, Informative)

heroofhyr (777687) | more than 7 years ago | (#17899238)

It's not legislation, it's based on court ruling.

http://news.com.com/Minnesota+court+takes+dim+view +of+encryption/2100-1030_3-5718978.html [com.com]

A brief excerpt:

Ari David Levie, who was convicted of taking illegal photographs of a nude 9-year-old girl, argued on appeal that the PGP encryption utility on his computer was irrelevant and should not have been admitted as evidence during his trial. PGP stands for Pretty Good Privacy and is sold by PGP Inc. of Palo Alto, Calif.

But the Minnesota appeals court ruled 3-0 that the trial judge was correct to let that information be used when handing down a guilty verdict.
And here's the relevant paragraph from the appeals court decision itself [minnlawyer.com] :

Evidence of appellant's computer usage and the presence of an encryption program on his computer was relevant to the state's case. We affirm the district court's evidentiary rulings.

I would say "encryption deemed criminal intent" is more of an interpretation by Internet journalists of the ruling than what was actually said. But it is true that if you are on trial for a crime in Minnesota, there's a precedent for the mere fact that you have PGP software on your computer to be used against you as evidence for the prosecution--despite the prosecutor's witness himself saying that PGP capable software is already available in OSX.

Re:PGP? (1)

misleb (129952) | more than 7 years ago | (#17899562)

So does that mean logging into my bank's website is illegal in Minnesota? While there has certainly been some stupid legislation running around, I'm not going to believe that until I see a more detailed summary of the legislation from a semi-reputable source.
I'm sure it is considered in conjunction with other activities. Like if you're otherwise suspected of dealing drugs, use of encryption is "evidence" that you were up to something. Not that it is any more solid, but at least it isn't saying that encrytion, in and of itself, is illegal.

-matthew

Re:PGP? (1)

um... Lucas (13147) | more than 7 years ago | (#17899782)

I think laws make clear that it's not illegal to use encryption, but it is illegal to not provide the decryption keys if your legally compelled to. THats my understanding of it anyways.

Re:PGP? (0)

Anonymous Coward | more than 7 years ago | (#17899072)

Supposedly even using encryption can be deemed "criminal intent" in Minnesota.
Link?

Re:PGP? (1)

HomelessInLaJolla (1026842) | more than 7 years ago | (#17899094)

> sure plenty of criminal masterminds already use PGP or GnuPG

The real criminal masterminds use whatever the Feds and the military are using, which we don't know about because it's classified information.

Re:PGP? (1)

bberens (965711) | more than 7 years ago | (#17899516)

Actually there are quite a few encryption algorithms approved by the NSA for the protection of secret information. AES is the most commonly used one I've seen in various government/military contracts. That information is not classified at all.

FIPS-140 (1)

mechsoph (716782) | more than 7 years ago | (#17899560)

The real criminal masterminds use whatever the Feds and the military are using, which we don't know about because it's classified information.

The military probably uses whatever is FIPS [nist.gov] -140 [wikipedia.org] certified. At least that's what was being mandated at the DoD contractor I worked for.

Re:PGP? (1)

hcmtnbiker (925661) | more than 7 years ago | (#17899570)

I'm sure plenty of criminal masterminds already use PGP or GnuPG.
Why would you use asymetric encryption for files? Asymetric encryption is best for end-point validation. You would use a symetric cypher like twofish, blowfish, SERPENT, AES, CAST5, ect.

Re:PGP? (1)

ananamouse (943446) | more than 7 years ago | (#17899694)

>I'm sure plenty of criminal masterminds already use PGP or GnuPG. Supposedly
>even using encryption can be deemed "criminal intent" in Minnesota.
And you arn't doing sex right unless something you (and/or you all) are doing violates some law in Alabama.

Re:PGP? (1)

smitth1276 (832902) | more than 7 years ago | (#17899712)

I think you guys are missing the point... the concern isn't that "criminal masterminds" will benefit from Vista's security. The concern is that complete morons will now be protected by Vista's security. There's a bit of a difference there.

Pinky... (5, Funny)

Lithdren (605362) | more than 7 years ago | (#17898950)

Brain: Are you thinking what im thinking?

Pinky: I think so brain, but Vista locked up and we lost all the missle launch keys we stole from the NSA.

Brain: GGGAAAAAAAAAAAAAAAAAAAAAAAAAAATTTTTTTTTTTEEEESSSS!

Re:Pinky... (1)

jd (1658) | more than 7 years ago | (#17899080)

I was thinking more along the lines of Emma Peel's quip to beware the diabolical masterminds, but I guess Pinky and The Brain works just as well here. :)

That's not the formula! (5, Funny)

Anonymous Coward | more than 7 years ago | (#17899758)

Pinky never thinks what Brain thinks. It would be more like:
Brain: Pinky, are you pondering what I'm pondering?
Pinky: I think so, Brain, but how are we going to find deep-fried pants at this hour?
Brain: I-- (sigh) just hand read me that encryption key from the screen there.

(Pinky is jumping back and forth and balancing on different pens, he falls backwards and hits the computer. Brain sighs at his own destiny of having to live with such a buffoon. Pinky dusts himself off.)

