22

In other words, how easy is it to break into Windows without having the passwords for any of the users configured in the computer?

user3251930
  • 329
  • 1
  • 2
  • 4
  • 2
    Wouldn't that be just a question on how strong the passwords are? – ndrix May 28 '14 at 11:35
  • 10
    How is the hard-drive encrypted? – Philipp May 28 '14 at 13:48
  • 15
    The title of the question, and "in other words" are two separate questions. – OrangeDog May 28 '14 at 14:14
  • Related: http://security.stackexchange.com/questions/57153/decrypting-fde-in-disaster-recovery – Canadian Luke May 28 '14 at 18:02
  • Keep in mind that if security of the *contents* is your concern, they may exist outside the drive. Don't forget off-site backups, DropBox, etc. Attacker will choose the path of least resistance. – funroll May 28 '14 at 18:09
  • 1
    ... and by any number of amateur hackers too! – Carl Witthoft May 28 '14 at 19:59
  • 12
    Obligatory XKCD link http://xkcd.com/538/ – Andrea May 29 '14 at 09:42
  • I believe the answer to your question is a clear and unambiguous YES. The only question (once they have it) is how long it will take. Any encryption can be broken with enough time given a few exceptions--it can be quite hard if you don't know how it was encrypted, and if they used a long enough key it can become impossible (for instance if your key is as long as your data and truly random it cannot be decrypted without the key, but that's impractical for hard drive encryption) – Bill K May 29 '14 at 16:29
  • @BillK While it is mathematically true that almost any encryption can be broken given enough time, it is not true in practice, when the best known methods (short of rubberhose cryptography) would take longer than the universe has existed if they used all the computing power available on the planet now. – Gilles 'SO- stop being evil' May 30 '14 at 19:57
  • @Gilles although I agree with you, there is another factor--every couple years what was impossible becomes possible through development of new knowledge. Quantum computing could change this next year, or someone could come up with a much better way to factor prime numbers (or someone already has...). On top of that encrypting an entire hard drive leaves a lot of clues... I'm fairly sure that there is almost nothing encrypted that some government branch can't decrypt within a year or so if it really wanted to. – Bill K May 30 '14 at 22:24

7 Answers7

39

The answer to your question is that it depends on a number of factors.

  • What disk encryption product is in use? Does it make use of full disk encryption, or does it just encrypt parts of the disk (e.g. the users home directory)
  • Are there any known vulnerabilities in the disk encryption product in use?
  • What strength of password was used by the user of the stolen machine?
  • Did the user do anything very daft, like having the password on a bit of paper in their bag.
  • Does the disk encryption product allow for effectively offline attacks, or can it enforce a lockout policy such that only a limited number of guesses are allowed before the data is destroyed?
  • How determined and well funded are the attackers? In the case of government level attackers they may have a means of bypassing/backdooring the software.

So ultimately it depends. In the general case an unsophisticated attacker getting access to a full-disk encrypted drive protected with a strong password that he doesn't have, probably won't be able to compromise it, but there's a lot of variables at play.

Edit : per the comments below the list above isn't exhaustive, but hopefully provides an idea of some of the potential variables at play.

