[Hrgeeks] [Issa-tidewater] TrueCrypt and BitLocker cracked...
Adam Crosby
adam at uptill3.com
Thu Apr 1 13:28:31 EDT 2010
1) Not always, although usually. Truecrypt/BitLocker/DAR Encryption's whole point is to protect your data in the event of people gaining physical ownership of the machine.
2) If you don't have access to the locked system, you can't run 'dd'. And you need the key, because as soon as power is cut, you have nothing but encrypted data on disk.
--
Adam
On Apr 1, 2010, at 1:25 PM, Bob Hodges wrote:
> Unless I read this wrong, the laptop has to up and running, to retrieve the stored key in memory.
> 1. Physical ownership = game over
> 2. Why not just DD the disk if it is running? Who needs the key?
>
> Of course I could be wrong.
> -Bob-
>
> On Wed, Mar 31, 2010 at 5:02 PM, Branson Matheson <branson at sandsecurity.com> wrote:
> Hey all ...
>
> Since this has been the subject of much discussion and the topic of not a few ISSA presentations lately.. I wanted to forward on this little gem. A bit concerning.
>
> http://www.net-security.org/secworld.php?id=9077&utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29
>
> All your bits are belong to us.
>
> -b
>
> Branson Matheson
> branson at sandsecurity.com
> 757-320-4230
>
>
>
>
>
> _______________________________________________
> Issa-tidewater mailing list
> Issa-tidewater at mail.sandsecurity.com
> https://mail.sandsecurity.com/mailman/listinfo/issa-tidewater
>
> --
> _______________________________________________
> HRGeeks mailing list
> HRGeeks at hrgeeks.com
> http://hrgeeks.com/cgi-bin/mailman/listinfo/hrgeeks
> You are all sheep.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://hrgeeks.com/pipermail/hrgeeks/attachments/20100401/745a0138/attachment.htm
More information about the HRGeeks
mailing list