Brain: Where did you even get all those pens, anyway?
Pinky: Microsoft is giving them away! They sent ten free pens to every household in the world. (Confused) I'm not sure why, maybe because their computers are always breaking... you know, one time I was...
Brain: Nevermind that, Pinky. Just read me the encryption key from the monitor.
Pinky: What, you mean this TV doodad?
Brain: (sigh, sarcastically) Yes, Pinky. From the "TV doodad."
Pinky: Ooook, it says (pause)
Brain: Yes?
Pinky: Well that's what it says. It says (pause)
Brain: It says what, Pinky?
Pinky: Now I just told you what it says Brain, don't make me repeat myself!
Brain: (sighs, walks over to computer) What? No... No... (increasingly dismayed, anxious, ears/eyes droop down) This can't be... (Checks wires behind computer frantically)
Pinky: What's the matter, Brain? Is the TV thing gone cuckoo? I blame Rosie...
Brain: Quiet, you nitwit! I think Vista's frozen up. We've lost the encryption keys!
Pinky: Frozen Vista? Ooooooooooh what flavour is it Brain? Grape-a-melon? I loooove Grape-a-melon...
Brain: (sarcastically) Yes, Pinky, it's Grape-a-melon. (shakes head) Look, you know who's to blame for this, don't you?
Pinky: Ummmm.... The Flying Sausage People from the tea cup in outerspace?
Brain: (sigh) No, Pinky. (dramatically zooms in on his face) BILL GATES! He must've figured out we were trying to take over the world, and he wants it for himself!
Pinky: Gee, Brain, how'd you think he figured that out?
Brain: I don't know. Maybe he has a television and watches the fine Warner Brothers cartoon productions. (Pinky & Brain grin at camera)


(Commercial Break)


(Scene: Pinky and Brain riding the bus)
Pinky: Narf! Brain, where are we going again? Candycane Island?
Brain: (sigh) We're going to Redmond to find Bill Gates to steal his plan to take over the world!
Fat tourist passenger in front of them: That's funny! The wife and I are going to see their fabulous dog park!
Brain: I see. Would you excuse me a moment? (takes a magazine and makes a makeshift "wall" blocking the tourist's face from looking at him)
Pinky: (looking out window) Ooooooh, that's a big building! What's that?
Brain: (not looking) That's Microsoft Campus, and it's more than just a building--
Pinky: But what's that giant towering doodilly with the spinning whatchamacallit on top?
Brain: (looks out window) I told you, Pinky, it's-- Good Lord! Microsoft has built a mind control tower!


(Commerical Break)


(Scene: Bill Gates in Microsoft Mind Control Tower)

Gates: (Nerdish evil laugh) They said I was crazy! All those people that called me a nerd! (adjusts glasses, pocket protector) Well now we'll see who the nerd is!
Ballmer: (foaming at the mouth, shirt sweat-stained, resembling a dog more than a man) YEAH! GET 'EM BILL! GET 'EM! MAKE 'EM PAY! RRRRRRRRRRR!!! (throws chair)
(Gates looks over the control panel. There is a knob to hike the world's pants up, a button to cause Microsoft-brand pens to explode, and a light switch which will ruin everyone's eyesight.)
Brain: (Bursting into the control room with Pinky) Stop it, Gates, the jig is up!
Gates: Oh? Sick 'em, Ballmer!
(Ballmer charges at the two mice, who simply step aside, letting Ballmer crash a Ballmer-shaped hole through the wall.)
Gates: (looking at hole in wall) Oh, no. Once he stops there's no stopping him. He'll be running for hours. (turns to Pinky and Brain) But what are you mice going to do to stop me! (Nerdish evil laugh)
(Pinky and the Brain easily overpower the feeble Gates who begins sobbing)
Brain: And now to reprogram this for our purposes--
Woman computer voice: Self-destruct program initialized. Dear aunt, let's set so double the killer delete select all.
Gates: Oh, no! Ballmer must have hit the button on his way out!
(The three run from the building as it explodes)


(Commercial break)


(Scene: Pinky and Brain back in lab)
TV News Anchorman: And in the news today, chair supplies around the world are dwindling as chairs are being smashed all over the world.
TV News Interviewee Hick: It's like some sorta chair-smashin' force has been unleashed on the world! I say it's time for Texas to secede!
Brain: (sighs, turns the TV off) I guess that's that. Until tomorrow night.
Pinky: Why, Brain? What are we going to do tomorrow night?
Brain: The same thing we do every night, Pinky. (Camera zooms in on Brain's face dramatically) TRY TO TAKE OVER THE WORLD!

Theme music: They're Pinky, They're Pinky and the Brain Brain Brain Brain...

(END)


And so, you see, that's how your joke should have gone.

Makes you feel good about Vista encryption (4, Funny)

netsfr (839855) | more than 7 years ago | (#17898954)

just by knowing its no "real threat to decryption"

Re:Makes you feel good about Vista encryption (2, Informative)

Anonymous Coward | more than 7 years ago | (#17899044)

Well, if you read the article you wouldn't fall for a sensationalist headline like that.

