Computer scientists have discovered a novel way to bypass the encryption used in programs like Microsoft's BitLocker and Apple's FileVault and then view the contents of supposedly secure files.
In a paper (PDF) published Thursday that could prompt a rethinking of how to protect sensitive data, the researchers describe how they can extract the contents of a computer's memory and discover the secret encryption key used to scramble files.
The technique doesn't attack the encryption directly. Rather, it relies on gaining access to the contents of a computer's RAM--through a mechanism as simple as booting a laptop over a network or from a USB drive--and then scanning for encryption keys.
The researchers say their technique works against Apple's FileVault, the BitLocker Drive Encryption feature included in the Enterprise and Ultimate versions of Windows Vista, the open-source product TrueCrypt, and the dm-crypt subsystem built into Linux kernels starting with 2.6.
http://www.news.com/8301-13578_3-987...e.gall.related
In a paper (PDF) published Thursday that could prompt a rethinking of how to protect sensitive data, the researchers describe how they can extract the contents of a computer's memory and discover the secret encryption key used to scramble files.
The technique doesn't attack the encryption directly. Rather, it relies on gaining access to the contents of a computer's RAM--through a mechanism as simple as booting a laptop over a network or from a USB drive--and then scanning for encryption keys.
The researchers say their technique works against Apple's FileVault, the BitLocker Drive Encryption feature included in the Enterprise and Ultimate versions of Windows Vista, the open-source product TrueCrypt, and the dm-crypt subsystem built into Linux kernels starting with 2.6.
http://www.news.com/8301-13578_3-987...e.gall.related
