Hackers crack Bitlocker – really?

Sorry for being so late on that but I was enjoying the gorgeous weather in Switzerland and was skiing the last few days.

There were claims end of last week that researchers "cracked" Bitlocker. One of the corresponding articles you can find in eWeek.

What did they actually do? Well, they attacked the key that resides in memory. So, they are attacking a running machine. Let's start with looking into the risks. What do you want to achieve with Bitlocker? You want to make sure that if you lose your notebook, nobody is able to access the data on the disk. So, if the system is shut down, the claimed attack does not work anymore. Now, it comes to the states in between. If a machine is in the sleep state, we consider it running, so yes, it is vulnerable to this attack. We can now argue whether it is a good idea that the standard behavior of a Windows Vista machine is going to sleep if you close the lid. As Bitlocker is not enabled by default, I think we can argue around this but it is not optimal if you protect your machine with Bitlocker. If you find a machine in Hibernate, Bitlocker kicks in during the resume and needs the keys – this means a hibernated machine is not vulnerable to the attack.

What does this mean for you? There is an easy countermeasure to all these attacks: Put your machine to hibernation and you are done.

So, if you want more information on this, go to the Windows Vista blog. Last but not least, we published the Data Encryption Toolkit for Mobile PCs and there is a Bitlocker chapter in it, which you might want to read if you use it.

I am using Bitlocker with TPM – and Hibernation

Roger