A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Windows 10 » Windows 10 Help Forum
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Change to Windows File Explorer.



 
 
Thread Tools Rate Thread Display Modes
  #1  
Old June 20th 18, 06:23 AM posted to alt.comp.os.windows-10
Peter Jason
external usenet poster
 
Posts: 2,310
Default Change to Windows File Explorer.

My bitlockered HDDs used to be anonymous until
mounted in File Explorer, but now they have the
Volume name even when encrypted. This is a great
help. MSoft must be reading my posts!
Ads
  #2  
Old June 20th 18, 07:52 AM posted to alt.comp.os.windows-10
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default Change to Windows File Explorer.

Peter Jason wrote:
My bitlockered HDDs used to be anonymous until
mounted in File Explorer, but now they have the
Volume name even when encrypted. This is a great
help. MSoft must be reading my posts!


http://jessekornblum.com/publications/di09.pdf

Page 6 shows VolumeName is a value in the header
sector of the filesystem. The signature at
the beginning of the sector is "-FVE-FS-",
8 bytes. Whereas for a regular partition,
you'd expect to find "NTFS" somewhere
in the sector.

So there's room for a VolumeName, with no guarantee
it's equal to some label assigned inside the
decrypted part.

Well, you're our BitLocker expert, and you've
probably already looked at the volume to make
sure you "can't read it", right ? Using
HxD, you could have a look at it for fun.
While it was locked.

https://mh-nexus.de/en/hxd/

I don't think I've bitlockered anything here.
Not even a floppy.

Paul
  #3  
Old June 20th 18, 11:18 PM posted to alt.comp.os.windows-10
Peter Jason
external usenet poster
 
Posts: 2,310
Default Change to Windows File Explorer.

On Wed, 20 Jun 2018 02:52:16 -0400, Paul
wrote:

Peter Jason wrote:
My bitlockered HDDs used to be anonymous until
mounted in File Explorer, but now they have the
Volume name even when encrypted. This is a great
help. MSoft must be reading my posts!


http://jessekornblum.com/publications/di09.pdf

Page 6 shows VolumeName is a value in the header
sector of the filesystem. The signature at
the beginning of the sector is "-FVE-FS-",
8 bytes. Whereas for a regular partition,
you'd expect to find "NTFS" somewhere
in the sector.

So there's room for a VolumeName, with no guarantee
it's equal to some label assigned inside the
decrypted part.

Well, you're our BitLocker expert, and you've
probably already looked at the volume to make
sure you "can't read it", right ? Using
HxD, you could have a look at it for fun.
While it was locked.

https://mh-nexus.de/en/hxd/

I don't think I've bitlockered anything here.
Not even a floppy.

Paul


The HxD shows "decoded text" on the RHS. I can't
find passwords here; are they somewhere else?
  #4  
Old June 21st 18, 04:02 AM posted to alt.comp.os.windows-10
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default Change to Windows File Explorer.

Peter Jason wrote:
On Wed, 20 Jun 2018 02:52:16 -0400, Paul
wrote:

Peter Jason wrote:
My bitlockered HDDs used to be anonymous until
mounted in File Explorer, but now they have the
Volume name even when encrypted. This is a great
help. MSoft must be reading my posts!

http://jessekornblum.com/publications/di09.pdf

Page 6 shows VolumeName is a value in the header
sector of the filesystem. The signature at
the beginning of the sector is "-FVE-FS-",
8 bytes. Whereas for a regular partition,
you'd expect to find "NTFS" somewhere
in the sector.

So there's room for a VolumeName, with no guarantee
it's equal to some label assigned inside the
decrypted part.

Well, you're our BitLocker expert, and you've
probably already looked at the volume to make
sure you "can't read it", right ? Using
HxD, you could have a look at it for fun.
While it was locked.

https://mh-nexus.de/en/hxd/

I don't think I've bitlockered anything here.
Not even a floppy.

Paul


The HxD shows "decoded text" on the RHS. I can't
find passwords here; are they somewhere else?


They'd better be.

You wouldn't want the password sitting there,
even salted and hashed or whatever else they do
with 'em. It's got to be something more complicated
than that.

Paul
  #5  
Old June 21st 18, 05:37 AM posted to alt.comp.os.windows-10
Peter Jason
external usenet poster
 
Posts: 2,310
Default Change to Windows File Explorer.

