However, the research paper suggests that with a single high-end GPU, it is theoretically possible that over 122 million passwords could be attempted in only 24 hours. However, Hashcat was capable of 3,290 million hashes per second (MH/s), a result the researchers say is “comparable to BitCrackers’ best performance on the same GPU.”īitLocker’s complex encryption process means that there is a limit to the number of passwords that can be tested at one time. The team acknowledges that the comparison is not entirely fair, as Hashcat does not use BitCracker’s W-block functions or MAC computation. To further increase the speed of potential attacks, Agostini and Bernaschi were also able to remove MAC computation and comparison.īitCracker’s performance was benchmarked against another popular password cracker, Hashcat, using a Pascal GPU. YOU MIGHT ALSO LIKE Open source tools helps detect security of cloud containers This cannot be applied to other SHA-256 setups, however. The SHA-256 standard transforms messages into what is known as “W blocks” before being hashed, and so to speed things up, the team created a precomputation facility for some sets of W words, reducing the number of required arithmetic operations by creating a rainbow lookup table. The BitCracker tool focuses on decrypting a VMK key, exposing a password capable of decrypting a device.Ī dictionary attack is performed, leveraging GPU performance and power. If a drive has been encrypted using the user password method, for example, in volume metadata you will find two encrypted VMKs – one encrypted with the user password and one encrypted with the recovery password.ĭuring decryption, BitLocker begins decrypting the VMK, then FVEK, and then the disk itself. LISTEN NOW SwigCast, Episode 2: ENCRYPTION Bits and piecesīitLocker uses two different modes of authentication a user password or recovery mode, in which a user either types in a password to encrypt or decrypt a drive, or uses a 48-digit recovery key generated by BitLocker to access their content.ĭuring encryption, each sector volume is encrypted individually using a Full-Volume Encryption Key (FVEK) and Volume Master Key (VMK), the latter of which is also encrypted and stored in the volume. “BitLocker decryption process requires the execution of a very large number of SHA-256 hashes and also AES, so we propose a very fast solution, highly tuned for Nvidia GPU, for both of them,” the researchers explain.īitCracker has been tested with three Nvidia GPU architectures: Kepler, Maxwell, and Pascal. The software is available to the open source community and accessible via GitHub.Īn OpenCL implementation of BitCracker was integrated with the popular, open source password hacking tool John The Ripper, version Bleeding-Jumbo, released last year. The technology uses 128 bit AES encryption by default, but this can be configured to 256 bits for a heightened level of security.Īs BitLocker utilizes high levels of AES encryption, BitCracker relies on high-performance Graphics Processing Units (GPUs) to make a dictionary attack viable. BitLocker is compatible with Trusted Platform Modules (TPMs) and encrypts data stored on disk to prevent unauthorized access in cases of device theft or software-based attacks.īitLocker To Go works in the same manner for external devices, such as USB drives. Dictionary attackīitLocker is Microsoft’s implementation of full-disk encryption, first released as an upgrade to Windows Vista in 2007. Researchers have outlined their progress in further developing BitCracker, a GPU-powered password-cracking tool built specifically to break BitLocker, the full disk encryption built into Microsoft Windows.Ī white paper (PDF) recently published by Elena Agostini, software engineer at Nvidia, and Massimo Bernaschi, director of technology at National Research Council of Italy (CNR), describes BitCracker as a solution designed to “attempt the decryption, by means of a dictionary attack, of memory units encrypted by BitLocker”.īitCracker was first released in December 2015 and has been continually developed since. Open source tool leverages graphics processing to decrypt BitLocker-protected units
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |