If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
Change to Windows File Explorer.
My bitlockered HDDs used to be anonymous until
mounted in File Explorer, but now they have the Volume name even when encrypted. This is a great help. MSoft must be reading my posts! |
Ads |
#2
|
|||
|
|||
Change to Windows File Explorer.
Peter Jason wrote:
My bitlockered HDDs used to be anonymous until mounted in File Explorer, but now they have the Volume name even when encrypted. This is a great help. MSoft must be reading my posts! http://jessekornblum.com/publications/di09.pdf Page 6 shows VolumeName is a value in the header sector of the filesystem. The signature at the beginning of the sector is "-FVE-FS-", 8 bytes. Whereas for a regular partition, you'd expect to find "NTFS" somewhere in the sector. So there's room for a VolumeName, with no guarantee it's equal to some label assigned inside the decrypted part. Well, you're our BitLocker expert, and you've probably already looked at the volume to make sure you "can't read it", right ? Using HxD, you could have a look at it for fun. While it was locked. https://mh-nexus.de/en/hxd/ I don't think I've bitlockered anything here. Not even a floppy. Paul |
#3
|
|||
|
|||
Change to Windows File Explorer.
On Wed, 20 Jun 2018 02:52:16 -0400, Paul
wrote: Peter Jason wrote: My bitlockered HDDs used to be anonymous until mounted in File Explorer, but now they have the Volume name even when encrypted. This is a great help. MSoft must be reading my posts! http://jessekornblum.com/publications/di09.pdf Page 6 shows VolumeName is a value in the header sector of the filesystem. The signature at the beginning of the sector is "-FVE-FS-", 8 bytes. Whereas for a regular partition, you'd expect to find "NTFS" somewhere in the sector. So there's room for a VolumeName, with no guarantee it's equal to some label assigned inside the decrypted part. Well, you're our BitLocker expert, and you've probably already looked at the volume to make sure you "can't read it", right ? Using HxD, you could have a look at it for fun. While it was locked. https://mh-nexus.de/en/hxd/ I don't think I've bitlockered anything here. Not even a floppy. Paul The HxD shows "decoded text" on the RHS. I can't find passwords here; are they somewhere else? |
#4
|
|||
|
|||
Change to Windows File Explorer.
Peter Jason wrote:
On Wed, 20 Jun 2018 02:52:16 -0400, Paul wrote: Peter Jason wrote: My bitlockered HDDs used to be anonymous until mounted in File Explorer, but now they have the Volume name even when encrypted. This is a great help. MSoft must be reading my posts! http://jessekornblum.com/publications/di09.pdf Page 6 shows VolumeName is a value in the header sector of the filesystem. The signature at the beginning of the sector is "-FVE-FS-", 8 bytes. Whereas for a regular partition, you'd expect to find "NTFS" somewhere in the sector. So there's room for a VolumeName, with no guarantee it's equal to some label assigned inside the decrypted part. Well, you're our BitLocker expert, and you've probably already looked at the volume to make sure you "can't read it", right ? Using HxD, you could have a look at it for fun. While it was locked. https://mh-nexus.de/en/hxd/ I don't think I've bitlockered anything here. Not even a floppy. Paul The HxD shows "decoded text" on the RHS. I can't find passwords here; are they somewhere else? They'd better be. You wouldn't want the password sitting there, even salted and hashed or whatever else they do with 'em. It's got to be something more complicated than that. Paul |
#5
|
|||
|
|||
Change to Windows File Explorer.
