is bitlocker so easy to crack?

From what I can tell, the USB stick supplies the key. I would suggest asking Shawn, the guy who wrote the tutorial.

Most of the motherboards I work with dont come with TPM chips. The only ones I see with them are Dell systems. I imagine HP systems have them too but I haven't seen them on any ASUS, or EVGA boards.

captain118 said:

Most of the motherboards I work with dont come with TPM chips. The only ones I see with them are Dell systems. I imagine HP systems have them too but I haven't seen them on any ASUS, or EVGA boards.

You aren't looking hard enough. Many, if not most, of the recent ASUS boards have a TPM port that one plugs a TPM card into. My ASUS P9X79 WS has a TPM port.

Hi there.

Often Bitlocker can be undone by simply booting a LINUX Live system from a USB stick and then reading the BIOS de-cryption key / recovery key / recovery key algorithm. Then you re-boot again into the BIOS and supply the recovery key or even the basic key.

"Seemples" as the Meerkat commercials say.

If you want 100% security -- REMOVE THE DEVICE - otherwise it's NOT POSSIBLE to get 100% protection by simple encryption where the decryption algorithm / key process has to be stored on the same machine -- at boot you don't necessarily have access to the internet so the key (or at least the decryption algorithm) needs to be stored locally - and while Windows might have protected data areas - Linux is another OS which will just see the Windows disks as pure DATA.

It's not quite Hacking 101 - not for beginners - but a reasonably experienced hacker could easily get hold of the recovery key in order to undo the Bit locker encryption.

The BIOS asks for the recovery key -- just DUMP the BIOS out and with a little bit a bit of "dis-assembly" and you are on your way. !! You'd soon see what the BIOS is asking for -- and then it's all over.

(To those people who think it's safe because the key / recovery key has to be supplied from an external device -- no good as the ALGORITHM to decrypt the wretched thing is still stored locally on the machine - hence the vulnerability).

Cheers
jimbo

Any encryption method is really as secure as its encryption key is. The actual algorithm don't matter that much really (as long as it's not too trivial to reverse), and in fact, security-wise you must assume that the attacker as full access to the whole system, including the algorithm and its implementation. The only thing you should really rely on is on the secrecy of the key, nothing more. With Bitlocker, the decryption algorithm is obviously stored within the computer, together with the data, that's OK, but you must make sure that the key (be it a password/pendrive/TPM module/whatever) is stored AWAY from that, otherwise you just have "security though obscurity", which is not real security. This is exactly what states the Kerckhoffs's principle.

Now, another thing to note is that all full-disk encryptions are only useful before the computer has booted, before that, remote access is very limited, if possible at all, so physical access is the only way to try to break it. But another problem is that it's often considered that when an attacker can get physical access to the data he's trying to get, it's already game over, and the attacker won. He then must crack the encryption key, which may or may not be trivial, but some techniques may optimize that (dictionary attacks, selectively trying most likely passwords or just brute force if time allows).

The AES algorithm is right now considered quite solid and reliable, so both Bitlocker and TrueCrypt are not that trivial to hack, but only when used with strong passwords. Ultimately, encrypted data can ALWAYS be reversed into its original form, if the attacker knows and really wants to do so.