The protection offered by Microsoft’s BitLocker technology might be for naught, if a password recovery and decryption vendor has their say. Passware, who counts Microsoft, Apple, Intel, and the IRS among their clients, has released a new version of Passware Kit Forensic, and one of the new features is the ability to take down BitLocker in minutes.
Passware Kit Forensic 9.5 has several features, including the use of multi-core CPUs and GPUs (nVidia) for near instant recovery of many password types using any combination of eight different password recovery attacks.
However, the feature being touted is the recovery of encryption keys for hard drives protected with BitLocker in minutes. The software scans a physical memory image file of the target computer and extracts all the encryption keys for a BitLocker disk. BitLocker is an advanced, full-disk protection feature that first shipped with Windows Vista, and is included with Windows 7, and Windows Server 2008.
“Full-disk encryption was a major problem for investigators,” said Dmitry Sumin, Passware President. “We have been able to provide police, law enforcement, and private investigators with a tool that allows bypassing BitLocker encryption for seized computers.”
Law enforcement includes customs officials and TSA screeners at the international checkpoints as well. Moreover, the software is available for anyone who wants it, if they spend almost $800.00 USD for it.
Passware’s offering does not render the protection offered by BitLocker useless, however, if you were expecting complete and full privacy, then you can forget it if the people attempting to crack your BitLocker disk have the processing power and time to focus on it. If this is law enforcement we’re talking about, and they want whatever it is you’ve encrypted, they have all the time in the world.
There is a positive, which will keep your bits locked. Choose a strong password, one that is long, and uses a variety of alphanumeric and special characters. Doing this will make the effort outweigh any reward. However, as mentioned, law enforcement will just take their time and let the decryption work its magic.
Then again, if you are that worried about what is stored on your computer, store the data elsewhere and access it as needed.
More information is here.