Password-recovery experts at Passware warned Friday that the security of Microsoft’s Bitlocker whole-disk encryption is seriously compromised on a computer configured to use sleep mode. The same is true of the open-source TrueCrypt whole-disk encryption tool.
The company’s Passware Kit Forensic 1.03 can “decrypt hard disks encrypted with BitLocker or TrueCrypt in a matter of minutes if the target computer is running”. If the computer is powered off decryption can still be accomplished by analyzing the file hiberfil.sys, which is created by Windows when the system enters sleep mode. According to the company, any computer that has hibernated even once with a mounted TrueCrypt or BitLocker hard drive is vulnerable, as their product can “instantly decrypt the hard disk even if the computer is no longer running”.
It’s worth noting that BitLocker Drive Encryption is only present in Windows 7 and Windows Vista, not in any earlier edition. And only the Enterprise and Ultimate editions of those platforms include BitLocker support. ZoneAlarm DataLock, a third-party whole-disk encryption product, supports all current versions of Windows including Windows XP. During the initial encryption stage DataLock disables hibernation. Afterward it interacts with the hibernation feature so that the encryption password is required on waking from hibernation.
Best online Microsoft MCTS Training, Microsoft MCITP Certification at certkingdom.com
If you do use BitLocker or TrueCrypt, you need to configure the encrypted system so it doesn’t accidentally go into sleep mode. Using the Power Options applet in control panel, set “Put the computer to sleep” to “Never”. If the computer has a sleep button, set “When I press the sleep button” to “Do nothing”. And be very sure you never choose “Sleep” from the options menu for the shutdown button.