Slashdot Mirror

← Back to Stories (view on slashdot.org)

ElcomSoft Tool Cracks BitLocker, PGP, TrueCrypt In Real-Time

Posted by timothy on from the well-that-puts-a-spin-on-things dept.

An anonymous reader writes "Russian firm ElcomSoft on Thursday announced the release of Elcomsoft Forensic Disk Decryptor (EFDD), a new forensic tool that can reportedly access information stored in disks and volumes encrypted with desktop and portable versions of BitLocker, PGP, and TrueCrypt. EFDD runs on all 32-bit and 64-bit editions of Windows XP, Windows Vista, and Windows 7, as well as Windows 2003 and Windows Server 2008." All that for $300.

5 of 268 comments (clear)

  1. Misleading title by RenHoek · · Score: 5, Insightful

    Unlike the title claims, it doesn't _crack_ in real time, it just allows you to mount the encrypted volume and lets you decrypt it with the keys you found. I.e. make it work just like truecrypt when you mount a partition.

    If they were able to _crack_ in real time, then they'd have just solved P = NP.

  2. Re:With a huge exception by BradleyUffner · · Score: 5, Insightful

    It requires a memory dump of the system where the keys are used. Bad submitter. Is anyone filtering the submissions? This is starting to look like reddit.

    Which you can get VERY easily if the computer has a firewire port.
    http://blogs.gnome.org/muelli/2010/04/reading-ram-using-firewire/

  3. Re:Key theft != cracking encryption by Anonymous Coward · · Score: 5, Insightful

    It's still a key control problem.

    If Windows notifies programs about suspends/shutdowns (not sure it really does), TrueCrypt needs to dismount immediately and do whatever it needs to do to protect its key.

    None of these processes attack the encryption directly, just control of its keys. Of course, that still means data disclosure, but rather than meaning P=NP or some other news, it simply means that keys are being poorly protected by the software, which in the case of hibernation can hopefully be fixed.

    Firewire doesn't matter...it's equivalent to a malicious PCI device, without (as far as I know) the possible protection of VT-d. Epoxy or X-acto. If you can read the system's memory space, you can do a *WHOLE* lot more than just recovering the key...the data itself is likely in there while being read or even the entire unencrypted volume if it's memory mapped. Let alone kernel memory etc. So that is not news really.

  4. Re:With a huge exception by torkus · · Score: 5, Insightful

    That article is 2+ years old and deals with XP. Also the author chews on words for the first paragraph or two and makes me want to shoot myself (not to mention being wrong on a few points...) but anyhow..

    Does the memory dump apply to Win 7/8? Fully patched XP? FW ports are a niche and rather uncommon. Of more interesting concern - are hibernate files encrypted on a bitlocker encrypted drive?

    I agree with GP - this is a terribly written submission (and/or just an advertizement.) Bitlocker, PGP, and trucrypt ALL decrypt in realtime already - if you provide them with keys!!!

    --
    You can get rich if you own a politician, but you have to be rich to buy one in the first place.
  5. Re:Key theft != cracking encryption by EdIII · · Score: 5, Insightful

    Or you could, you know, not do anything with the system that would give the feds a reason to be banging on your door.

    More, and more, just living free and being vocal about others living free, and god forbid, helping others living free, is more than enough reason to have the feds banging down your door .

    Let's not forgot that moron FBI guy that took out hundreds of companies in a data center because he could not understand how hundreds of different companies and legal entities could cohabitate in the same space.

    At this point just being innocent and never doing anything wrong is not protection enough to be raided by the feds.