There’s been a lot of FUD by a forensics company (naming them only gives them visibility, which was part of this PR stunt in the first place) around ‘cracking Bitlocker’. We have an official post on the Windows Security blog that explains what this actually entails and how it’s not a real risk in our customer environments:
Here’s one small part of the post:
“I’ve seen numerous claims the past few weeks about weaknesses in BitLocker and even claims of commercial software that "breaks" BitLocker. One claim is from a product that "allows bypassing BitLocker encryption for seized computers."
This claim is for a forensics product and has legitimate uses; however, to say it "breaks" BitLocker is a bit of a misnomer. The tool "recovers encryption keys for hard drives" which relies on the assumption that a physical image of memory is accessible, which is not the case if you follow BitLocker’s best practices guidance.
The product, like others used legitimately for data recovery and digital forensics analysis, requires "a physical memory image file of the target computer" to extract the encryption keys for a BitLocker disk. Our discussions of Windows BitLocker have always been to communicate that it is intended to help protect data at rest (e.g. when the machine is powered off).
If a forensics analyst or thief/adversary has physical access to a running system, it may be possible to make a copy of the computer’s memory contents by using an administrative account on the system, or potentially through hardware-based methods such as direct memory access (DMA).”
Posted by:
Paul Cooke
- NEWS: Windows BitLocker Claims
http://windowsteamblog.com/blogs/windowssecurity/archive/2009/12/07/windows-bitlocker-claims.aspx
kurtsh
Kurt Shintaku's Blog 