The article basically says that if law enforcement can get the encryption key, or get the password to log on to a running machine with an encrypted hard drive, they can access the contents.

Wow...what an insight.

*sigh*

arrrrrrrrghhh (4, Funny)

User 956 (568564) | more than 7 years ago | (#17898984)

What kind of measures does one need to take to make sure no one but yourself has access to your data?

Do what works for pirates. Bury it.

mod parent sideways (0)

Anonymous Coward | more than 7 years ago | (#17899158)

Technically speaking what you are asking is impossible. If the data exists then it is by definition accessible. Even if it's on an encrypted hard-drive in a safe buried at the bottom of the ocean, the safe can be found and craked open. Even if the encryption is unbreakable people can beat the keys out of you or threaten your family. Until minds can be read, the only safe place for data is in your brain. But even then you are still susceptible to torture, etc.

Re:mod parent sideways (1)

User 956 (568564) | more than 7 years ago | (#17899210)

Until minds can be read, the only safe place for data is in your brain.

Not entirely. Our wonderful nanny state has come up with charges like "conspiracy" and invented precursor charges like "intent to", which basically amount to making certain thoughts illegal.

Re:mod parent sideways (1)

c_forq (924234) | more than 7 years ago | (#17899600)

While you are pretty close on conspiracy, "intent to" in almost all circumstances a failed attempt. If you are being charge with armed battery with intent to cause grievous bodily harm you likely committed armed battery and were stopped in the act, preventing you from causing as much harm as you intended to. I only use the words almost and likely because I know our legal system can be screwy in addition to there being exceptions for almost every rule.

Re:mod parent sideways (1)

asCii88 (1017788) | more than 7 years ago | (#17899440)

Haven't you seen "Village of the damned"? Wall wall wall wall wall wall wall wall wall

??AA (2, Funny)

Wilson_6500 (896824) | more than 7 years ago | (#17899384)

So _that's_ why the ??AA are having so much trouble backing up those statistics about unlawfully copied movies/CDs/etc.--the copies have all been buried!

Re:arrrrrrrrghhh (1)

deander2 (26173) | more than 7 years ago | (#17899402)

Do what works for pirates. Bury it.

isn't that just security through obscurity? ;p

I use TrueCrypt (4, Insightful)

AusIV (950840) | more than 7 years ago | (#17899002)

I don't really have any "sensitive" information on my computer, but I've played around with a program called TrueCrypt. TrueCrypt is open source, so you can be sure there aren't any hidden keys. It has the added bonus of plausible deniability - the entire partition is encrypted and the bits past where files were are random. You can create a hidden partition that gets lost in the random bits, so you have to know its there (and know the key) to find it.

Really though, I'd say Bitlocker is probably adequate for most purposes. If you're concerned about siblings, co-workers, rival companies, etc. it will hide your data. If you're trying to hide something from legal authorities, you'd best find another way to hide your data.

Re:I use TrueCrypt (3, Funny)

nganju (821034) | more than 7 years ago | (#17899186)

...is encrypted and the bits past where files were are random...

Are you sure you didn't run it on your post?

Re:I use TrueCrypt (2, Informative)

AusIV (950840) | more than 7 years ago | (#17899702)

So it would seem. It's been a long day.

Missing the point (5, Insightful)

jmorris42 (1458) | more than 7 years ago | (#17899296)

> If you're trying to hide something from legal authorities, you'd best find another way to hide your data.

But this is the point of the article and the discussion. Law enforcement and the software vendors who supply them are making a bunch of handwaving "not a problem" noise but this just puts the question onto teh table for discussion, it doesn't even start to answer it.

The question: Is BitLocker safe for really secure work? Which breaks down to smaller questions. Even when used correctly, with a TCPM chip and a good passphrase and good logoff/umount displine is the implementation and design sound? Or is this just a FUD campaign to keep the coppers buying EnCase? Is BitLocker vulnerable to attacks that other encrption solutions would defend against?

Because while, despite the Daily Hate here on Slashdot, America isn't a police state and the innocent have little to fear from their governemt unless they are crimelords, terrorists or that most dreadful scourge, a kiddie porn fiend But that isn't much comfort for the billions of huddled masses yearning to breath free in the unfree parts of the world. PGP was a godsend to political dissidents around the world, is BitLocker a useful tool for them as well or a trojan horse to help despots fill their forced labor camps with the fools who trust it with their secrets?

Re:I use TrueCrypt (4, Informative)

nmb3000 (741169) | more than 7 years ago | (#17899356)

I use TrueCrypt

TrueCrypt [truecrypt.org] is pretty cool. In addition to making an encrypted partition/drive, you can create a file that gets mounted as a drive once you've accessed it. This is what I usually do and it's handy for using it on a USB key or if you need to send some files via email/FTP. You can also have it use one or more files for the decryption key for the volume instead of the standard text passphrase.

The GUI is quite good, lots of choices on encryption algorithms, and there's nothing cooler than using sol.exe as your decryption key :)

Re:I use TrueCrypt (5, Informative)

Anonymous Coward | more than 7 years ago | (#17899426)

Seconded. There's a sort of chain mail floating around on piracy sites regarding truecrypt, the covers some of what has already been mentioned here. I wonder if someones up to a viral marketing campaign or something.

