in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Disk Encryption: PGP/Symantec, TrueCrypt, and BitLocker Disk Encrypted Data Can Be Accessed With Forensic Software

The Russian firm Elcomsoft has announced that they've built a decryption tool that can retrieve the encryption keys to PGP (now owned by Symantec), TrueCrypt, and BitLocker encrypted computers.  On some level, this means that the above three disk encryption solutions are less secure than AlertBoot.  On the other hand, this is a vulnerability that is well-known in disk encryption circles, and in theory can affect all full encryption offerings if proper security measures aren't put into place.

Elcomsoft's product, which is being marketed as a data forensic tool, costs £300.

Encryption Not Cracked, Fishing for Keys

Many sites are reporting this as PGP, TrueCrypt, and BitLocker having been "cracked" by Elcomsoft, but this is not accurate at all.  If you read the reports, you'll see that what the "cracking" tool does is read through a memory dump to find the encryption key.  In order to be able to access this memory dump, the computer has to be either in (1) hibernation mode or (2) up and running, with the encryption out of the way already.  (Of course, if the computer is already up and running, why not just steal the data?).  Contrary to what's being reported, the solution won't work in the computer is turned off, which is different from a computer being in hibernation mode.

Once a memory dump is obtained, the Elcomsoft software appears to dig through the data to find the keys, either by trying to match it to what I'm going to call a "key profile" or by looking in the usual places where the keys are stored.  What's new here, as far as I can see, is not that Elcomsoft found a new way to extract keys but that they automated a painstakingly slow process.

Not Cracked But Less Secure

Technically, PGP, TrueCrypt, and BitLocker may not have been cracked, but it's still accurate to point out that the overall security of these three products have been compromised because of Elcomsoft.

You'll have to decide how compromised they are, however, since the risk levels are different depending on what you do and where you are.  For example, I noted earlier this month that the more paranoid amongst us are claiming that laptops and smartphones left alone in China run the risk of being hacked.  If you make it a habit to put your computer into hibernation mode, Elcomsoft's software could mean that your data will end up compromised, if any of the three encryption solutions were used.  The risk would probably be lower for someone using AlertBoot.

Related Articles and Sites:
http://it.slashdot.org/story/12/12/20/1850201/elcomsoft-tool-cracks-bitlocker-pgp-truecrypt-in-real-time
http://www.theregister.co.uk/2012/12/20/elcomsoft_tool_decrypts_pgp/
http://blog.crackpassword.com/2012/12/elcomsoft-decrypts-bitlocker-pgp-and-truecrypt-containers/
 
<Previous Next>

The Continuing World War II Pigeon Saga: Canadians Chime Up

Smartphone Security: The NSA Has iOS 5 Security Guidelines Online

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.