Normally Bitlocker is protected by a TPM chip that prevents guessing the password millions of times per second, but could this be bypassed by using OphCrack or some other boot disc or by taking out the hard drive and extracting the password hash, (and then typing the correct password in the Windows login screen)?
Asked
Active
Viewed 1,777 times
1 Answers
2
Depends what you mean by "password".
If the disk is protected by a "PIN" (which may actually be a full-typeable-character-set passphrase) but nothing else, then yes, you could brute-force that. It'd take a long time - BitLocker uses a very slow key derivation function to turn the "PIN" into a key, so each iteration of the brute-force search would take a relatively long time even if using hardware much faster than the CPU that normally does the operation - but if the disk has a guessable "PIN" you could brute-force it.
If the disk is protected by PIN+TPM, which is the usual case for non-removable drives with "PIN" protection, then brute-force is really not feasible. You need the TPM key as well as the PIN-derived key, which means you need the drive in the machine that has the TPM, and that means you can't do an offline attack. Enter the PIN wrongly too many times, and it will lock and force you to enter the "Recovery Password".
The recovery password is quite thoroughly impractical (only just barely, technically, misses being impossible) to brute-force. It is extremely long and randomly generated; enumerating its search space is a problem on the scale of "if you turned every molecule of Earth into a CPU and used the entire energy output of a hundred suns to power them, you still wouldn't finish before the heat death of the universe."
CBHacking
- 40,303
- 3
- 74
- 98