FWIW here it is:

Peace for the paranoid.

If you have files on your computer that are very personal, embarrassing or plain illegal, you probably want to use encryption. There are a number of solutions out there, both free and commercial. My recommendation goes to truecrypt ( http://www.truecrypt.org/ [truecrypt.org] ) which is free, open-source and very easy to use.

Truecrypt can create a file on your computer that has to be "mounted" to a drive letter (like F:) before it can be read. It then shows up under 'my computer' much like a CD player or something, ready for use.

The file itself can be named anything and placed anywhere on your hard drive, or a CD, USB key etc. And if you analyze it without having the pass-phrase it will look like a random sting of numbers.

The default algorithm for truecrypt is AES, which the US department of defense deems strong enough even for 'top secret' documents.

How to use truecrypt is well enough described on the website. Go to http://www.truecrypt.org/docs/ [truecrypt.org] and click 'Beginner's Tutorial'.

I'd like to add some notes though:

Pick a strong password. You have up to 64 characters so use a whole sentence. A quote from a movie or a line of a song works well. If you want something shorter go for something purely random.

You can strengthen it further by using keyfiles. Any file that never changes can work as a key file. Now you adversary not only have to crack your password, but also has to know which files on your HD to give as key files.

It's overkill for most situations, but if you keep some home made MP3-files on a USB drive and use these for keys you have the dual protection of something you must have (USB key) plus something you must know (pass phrase).

If you live in a country where use of encryption is in itself illegal, or considered suspect do the following:

* Use the hidden volume feature of truecrypt. This creates two volumes baked into one, with different passwords. If you are forced to reveal the password you can give out the one to the wrong volume.

(Where you have conveniently stored some embarrassing but perfectly legal Pr0n. What if you were to die suddenly and your mom got your computer! Plausible deniability).

Another similar option, is to simply create another encrypted volume with some non-critical stuff in it. This gives you an easy out if someone asks why you are using an encryption program.

* Hide the volume file itself. Give it a name and location that is similar to a TMP or system file like 'WINDOWS/Temp/~GH7876.tmp'. Given that the file itself doesn't advertise what it is finding it becomes very very hard. Many applications dump random stuff in tmp dirs. Another nice place is hidden folders beginning with $ in the WINDOWS dir. These are uninstallers for windows update, but they are almost never used. Be creative.

I think this is better than keeping it on a separate medium like as CD (why did you burn a block of random numbers to CD, huh?). especially if you need to work on the files.

* You can use TrueCrypt in 'traveler mode' which means you don't have to install the program itself. You can keep it on a CD or something. I find this awkward though.

Most of the above is overkill to me though. How far to take it is a trade-off between convenience and paranoia. But it's not illegal to use encryption in most of the world so there is no particular reason to obfuscate it. Better to be prepare with a good answer if someone asks. Either way, unless you have NSA on your ass, your adversaries will never get into your files without your pass-phrase.

Help out by copying this text and spreading it around. Help people protect their privacy.

Re:I use TrueCrypt (2, Interesting)

ohsoot (699507) | more than 7 years ago | (#17899672)

Be careful when using truecrypt on a USB flash drive.

http://www.truecrypt.org/docs/wear-leveling.php [truecrypt.org]

The above link is the official explanation, but the jist of it is on a USB drive with wear leveling the drive will evenly spread data over the entire drive to extend the life of the drive. This means that truecrypt can not ensure that the old header is overwritten if you do something like change the password on the drive.

My understanding is that if you encrypt the entire USB drive and never change the password you should be OK.

Re:I use TrueCrypt (1)

cuantar (897695) | more than 7 years ago | (#17899380)

I don't really have any "sensitive" information on my computer
If you did, would you tell us, in today's world? :)

Re:I use TrueCrypt (1)

westlake (615356) | more than 7 years ago | (#17899468)

It has the added bonus of plausible deniability

You will excuse me, I trust, if I remain skeptical of "plausible deniability."

Re:I use TrueCrypt (1)

AdamKG (1004604) | more than 7 years ago | (#17899648)

You will excuse me, I trust, if I remain skeptical of "plausible deniability."
Actually, it's a quite well-established [wikipedia.org] part of cryptography. There's nothing controversial about it. To oversimplify, encrypted something looks the same as encrypted nothing.

As an example (that I'm sure is flawed in ways that will soon be pointed out to me), one partition on my laptop is encrypted. It's about 50 Gb of space. But no one can even be able to tell you how much free space there is - you have no idea how much of it I'm using, nor any practical way of finding out if it's being used at all.

Re:I use TrueCrypt (0)

Anonymous Coward | more than 7 years ago | (#17899836)

Plausible deniability requires much more than encrypting empty space to make it indistinguishable from filled space. For example, it requires that the "pretend" partition looks like it's actually being used. Windows keeps last-accessed information for each file, so you can immediately tell when a partition hasn't been used in months. That makes it rather implausible that the 200GB harddisk with 180GB of empty space doesn't contain anything beyond the stale data that has been encrypted with a program which has a hidden partition feature. Sure, it's deniable, but it's not plausibly deniable.

