Doh! What My Encrypted Drive Can Be Unlocked By Anyone?

When a password of “” can open up your encrypted drive


Many companies now use full disk encryption for their computers, especially for laptops on the move. So while the usage of TrueCrypt has faded, especially when its open source developers gave up maintaining the code, it has been up to Microsoft BitLocker to take over and become the tool of choice for encrypting disk drives.

But is it actually robust? Well, not if you read this paper [link]:

I cannot even start to explain how bad this discovery is for the industry, and a complete embarrassment for the vendors involved. The lack of integration between vendors seems almost negligent in the extreme.

The paper outlines that some SSD drives (including Samsung and Crucial) do not actually encrypt the data properly, and that they can be easily by-passed without a system password.

The manufacturers of the drives have been informed through ethical disclosure (in April 2018), and users are being asked to rely on software encryption rather than the embedded hardware encryption. A particular risk is…



Prof Bill Buchanan OBE FRSE
ASecuritySite: When Bob Met Alice

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. Based in Edinburgh. Old World Breaker. New World Creator. Building trust.