Bitlocker and cracked logons

[DWalker07]

Bitlocker and Bitlocker for Windows 7 are supposed to be great at
preventing stolen disks or stolen computers from having their disks
compromised by being installed in another computer (or by booting the
computer with another OS).

But, if you steal a computer, there are lots of tools on the 'net that will
crack logon passwords. How does Bitlocker help in these situations? If
someone can crack the logon password, then they *are* the person that the
BitLocker disks are decrypted for.

Any information would be appreciated. (I am currently using a third-party
decryption tool that requires me to enter the passkey every time I mount
the disk.)

David Walker

 

[Robert Kochem]

But, if you steal a computer, there are lots of tools on the 'net that will
crack logon passwords. How does Bitlocker help in these situations?

To crack the passwords you have to boot form an alternate medium (USB, CD,
DVD..). This modifies the boot process and therefore the TPM blocks and
your disks are not accessible. No access to disk means no possibility to
read or modify the password storage...

Robert

 

[DWalker07]

To crack the passwords you have to boot form an alternate medium (USB,
CD, DVD..). This modifies the boot process and therefore the TPM
blocks and your disks are not accessible. No access to disk means no
possibility to read or modify the password storage...

Robert

BUT, once you have cracked the password, you can then boot the stolen
computer normally and use the cracked logon password. Right? Then,
BitLocker will nicely unlock the disks for you.

Am I missing something?

David Walker

 

[DWalker07]

To crack the passwords you have to boot form an alternate medium (USB,
CD, DVD..). This modifies the boot process and therefore the TPM
blocks and your disks are not accessible. No access to disk means no
possibility to read or modify the password storage...

Robert

OH, I think I misunderstood your post, sorry.

So, if you let Windows 7 install the 100 MB special partition, and let the
system boot from there, then the cracking programs can't get access to the
main system partition. Hmmm....

I see that Vista can also create this small boot partition.

How long until the crackers get around this? I wonder if it's possible...

Thanks.

David Walker

 

[John Barnett MVP]

My machine doesn't have a TPM therefore I have to use a USB stick to use
Bitlocker. The password actually doesn't have anything to do with it. When I
boot my machine the first thing is asks for is the USB stick, without it I
can't do anything let alone get anywhere to change or hack a password. So if
someone stole my PC they would also need the USB stick with the Bitlocker
encrypted code on to access my PC and as that is locked away they might get
one item but not the two.

--

--
John Barnett MVP
Windows XP Associate Expert
Windows Desktop Experience

Web: http://www.winuser.co.uk
Web: http://xphelpandsupport.mvps.org
Web: http://vistasupport.mvps.org
Web: http://www.silversurfer-guide.com

The information in this mail/post is supplied "as is". No warranty of any
kind, either expressed or implied, is made in relation to the accuracy,
reliability or content of this mail/post. The Author shall not be liable for
any direct, indirect, incidental or consequential damages arising out of the
use of, or inability to use, information or opinions expressed in this
mail/post..

 

[FromTheRafters]

OH, I think I misunderstood your post, sorry.

So, if you let Windows 7 install the 100 MB special partition, and let
the
system boot from there, then the cracking programs can't get access to
the
main system partition. Hmmm....

You may want to read up on TPM (Trusted Platform Module) to see what
Bitlocker's or the OS's support of this mechanism means to the boot
process. I think your question is more along the lines of how TPM works
than specifically about Bitlocker.

I see that Vista can also create this small boot partition.

How long until the crackers get around this? I wonder if it's
possible...

Physical access to a machine, and time, is all that is needed. How much
time is often the limiting factor. They can own the TPM (with physical
presence - or remotely) in much less time than it would take to decrypt
any encrypted information.