Rory McCune
  • 61,541
  • 14
  • 140
  • 221
  • 1
    Cold boot? Evil maid? TPM weaknesses? – paj28 May 29 '14 at 09:01
  • 3
    @paj28 don't forget [`Rubberhose Crytoanalysis`](http://xkcd.com/538/) – Aron May 29 '14 at 09:06
  • 1
    ... Is the encryption software backdoored? (How many eyes have access to the source code?) Has it ever been audited? – ignis May 29 '14 at 11:34
  • 1
    How would you enforce a limit on the number of guesses at the password? An attacker would just read the encrypted data directly with software tweaked for the purpose. If there was any way to prevent bypassing the encryption solution like that, then it wouldn't need to encrypt the data in the first place. – kasperd May 29 '14 at 20:00
  • @kasperd well if you look at a solution where the keys are held in hardware and password guessing has to be done through that hardware, then that hardware can enforce the lockout... – Rory McCune May 29 '14 at 22:19
  • @RоryMcCune If the hardware can protect the keys, the same method could be used to protect the data. As far as I know there does exist disks, which can require a password before data can be accessed. But I'd rather have my data protected by encryption with a password, which is strong enough, than to trust some piece of hardware to limit the number of passwords, which can be tried. – kasperd May 29 '14 at 22:26
  • 2
    @kasperd: it's a lot easier for hardware to provide a reasonable level of protection for a small amount of data (i.e., an encryption key) than for a large amount (i.e., the contents of your hard disk). No tamper-proofing is perfect, but I'm sure it can be made quite difficult to extract an encryption key stored in a tamper-proof chip. – Harry Johnston May 30 '14 at 05:14
  • @kasperd I wasn't thinking of this as an either encryption or password situation, but the idea that the encryption key can be held in tamper resistant form and only be accessed via that hardware is quite well established and as harry-johnston says protecting a key is easier than protecting all the data – Rory McCune May 30 '14 at 07:09
  • 1
    @RоryMcCune That makes sense. I am still going to see a strong password as the real protection, and the tamper-resistant hardware as an optional addition that you may as well use if available, but which I would not consider important enough to base my choice of hardware on it. If you want it tamper-proof rather than just tamper-resistant, it would have to incorporate quantum-memory. – kasperd May 30 '14 at 07:52
34

Yes. With a cold boot attack.

Depending on the software used to encrypt your data and when the attacker gets a hold of your laptop, there is a good chance that they can get access to whatever they want, if they know how.

The problem lies in the fact that many disk-encryption tools, including BitLocker, store the keys in RAM. The trick to the attack is to cool the RAM down.

This attack relies on the fact that the RAM in your laptop will retain its information, even after power loss, for a certain amount of time. If you cool the RAM down, it will retain its information, without power, for longer. The researchers did this by spraying compressed air or liquid nitrogen onto the RAM modules while the laptop was running. Then they removed the modules and loaded them into their own specialised system.

Cooling down memory

On all of our sample DRAMs, the decay rates were low enough that an attacker who cut power for 60 seconds would recover 99.9% of bits correctly... This suggests that, even in modern memory modules, data may be recoverable for hours or days with sufficient cooling.

From there, they could inspect the contents of the memory and look for important information like DES, AES, or RSA keys. Using algorithms to scan the loaded memory, you can detect crypto keys.

We have developed fully automatic techniques for locating symmetric encryption keys in memory images, even in the presence of bit errors.

Our experiments (see Section 3) show that it is possible to recover memory contents with few bit errors even after cutting power to the system for a brief time.


References:

[ 1 ] J. Halderman et al. "Lest we remember: cold boot attacks on encryption keys" (site contains a link to the research paper).

Anthony
  • 511
  • 4
  • 8
  • See also, e.g., http://www.breaknenter.org/projects/inception/ – Harry Johnston May 29 '14 at 04:47
  • 1
    I'm pretty sure the spray used is called "coolant spray" - you get it in this kind of cans, it's a liquid that quickly evaporates, cooling down to -42 degrees C – Volker Siegel May 29 '14 at 11:08
  • suggesting that shutting the machine right down when it's going to be out of your control is a good idea - that way the RAM stays at roomtemp without being refreshed and wipes itself pretty quickly. Hibernate has its own weaknesses (like keys in RAM written to disk) – Chris H May 29 '14 at 13:35
  • @ChrisH Yep, one of the suggestions from the paper was to encrypt the keys in the disk controller itself. This would require changes to architecture though. – Anthony May 29 '14 at 14:20
  • I read the paper a while back, so forgot that -- anyway I tend to think of user actions, and easy ones at that, rather than system design – Chris H May 29 '14 at 15:20
14

If your computer ONLY has password for user accounts then extremely easily. You could just load ANY LiveCD and it will ignore the file permissions thus giving the attacker full file rights.