Re:I use TrueCrypt (1)

AusIV (950840) | more than 7 years ago | (#17899764)

This page [truecrypt.org] does a better job explaining it than I did.

The first encrypted volume is obvious. If someone can find the drive, it's quite clear that the data is encrypted. The plausible deniability allows you to give up the password for the first encrypted volume. There can also be a second volume that is indistinguishable from the random bits that fill the empty space. If you know it's there and know the password for that volume, you can open it and mount it. If you don't know it's there, you could keep writing data to the first volume and eventually write over the second.

Re:I use TrueCrypt (0)

Anonymous Coward | more than 7 years ago | (#17899548)

Really though, I'd say Bitlocker is probably adequate for most purposes. If you're concerned about siblings, co-workers, rival companies, etc. it will hide your data. If you're trying to hide something from legal authorities, you'd best find another way to hide your data.

OK, now I have to know. Where did the sudden respect in Slashdot for the competence of government employees to solve complex technical problems come from? Yes, I know the USA PATRIOT act gives huge amounts of leeway, but there's a big gap between having legal authority and being competent. We really think the biggest codebreaking threats are in the public sector, bigger than, say, a rival company? I don't know, I have no firsthand knowledge of what law enforcement can/can't do, but we've beat up these people for years for being unable to find the power switch.

Encryption doesn' t matter in the real world (0)

Anonymous Coward | more than 7 years ago | (#17899746)

Seriously, strong encryption doesn't matter that much in the real world. Any encryption that is sufficiently strong just entices decryption by other means.

Seriously, if you are hauled into civil court, the judge will force you revel your password (via a discovery request followed by a contempt order). Same at customs and other various inspection stations ("not decrypting for us, well we'll just confiscate this then").

In criminal court, they can't compel you to decrypt things, but they can tell the jury your HD is encrypted. How is that going to look? In the criminal world, the goal is not to make your data unreadable, but to hide that it exists.

If a criminal is trying to "get to you", it is proven that social engineering is much more effective. And really, criminals don't care about your data, but instead about your identity.

So, who does that leave us with? Co-workers, girlfriends, parents. None of the these people are really MI5. Weak nuisance encryption is more than enough for them.

That pretty much leaves us with industrial espionage. And, come on, you are just not that important.

My porn... (1)

Hsensei (1055922) | more than 7 years ago | (#17899022)

is not going to be protected by MS... http://www.truecrypt.org/ [truecrypt.org]

Re:My porn... (5, Funny)

shinobiX (28155) | more than 7 years ago | (#17899120)

How can you sleep at night? you tease us with porn and the link doesn't even have porn!

(any security tool) no real threat to forensics (2, Insightful)

Wesley Felter (138342) | more than 7 years ago | (#17899096)

This article has little to do with BitLocker; it's just repeating what should be a well-known fact: unless a security mechanism is used perfectly, it is vulnerable. People rarely use security perfectly.

Hey, clever idea! (2, Insightful)

PCM2 (4486) | more than 7 years ago | (#17899108)

From the article:

Getting to machines while they are still turned on and taking a forensically sound copy is an option even in the absence of USB Keys, Karney explained. "Even though the logical volume is encrypted the OS works on top of an abstraction layer. We can see what the OS sees so that it's possible to acquire data on a running Vista machine even when it is running BitLocker."

Hey, there's a clever idea! I wonder where they thought up that one? I'm glad to see people aren't spending all their time worrying about Vista's DRM...

Re:Hey, clever idea! (0)

Anonymous Coward | more than 7 years ago | (#17899682)

Yes, _if_ they know it's running bitlocker. And they can login. And they have a program which can image the whole disk. Good luck with all that.

The likelihood is though, that 99% of the computers which they investigate will not be protected by encrypted disk partitions.

My computer's a little more advanced (5, Funny)

GFree (853379) | more than 7 years ago | (#17899110)

Just before leaving the house every day, I perform the following steps:
-----

ME (in Picard's voice):
Computer, establish a security
code for access to all data query
functions.

COMPUTER VOICE:
Enter code.

ME (in Picard's voice speaking at a breakneck speed):
Four, one, three, three, six,
eight, Tango, one, eight, one,
one, seven, one, Charlie, four,
Victor, three... eight, eight,
eight, zero, Foxtrot, six, one,
five, three, three, five, nine,
five, seven, lock.

COMPUTER VOICE:
Security code intact for all
data query functions.

-----
After that, it's just a matter of initiating a cascade force field sequence as I head out the door.

Re:My computer's a little more advanced (1)

Lordpidey (942444) | more than 7 years ago | (#17899250)

Hmm, damn, thats a little more complex than the code I use to seal all of the air in the atmosphere.

Article a bit short on details..... (1)

jmorris42 (1458) | more than 7 years ago | (#17899132)

The article is long on airy handwaving, "not a problem in the real world" , "Don't worry be happy!" stuff. Specifically, while they minimize the possibility of someone using BitLocker correctly on trusted hardware, just what will law enforcement do when they start running into Thinkpads (with the Trusted Platform chip) combined with suspects smart enough to use a decent length passphrase? Is there a way in? If the crypto is implemented correctly it should be damned near impossible; as hard a nut to crack as the problem of getting homebrew software to run on an unchipped xbox, just as one example of something even the best haxors have tried and failed at for years.

