Cracking PGP, TrueCrypt, and other strong encryption packages just got more affordable, with the release of a $300 package that can pluck decryption keys out of computer memory in certain cases.
Thursday's release of the Elcomsoft Forensic Disk Decryptor poses the biggest threat to people who leave their pre-OS X 10.7.2 Mac laptops or FireWire-equipped PCs in hibernate or sleep states while encrypted drives are mounted. It has long been possible to use the FireWire or Mac Thunderbolt interfaces to retrieve the contents of volatile memory on machines that are password-protected but not powered down. But until now, it has cost closer to $1,000 for an easy and reliable way to use that data against people using strong full-disk encryption programs.
The new product from Moscow-based ElcomSoft changes that. Like Passware, which Ars first chronicled in 2009, it's able to comb through memory dumps and locate the cryptographic keys stored inside. But at a third of the price, Forensic Disk Decryptor could bring that capability to a much larger customer base.