If you have encryption then question is too broad scope we need to know what software you used for encryption and so on. I can expand on my answer if you provide encryption software you used.

LB2
  • 420
  • 2
  • 8
Paul
  • 1,552
  • 11
  • 11
  • 12
    The question title does say "an encrypted hard disk". – nobody May 28 '14 at 19:25
  • 3
    Yes, the title does but the question doesn't so it's unclear if it's encrypted or not but I have asked the thread owner to elaborate on the encryption used if any in this answer. Thanks for your input I did notice this prior to the comment. – Paul May 28 '14 at 22:41
11

You have several different questions here:

If a Windows laptop with an encrypted hard disk is stolen, can the contents be accessed by a professional hacker?

Yes.

In other words, how easy is it to break into Windows without having the passwords for any of the users configured in the computer?

Assuming we're still talking about a machine whose hard drive is encrypted with the built in BitLocker, then as far us we know: it's not easy.

========

But those aren't really the central issue.

The big issue is whether or not the professional hacker in question believes that the data on the drive is worth the amount of time and money necessary to crack it. If we're talking the NSA and you have data related to a high priority national security issue which presumably can't be accessed in any other way (e.g. the person who knows the password is "unavailable"), then they will throw the computing power necessary at cracking it.

However if we're talking about a laptop that was stolen by someone completely unaware of the contents then they'll likely just reformat the thing and ebay it. Heck, they may just pawn/ebay it as is.

In other words, the central question boils down to whether you were just a target of opportunity (petty theft) or were a target of professional surveillance. If the latter then you can bet that they only took the laptop when they felt they had enough information to easily access the drive contents - in other words they managed to get your passwords. It's usually easier (ie: cheaper/faster) to utilize modern surveillance techniques to eaves drop on a password being typed than it is to crack solid encryption. Devices to listen in on keystrokes or even pin hole cameras in a ceiling are certain one option...

A third option is if the laptop was picked up by your local police when they were arresting you. For this it's probably far easier to force you to divulge the passwords (based on various countries laws) than it is to bother trying to crack the laptop. Some countries have fairly lopsided laws in which it would still be in your best interest to give up the password to incriminating evidence than to stay silent.

NotMe
  • 696
  • 3
  • 11
4

Hopefully the hard disk is encrypted using BitLocker, which means by default makes your hard disk would be the first device your laptop would boot on. If the hacker tries to change the boot order (reset local admin password using Linux tool), then the BitLocker will be locked (needs to enter 48-characters recovery key to unlock). If the user manages to dismantle the hard disk, the hard disk would be treated as BitLocker ToGo, so the same locking policy applies.

Din_Jenggo
  • 41
  • 1
4

Now it is time to make explicit one fundamental property of the field of Information Security, which pertains to the debate at hand:

This is not a game. There are no rules.

Let's see what this means by first reviewing the "technical answer" (that has been expanded upon by other answers to this question). The "professional hacker" will be kept at bay if all of the following are true:

  • The whole-disk encryption system is worth that name.
  • When you say whole, you mean whole. Virtual memory space (aka "swap partitions" or "swap files") must also be encrypted.
  • The unlocking password is strong (high entropy).
  • When the laptop was stolen, it was unpowered and properly shut down (not put to sleep or hibernating, but really shut down).
  • The thief runs with the laptop but does not come back.

The point about the laptop being shut down is for cold boot attacks. After a few minutes of being shut down, the RAM contents are definitively lost -- whereas "sleeping" and "hibernation" are techniques to keep the RAM contents alive somewhere (either by using the battery to keep the RAM powered, or by storing its contents on the hard drive).


However, the important point is the last one. All of these technical considerations are indicative of anything only as long as the thief is obliging enough to accept to operate within the stated context, the "rules of engagement". Namely, the thief has temporary physical access to the laptop, and just grabs it. He does not try to, say, insert some key logging apparatus or other backdooring system to the laptop, then leave it in place, so that the user, unsuspecting of the hacker's intervention, guilelessly types in his password again, unlocking all his deepest secrets.