And btw, obviously anyone depending on the fingerprint scanner doesn't understand that protects against a totally different threat.

Re:Article a bit short on details..... (0)

Anonymous Coward | more than 7 years ago | (#17899432)

xbox1 or xbox360? There are softmods out for xbox1, it's just a matter of convincing a trusted program to launch an untrusted (read:homebrew) one- there are buffer overflows in games. Xbox360 doesn't have homebrew at all, yet (modchips can help with running backups though).

This isn't really a commentary on Vista (2, Insightful)

Fred Ferrigno (122319) | more than 7 years ago | (#17899182)

If you read past the headline, the heart of the article is not about the technological changes in Vista, but the behavior of common criminals. The forensics guys know from past experience that people don't bother to use all of the features available to them. Even if they do, seizing the computer itself (hopefully while it's on and the user is logged in) means they can do whatever the user would do to access the data.

A USB key is a neat trick to keep the wife away from your pr0n collection, but it won't do you much good if the FBI can force you to hand it over.

A solution. (1)

lastomega7 (1060398) | more than 7 years ago | (#17899194)

Lock your hard drive in a safe while you are away. Problem solved.

Summary of article (4, Interesting)

Anonymous Coward | more than 7 years ago | (#17899202)

Just to save everyone the time....

"If you don't use encryption technologies properly, they will not serve it's purpose."

Re:Summary of article (0)

Anonymous Coward | more than 7 years ago | (#17899294)

doh.

I of course meant, "their purpose."

Pot and kettle still black.. (1)

ericthughes (1015253) | more than 7 years ago | (#17899220)

Well, I think the author may have a few points considering that the government itself does not know how to use encryption properly...

http://www.securityfocus.com/news/11393 [securityfocus.com] [Security Focus]

Why we'd expect the average Joe to do it right is beyond me.

Even if the crypto chip become widely available the NSA/CSA/ big bro will have pulled some patriot act shenanigans to get a back door put in anyway.

VIVA LA PGP!

Huh (1)

fishthegeek (943099) | more than 7 years ago | (#17899242)

I suspect that it's no real threat because they do not actually have to decrypt anything. With an all too easy to get warrant they place a device (i.e. keylogger, camera, or other type of spy stuff) and wait patiently for the suspect to type the password once. The toughest pass phrase can't resist spying. That or they seize the physical crypto key if one exists.

one would hope? (4, Funny)

Class Act Dynamo (802223) | more than 7 years ago | (#17899248)

One would hope an international criminal mastermind could do better than the encryption built into Vista.

Really? Personally, I would hope they write their plans on slips of paper and stash them in a shoe box. I really do not wish any success for criminal masterminds...except maybe Dr. Claw. I really thought Inspector Gadget was obnoxious.

Poe said it in 1843 in "The Gold Bug:" (1)

dpbsmith (263124) | more than 7 years ago | (#17899260)

"it may well be doubted whether human ingenuity can construct an enigma of the kind which human ingenuity may not, by proper application, resolve." (etext [virginia.edu] )

It was true in 1843; it is true today. Why, exactly, do people continue to be deluded in gambling real money on the belief that some company supplying some cryptographic technology has people in it who are smarter than everybody else in the world?

Re:Poe said it in 1843 in "The Gold Bug:" (0)

Anonymous Coward | more than 7 years ago | (#17899438)

It may have been true then, it certainly isn't true now, sure sometime in the future "Current" Encryption algorithms may be cracked, But currently when used correctly cryptography can be unbreakable (at least unbreakable for any practical purposes, 1000's of years with 1000's of computers is NOT practical).

Note to self (2, Funny)

qzulla (600807) | more than 7 years ago | (#17899292)

"Sometimes people use file wiping utilities or other tools but often they are not configured properly. People accept the default settings, which can leave fragments of data."

Change defaults.

qz

I call FUD (4, Insightful)

kestasjk (933987) | more than 7 years ago | (#17899302)

All of these "BitLocker" vulnerabilities aren't actually BitLocker vulnerabilities, they're full-disk-encryption vulnerabilities. They apply just as much to my FreeBSD GBDE protected partition as they do to BitLocker, there's nothing new or even interesting in this article. (The summary "No Real Threat To Decryption" is misleading, because there is nothing about decryption in there.)

The article says that if the user was using a USB key to unlock the drive, or was in a corporate environment, investigators would be able to get access by taking the USB key or co-operating with the business owners.
It says that if the computer was on they could get access to the disk. That's only if the computer isn't locked of course, and if you were under investigation you would think the criminal would quickly press [Windows key]+L as the police burst in.
Clearly The Register has been doing lots of research to produce this article; they should try and get it published in a crypto journal.

Most importantly they seem to have completely missed the point of drive encryption; it's to protect against theft, not "investigators". Would Microsoft have built the technology into Vista in the hope that more criminals under investigation would buy Vista?