On Wed, 20 Jun 2018 23:02:43 -0400, Paul
wrote: Peter Jason wrote: On Wed, 20 Jun 2018 02:52:16 -0400, Paul wrote: Peter Jason wrote: My bitlockered HDDs used to be anonymous until mounted in File Explorer, but now they have the Volume name even when encrypted. This is a great help. MSoft must be reading my posts! http://jessekornblum.com/publications/di09.pdf Page 6 shows VolumeName is a value in the header sector of the filesystem. The signature at the beginning of the sector is "-FVE-FS-", 8 bytes. Whereas for a regular partition, you'd expect to find "NTFS" somewhere in the sector. So there's room for a VolumeName, with no guarantee it's equal to some label assigned inside the decrypted part. Well, you're our BitLocker expert, and you've probably already looked at the volume to make sure you "can't read it", right ? Using HxD, you could have a look at it for fun. While it was locked. https://mh-nexus.de/en/hxd/ I don't think I've bitlockered anything here. Not even a floppy. Paul The HxD shows "decoded text" on the RHS. I can't find passwords here; are they somewhere else? They'd better be. You wouldn't want the password sitting there, even salted and hashed or whatever else they do with 'em. It's got to be something more complicated than that. Paul Heavens, is nothing safe? I'm going to have to bury my sensitive drives under the back-yard briar bush! |
#6
|
|||
|
|||
Change to Windows File Explorer.
Peter Jason wrote:
On Wed, 20 Jun 2018 23:02:43 -0400, Paul wrote: Peter Jason wrote: On Wed, 20 Jun 2018 02:52:16 -0400, Paul wrote: Peter Jason wrote: My bitlockered HDDs used to be anonymous until mounted in File Explorer, but now they have the Volume name even when encrypted. This is a great help. MSoft must be reading my posts! http://jessekornblum.com/publications/di09.pdf Page 6 shows VolumeName is a value in the header sector of the filesystem. The signature at the beginning of the sector is "-FVE-FS-", 8 bytes. Whereas for a regular partition, you'd expect to find "NTFS" somewhere in the sector. So there's room for a VolumeName, with no guarantee it's equal to some label assigned inside the decrypted part. Well, you're our BitLocker expert, and you've probably already looked at the volume to make sure you "can't read it", right ? Using HxD, you could have a look at it for fun. While it was locked. https://mh-nexus.de/en/hxd/ I don't think I've bitlockered anything here. Not even a floppy. Paul The HxD shows "decoded text" on the RHS. I can't find passwords here; are they somewhere else? They'd better be. You wouldn't want the password sitting there, even salted and hashed or whatever else they do with 'em. It's got to be something more complicated than that. Paul Heavens, is nothing safe? I'm going to have to bury my sensitive drives under the back-yard briar bush! You'll need to dig up the info in some "explainer" document. In some of these crypto situations, the password you enter is combined with a salt, and is used to generate a key. And the encrypted volume is then examined with that key being used to decrypt the data. If the password is wrong, the key is way wrong, the information that comes back is like "snow on your TV set". The password only has to be off by one bit, to make random looking data. The OS cannot mount a file system, where the header is not readable. These schemes don't use the old "password" scheme, where any dialog for entering the "password" is like a steeplechase fence. A person can find a way around it, by editing the code that provides the dialog box, and commenting out the conditional branch instruction. With modern crypto, the only direction is "forward". Unless you enter just the right password, the volume remains a "random binary blob" which is no good to anyone. Some Seagate drives that have FDE are like this too. The crypto in the drive, needs exactly the right password, in order to translate the data back into plaintext. When you do a Secure Erase on one of those drives, it doesn't take two hours, it takes one second, just the time to erase a tiny chunk of crypto, thus leaving the drive in a random state to any onlooker. Even entering your old password after that, won't work. The data in that one second, is now lost forever. That's the beauty of crypto-erased drives, is trampling on the key that is in use, renders the data instantly "bad". On the minus side, there is no provision on ordinary computers, to run one of those. Only an OEM dedicated to the task, will acquire the materials to make it happen. Buying the drive is a tiny part of the story. I don't know how to commission one of those. And the info shouldn't be on some FAQ page either (only paying someone to install it, gets you one). The hard drive industry promises that by year X, all drives would have FDE. Today, all I hear is "crickets". Paul |
Thread Tools | |
Display Modes | Rate This Thread |
|
|