

Commercial tool cracks Bitlocker (Used on Win7 and Vista Enterprise) - makmanalp
http://arstechnica.com/microsoft/news/2009/12/first-commercial-tool-cracks-bitlocker.ars

======
tptacek
Misleading headline. All this tool does is suck the encryption keys out of the
memory of a running system. Full disk encryption is only safe if attackers
can't get to the running system.

------
mustpax
From a PC Mag article on the same tool:

"The technique is impressive and useful, but not all it may seem. First, it
recovers the encryption keys from a physical memory dump file which must be
generated separately with other software (for instance ManTech Physical Memory
Dump Utility) requiring administrator access to the system."

That said, I would be surprised if Bitlocker didn't come with NSA approved
"password recovery" mechanisms.

~~~
forensic
It's one thing to have systems for the NSA, it's another thing if Microsoft's
"Windows 7 Ultimate" biggest feature is easily beatable by the public. Anyone
smart enough to want to steal your data is smart enough to download this
program off bittorrent.

BitLocker is nothing more than another annoyance to deter lazy thieves now :\

~~~
ComputerGuru
Anyone smart enough to want to secure his data should be using TrueCrypt:
<http://www.truecrypt.org/>

~~~
forensic
"should" yes, but it doesn't take intelligence to want to encrypt your data,
just paranoia.

Microsoft is selling Windows 7 Ultimate to people who are computer illiterate
with the sales pitch that it will secure their data. These people would never
hear about TrueCrypt. They only hear about computer solutions with hundred-
million-dollar marketing campaigns.

Some of my customers are the totally computer illiterate types who only use
Microsoft products. I had been selling these people Ultimate as a way to
encrypt their shit. Now I can't really recommend it as protecting against
industrial espionage. And they'll never use TrueCrypt, it's too user
unfriendly.