If you're being investigated no drive encryption is going to help; if they want access to your system they can just as easily use hardware keyloggers. They'll have the evidence they want long before they let you know you're being investigated.

If you want a good reason to bash BitLocker how about; it's expensive, and there are free alternatives that are just as good for guarding your data against theft.

Not to prvent LEO access (0)

Anonymous Coward | more than 7 years ago | (#17899308)

I don't speak for MS, but I imagine that the purpose of BitLocker is to protect proprietary data on stolen PCs. Laptops with company spreadsheets, product plans and so forth. I doubt very much that its purpose is to prevent police investigation, rather it is to prevent casual theft.

TrueCrypt (2, Insightful)

Nova88 (946603) | more than 7 years ago | (#17899310)

My recent run of paranoia got me using TrueCrypt (Free and works good!).

Re:TrueCrypt (0)

Anonymous Coward | more than 7 years ago | (#17899596)

and 100% as vulnerable to the articles supposed vulnerabilites. You can't secure from user stupidity. The article does not discuss any weaknesses with vistas bitlocker just says its ok cause criminals are too stupid and leave workstations on and unlocked or with the key sitting next to the machine. They have not actually found a fault with Vista Bitlocker or a way to decrypt it without the person providing the key.

It's a tough job. (3, Insightful)

straponego (521991) | more than 7 years ago | (#17899312)

Given physical access, or even a logon, to a machine, it's pretty difficult to have reliable encryption. Let's take a simple case, the machine is off and somebody has yanked the hard drive. Okay, with something like TrueCrypt you can secure a partition fairly well. But you'd better be sure that all of your sensitive information is on those secure partitions. I think this is harder in Windows than anywhere else, but it's not trivial under *ix either. For example, under Linux, assuming no malicious programs were running when the OS was under your control, just things like, you're going to be worried about things in /tmp, /var, /home, etc, and your swap partition/file. So, really, the only sane thing to do is encrypt everything-- if you're that worried. But then you have a performance hit, it's less convenient, etc.

I think it makes more and more sense to use a VM, if you're concerned about security. You can restore it to a known safe initial state, and you can encrypt its entire world. It seems like a pretty big advantage... oh, and of course, you can move your secure environment to other host machines. Uh. Which may not be all that secure themselves, but hey. I told you this wasn't easy :)

Normally I'm all for bashing MS, but I have yet to see a great solution for this anywhere. So... if any of what I wrote above is new to you, I'd advise that you not trust your Doomsday Device plans (or, more likely, goat porn) to any OS's convenient built-in crypto.

Linux Unified Key Setup (2, Informative)

alexandre (53) | more than 7 years ago | (#17899316)

Want to encrypt your disk securely?
Take a look at LUKS [endorphin.org] .
It now comes standard in the latest Debian Etch installer :)

Re:Linux Unified Key Setup (1)

lky (246353) | more than 7 years ago | (#17899436)

Encrypting your hard drive is a good step for most users but not for criminals or someone with anything to hide from the government.

With an encrypted hard drive, the government will simply jail you until you give them the keys to decrypt the drive. Same problem for using GPG or PGP to encrypt files. They can generally afford to wait longer than you can.

To protect yourself, you need use some subterfuge. If I had something significant to hide, I would run a normal install on the installed hard drive (probably as it came from the vendor) which I would use for non-secret surfing, etc. Then I would use a USB hard drive with a encrypted fully installed OS (like this howto [feraga.com] ) on it for anything secret. When I needed to do secret stuff, I'd plug in the USB key, reboot, do what i needed to, then reboot to the "clean" OS when I was done. Then hide the USB key.

With a little luck, if/when you get arrested they won't find the USB key. If they do, then you're back at the original problem but at least you can decide whether to give them the password or remain in jail for contempt.

     

Does it have the same problem I've seen? (1)

AtariDatacenter (31657) | more than 7 years ago | (#17899330)

Does it have the same problem I've seen with most encryption types:
It totally fails if you know the contents of something that should already be on there that you want to decrypt? So if you have a reference string, and its location, it becomes trivial to compute the key?

Re:Does it have the same problem I've seen? (0)

Anonymous Coward | more than 7 years ago | (#17899510)

Does it have the same problem I've seen with most encryption types:

sounds like you aint used anything in encryption for a LONG LONG time. having a known string in an encrypted blob is not sufficient for most or any of the current algorithms for the last 5 years or more to make it trivial to discover the key.

Re:Does it have the same problem I've seen? (1)

deadlock911 (629647) | more than 7 years ago | (#17899522)

How would you find the exact bit placement of an encrypted file? If you are in a position to know that then you surely don't need to decrypt anything...

Re:Does it have the same problem I've seen? (2, Interesting)

daeg (828071) | more than 7 years ago | (#17899598)

Depends. If you're faced with something like a TrueCrypt volume, even knowing a single file will get you pretty much nowhere. The entire volume is full of random bits, in fact, written data looks just like random data. So even if you knew there was a file.txt with contents "HELLO WORLD", you have a lot of data space to comb through. Throw into that mix that the entire file system is encrypted -- hell, you may not even know what file system you're looking for.

