Cracking 256 bit AES encryption in less than a minute

BitLocker encryption broken in 43 seconds with sub-$10 Raspberry Pi Pico — key can be sniffed when using an external TPM

News

By Aaron Klotz

published about 20 hours ago

Bitlocker is one of the most easily accessible encryption solutions available today, being a built-in feature of Windows 10 Pro and Windows 11 Pro that’s designed to secure your data from prying eyes. However, YouTuber stacksmashing demonstrated a colossal security flaw with Bitlocker that allowed him to bypass Windows Bitlocker in less than a minute with a cheap sub-$10 Raspberry Pi Pico, thus gaining access to the encryption keys that can unlock protected data. After creating the device, the exploit only took 43 seconds to steal the master key.

Who has a GitHub link to the exploit atume haraka sana before a patch is deployed?

1 Like

I don’t think the code can help you without the board, unless wataeka pcb schematics and you can print one yourself

Hako ka stuff kanakuja ready made, with headers

Click bit title, 256 bit Aes encryption is solid and currently uncrackable with current technology, its what I use and its what the USA military uses. Bitlocker ndio iko na fault in storing the master encryption keys not the encryption. I do not use bitlocker I never trust windows products hazina backdoors za NSA and how they make their software easy to use for the average joe makes it easy to cut corners on security.

If you want to encrypt anything tumia veracrypt.

1 Like

It’s good you’ve experienced Veracrypt (sidika?) app, there are other good other Encryption tools out there, military or otherwise. Thing is, Encryption is just one way of securing your data, and since it mainly fights bruteforce, it’s primitive to other attack signatures, and that’s why a zero day in Bitlocker makes it helpless no matter the algorithm, 128, 256 etc. Ofcourse you don’t use everything military, hata kama uko kambi ndani, some of your private data is always on the wild, and so is the data encrypted by your tool. There is just a simple way out of it, just that it’s not been advertised yet.

Using veracrypt I encrypt my entire OS, when I power on my pc I need to first decrypt the entire os, I enter a password between 15-25 digits long and a key file on separate USB, if you steal my hard drive all you will see is gibberish nonsense. Veracrypt is as good as an encryption software can get giving you the ability to choose from common public tested and verified encryption protocols. It may seem like paranoia but all my data is encrypted on a flash disk or any other way I do not have openly readable files to me that seems careless its like locking your house and leaving the store door unlocked, yeah it takes time to decrypt but to me data security is a top priority.

When you call encryption primitive I almost laughed my ass off, encryption is the best thing we have in terms of data protection any other thing from that is human error(weak passwords, publicly storing encryption keys e.t.c) and you can not zero day an encryption, bitlocker is a mass produced software for non -It folks obviously bugs zitakua in-fact in earlier versions you could power down the pc access your hard drive through another pc and access the master encryption keys in a clear file(it was fixed kitambo tho)

Sure you can capture packets from a WIFI network protected with wep encryption and crack it if it had a simple pass phrase like jostokubwawifi, on the other hand according to my pc(And my pc is a beast) cracking my wifi password(qwe#tvd%hhs&nxi.)cd^() will take me 50 years.

encryption is used on everything.

1)when you make a phone call you use End-to-end call encryption (E2EE) hence I can not snoop in. by the way the decryption key is stored on your sim card and is some combo of your phone number and imei
2)when you access a webserver/webpage you use https for encryption
3)when you connect to a wifi network you use wpsk/wep

If encryption is cracked technology will be useless as anyone with any kind of technical knowledge can view anything in the wires or air(passwords, bank account details, government secrets e.t.c

oh and a btw

How long does AES-256 take to crack?

With the right quantum computer, AES-128 would take about 2.6110^12 years to crack, while AES-256 would take 2.2910^32 years. For reference, the universe is currently about 1.38×10^10 years old, so cracking AES-128 with a quantum computer would take about 200 times longer than the universe has existed.

Now if you said rainbow tables that would have made sense to crack passwords which saves time by costing memory(lots of memory, am not joking am talking people have 500TB+ rainbow tables in size)

1 Like

That’s a mouthful. You’ve done your homework, but the wrong homework, @Nyamgondho. Again, I repeat, Nobody is in the business of brute forcing Encrypted systems. My first encounter with Rainbow table attacks was in 2007, I recall being in a lab with a diskette collecting windows SAM, it was the same year we had a nasty general election. Nowadays a simple mitigation like salting would counter that.
That said, I’m surprised you believed Safaricom when they told you that all your communication is encrypted.
That E2EE jargon you quoted, really doesn’t work, I’ll not get into details how a simple RTL/SDR intercepts an SMS, it’s all on Git, hardware on aliexpress, now imagine if you’re relying on sms as a 2FA to login to any of your accounts.

One last thing, the new BeEF-xss, not the flavor offered by Kali, but walk around the Debian forums, (from around Feb 20th) Kuna moja safi sana that’s meant for your type. Those who believe in total endpoint protection, Encryption, AV, VPN, air-gapping, name it.
All you have to do is click a link. Ofcourse utasema you don’t click unknown links, but bottom line, you can’t use an endpoint for an hour before being tempted to check out where that “YouTube” spoofed link that josto posted, leads to.

Eh, Wewe jamaa wa mining ulijulia cybersecurity wapi?

Ni huyu @Nyamgondho anadai proof of concept. Anapima imani yangu. Natoka mining nimskumie effdense kwanza atulize.

1 Like

Wewe ata kwisa elewa “proof of concept” ni nini ama unarusa rusa maneno tu ofyo ofyo bila kuelewa kisa na maana?

1 Like

Nilikua naconsider masters in cyber security but I did the right thing kuwachana nayo.