On Wed, 20 Jun 2018 23:02:43 -0400, Paul
wrote:

Peter Jason wrote:
On Wed, 20 Jun 2018 02:52:16 -0400, Paul
wrote:

Peter Jason wrote:
My bitlockered HDDs used to be anonymous until
mounted in File Explorer, but now they have the
Volume name even when encrypted. This is a great
help. MSoft must be reading my posts!
http://jessekornblum.com/publications/di09.pdf

Page 6 shows VolumeName is a value in the header
sector of the filesystem. The signature at
the beginning of the sector is "-FVE-FS-",
8 bytes. Whereas for a regular partition,
you'd expect to find "NTFS" somewhere
in the sector.

So there's room for a VolumeName, with no guarantee
it's equal to some label assigned inside the
decrypted part.

Well, you're our BitLocker expert, and you've
probably already looked at the volume to make
sure you "can't read it", right ? Using
HxD, you could have a look at it for fun.
While it was locked.

https://mh-nexus.de/en/hxd/

I don't think I've bitlockered anything here.
Not even a floppy.

Paul


The HxD shows "decoded text" on the RHS. I can't
find passwords here; are they somewhere else?


They'd better be.

You wouldn't want the password sitting there,
even salted and hashed or whatever else they do
with 'em. It's got to be something more complicated
than that.

Paul


Heavens, is nothing safe? I'm going to have to
bury my sensitive drives under the back-yard briar
bush!
  #6  
Old June 21st 18, 06:05 AM posted to alt.comp.os.windows-10
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default Change to Windows File Explorer.

Peter Jason wrote:
On Wed, 20 Jun 2018 23:02:43 -0400, Paul
wrote:

Peter Jason wrote:
On Wed, 20 Jun 2018 02:52:16 -0400, Paul
wrote:

Peter Jason wrote:
My bitlockered HDDs used to be anonymous until
mounted in File Explorer, but now they have the
Volume name even when encrypted. This is a great
help. MSoft must be reading my posts!
http://jessekornblum.com/publications/di09.pdf

Page 6 shows VolumeName is a value in the header
sector of the filesystem. The signature at
the beginning of the sector is "-FVE-FS-",
8 bytes. Whereas for a regular partition,
you'd expect to find "NTFS" somewhere
in the sector.

So there's room for a VolumeName, with no guarantee
it's equal to some label assigned inside the
decrypted part.

Well, you're our BitLocker expert, and you've
probably already looked at the volume to make
sure you "can't read it", right ? Using
HxD, you could have a look at it for fun.
While it was locked.

https://mh-nexus.de/en/hxd/

I don't think I've bitlockered anything here.
Not even a floppy.

Paul
The HxD shows "decoded text" on the RHS. I can't
find passwords here; are they somewhere else?

They'd better be.

You wouldn't want the password sitting there,
even salted and hashed or whatever else they do
with 'em. It's got to be something more complicated
than that.

Paul


Heavens, is nothing safe? I'm going to have to
bury my sensitive drives under the back-yard briar
bush!


You'll need to dig up the info in some
"explainer" document.

In some of these crypto situations, the password
you enter is combined with a salt, and is used to
generate a key. And the encrypted volume is then
examined with that key being used to decrypt the
data. If the password is wrong, the key is way wrong,
the information that comes back is like "snow on
your TV set". The password only has to be off by
one bit, to make random looking data. The OS cannot
mount a file system, where the header is not readable.

These schemes don't use the old "password" scheme,
where any dialog for entering the "password" is
like a steeplechase fence. A person can find
a way around it, by editing the code that provides
the dialog box, and commenting out the conditional
branch instruction.

With modern crypto, the only direction is "forward".
Unless you enter just the right password, the volume
remains a "random binary blob" which is no good to anyone.

Some Seagate drives that have FDE are like this too.
The crypto in the drive, needs exactly the right password,
in order to translate the data back into plaintext. When
you do a Secure Erase on one of those drives, it doesn't
take two hours, it takes one second, just the time
to erase a tiny chunk of crypto, thus leaving the
drive in a random state to any onlooker. Even entering
your old password after that, won't work. The data
in that one second, is now lost forever. That's the
beauty of crypto-erased drives, is trampling on the
key that is in use, renders the data instantly "bad".
On the minus side, there is no provision on ordinary
computers, to run one of those. Only an OEM dedicated
to the task, will acquire the materials to make it happen.
Buying the drive is a tiny part of the story. I don't
know how to commission one of those. And the info shouldn't
be on some FAQ page either (only paying someone to install
it, gets you one).

The hard drive industry promises that by year X,
all drives would have FDE. Today, all I hear
is "crickets".

Paul
 




Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off






All times are GMT +1. The time now is 01:51 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.