Re:Does it have the same problem I've seen? (1)

KillerCow (213458) | more than 7 years ago | (#17899614)

Does it have the same problem I've seen with most encryption types:
It totally fails if you know the contents of something that should already be on there that you want to decrypt? So if you have a reference string, and its location, it becomes trivial to compute the key?
What you are referring to is called a "known plaintext" attack. Any real encryption algorithm is immune to it.

In fact, for an algorithm to be considered secure, it's assumed that you can choose any plaintext ("chosen plaintext" attack), feed it into the cypher, get back cyphertext, and not be able to recover the key.

Re:Does it have the same problem I've seen? (1)

anilg (961244) | more than 7 years ago | (#17899634)

That is incorrect. You are referring to known plaintext attacks, and modern encryption algorithms are built to be safe against these. (Of course it wont work if you've used a dictionary password, but then no amount of secure algorithms can help you.

Re:Does it have the same problem I've seen? (1)

patchvonbraun (837509) | more than 7 years ago | (#17899834)

All modern encryption algorithms are immune or highly resistant to known-plaintext attack--which is the type
    of attack you cite. Further, they're designed to be immune or resistant to attack by chosen
    plaintext, chosen ciphertext, chosen-key, linear cryptanalytic, differential cryptanalytic, and a
    plethoria of other highly-esoteric attacks.

In general, cryptosystems fail for reasons unrelated to the overall quality of the encryption algorithm in use.
    Read "Why Cryptosystems Fail" for a (somewhat-dated) insight into problems in deployed cryptosystems.

Nothing is foolproof, and foolish use of cryptography is generally the "wedge" that the "bad guys" use to
    defeat deployed cryptosystems. Users choosing bad keys, installing keyloggers, gaining access while the
    "target" is still available in plaintext, etc, etc.

Whole-disk encryption schemes are fragile in the sense that applications never "see" the encrypted data.
    They always see it in the clear, and treat it like any other data. Which means copying it to temporary
    files that may not be on the encrypted part of the filesystem, sending it to print spoolers, etc.
    If "the man" wants you bad enough, he'll find a way to get you, encrypted filesystem or not.

How do you know your USB key wasn't duplicated in the night while you slept? How do you know that
    every keystroke you type hasn't been sent via wireless to the nearest FBI watcher?

Back in the day (1)

MsWillow (17812) | more than 7 years ago | (#17899374)

I had all my max-secure stuff in a .zip file, renamed and XORed with a command-line character. This was stored on a small partition I'd "remove" from the chain as needed.

Never got caught.

Re:Back in the day (1)

anilg (961244) | more than 7 years ago | (#17899662)

"The escapee put on a mustache and went around the city freely" Never got caught.

You have to remember.... (3, Insightful)

octaene (171858) | more than 7 years ago | (#17899512)

...that most computers won't have either the Trusted Computing Module (TCM) chip or the super-duper expensive version(s) of Vista that come with BitLocker. And even if some consumer did have all that, he'd have to figure out how to enable and configure it.

The majority of Windows users stick with the defaults. No barrier? 'Course not, because it won't be heavily used...

Questionable assumptions (1)

_pi-away (308135) | more than 7 years ago | (#17899540)

"For one thing, in two of its three modes of operation BitLocker requires a cryptographic hardware chip called a Trusted Platform Module and a compatible BIOS. These chips are yet to become widely available much less deployed."

Most boards made by intel in last year have TPMs, and they are enabled by default. Last I knew Intel was Dell's motherboard supplier of choice (that may have changed, I haven't kept track), but it seems there's a fairly reasonable chance that almost any dell (and possibly hp/compaq too) with a Core Solo or better has a TPM and has it enabled.

How does this compare to FileVault? (1)

pestilence669 (823950) | more than 7 years ago | (#17899554)

The feds will always have access to everyone's pr0n collections. These things (disk encryption) are only really good at keeping petty thieves away from your data. The truly motivated will always break your encryption key.

I'd like to know how Apple's FileVault does in comparison. Is it better, worse, about the same?

Re:How does this compare to FileVault? (0)

Anonymous Coward | more than 7 years ago | (#17899732)

Really, please show me a reasonable method to break Bitlocker or for that matter any drive encryption technology in order to recover the key or contents? I work with Encryption and I am not aware of anyway to do this beyond years and years of bruteforce processing with the tiny hope that the person used a simple passphrase?

Re:How does this compare to FileVault? (2, Interesting)

HomelessInLaJolla (1026842) | more than 7 years ago | (#17899742)

> beyond years and years of bruteforce processing

Or a really big botnet [google.com] .

Duh.

Re:How does this compare to FileVault? (1)

EllisDees (268037) | more than 7 years ago | (#17899842)

>The truly motivated will always break your encryption key.

Only if you have a moronic key. Any modern encryption technique is secure against anyone but a deity if you are careful.

Hands up all those... (1)

JustNiz (692889) | more than 7 years ago | (#17899696)

who honestly believe Microsoft didn't provide some backdoor to bitlocker for the NSA, CIA, FBI, IRS, RIAA, MPAA and anyone wlse who can cook up some excuse to claim they need it.

We should do a Slashdot Poll on this one.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>