This is where the scenario is unrealistic. We are talking about a professional hacker. By definition, that hacker makes a living out of his activities. He is interested in your information, and will not feel compelled to act only within the constraints of an ideal story. Most successful "hacking" stories often include, as pivotal element, a non-technical action, usually so-called social engineering (where the "engineering" term belies the fact that, indeed, this is not about engineering but psychology and sociology), or simple downright burglary. To (ab)use Chamberlain's quote: the professional hacker is not a gentleman.

Now if we were talking about an amateur hacker, then things change quite a lot. The situation becomes the following:

My laptop has been stolen. I was using whole-disk encryption. Will the thief (who was after the hardware, not the information) be able to also recover may Gmail password and steal my accounts?

In that case, we have actual facts which have happened in the physical world, thus a firm foundation for the context in which the question takes place. The laptop was stolen, not silently modified. Whoever did the deed was not, at the time of theft, a professional hacker targeting the data; rather, it was an opportunistic bystander who thought he could make a few bucks out of the laptop itself. If so, properly implemented and applied whole-disk encryption, protected with a strong password on a laptop which was completely off, will save the day, in that it will limit the cost to the loss and lack of availability of the hardware.

Tom Leek
  • 170,038
  • 29
  • 342
  • 480
  • 1
    If the hibernation file is encrypted too (which I believe was one of your premises since I would consider the hibernation file similar to a swap file), wouldn't hibernation be just as secure as powered off? – TTT May 30 '14 at 15:49
3

It depends on the encoding software. If it used BitLocker, it is possible to crack only the BitLocker password, which is not hopeless with a dictionary attack. To crack the Bitlocker key is normally hopeless.

peterh
  • 2,958
  • 6
  • 26
  • 32
  • Obligatory "that's what they WANT you to think" – Carl Witthoft May 28 '14 at 20:01
  • 1
    i've seen too many people doing impossible things to think there is something really impossible, especially when you have time and money. – Lesto May 28 '14 at 20:28
  • 1
    @lesto Time and money are powerful, but they can't argue with mathematics. If you chose a good, non-dictionary-attackable 48-character password, then nothing short of the attention of a national government is going to get that data off of there in any reasonable time-frame. – Schilcote May 29 '14 at 02:04
  • @Schilcote yu can't argue with math.. when it is implementenet right. AES is actually impenetrable.. but SSL was. And just today there is a lot of concern about TrueCrypt, witch is the standard de facto to crypt partitions.. see on the official page: "http://truecrypt.sourceforge.net/" WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues. Morpheus: "Some rules can be bent, others can be broken." – Lesto May 29 '14 at 11:58
  • 2
    @Schilcote: ultimately this comes down to the difference between, "there is no effective attack on X in the public literature" and "it is impossible to attack X". AFAIK there is no mathematical proof that BitLocker's algorithms are intractable, so it's not mathematics they're arguing with. There may be a better-than-brute force attack, it just hasn't been published (and for that matter plausibly hasn't been found). If anybody knows an unpublished attack it's *probably* but not necessarily a national government. And as lesto points out, that's even assuming everything is implemented correctly. – Steve Jessop May 30 '14 at 08:37
  • and let's not forget that even one time pad implementations have been broken even if OTP is mathematically proven to profile perfect security... this is the real world. – Thanos Tintinidis May 30 '14 at 16:11
  • @thanosQR - can you provide a reference for a one time pad implementation that was broken? I suspect that any OTP implementation that is broken is because it isn't really an OTP, but instead probably was reusing keys. OTP is perfect, as long as your key is not compromised, and as long as you don't reuse it- which would make it a two time pad, or worse. – TTT Jun 03 '14 at 14:29
  • @TTT yes, it's either key re-use or using not-so-random keys for the cases I had in mind (http://en.wikipedia.org/wiki/One-time_pad#Exploits). I believe that it highlights that a proof of perfect security for an algorithm doesn't imply that the implementation would be perfect or even feasible. – Thanos Tintinidis Jun 03 '14 at 16:24