Earlier this week, I read this article reporting on Passware’s presentation at Password^20. It reported that if you are using BitLocker or TrueCrypt and you’ve ever used hibernate, then Passware Kit Forensic is able to recover the encryption key from the Hibernate file. The recommendation was “NEVER EVER EVER EVER allow hibernation for any computer.”
I found this hard to believe. So I watched the presentation. The Q and A made it clear that if the disk is truly fully encrypted, that is including the hibernate files, and the system is off.
I’m not as familiar with BitLocker or TrueCrypt as I am with the product I use with at work. Apparently people using TrueCrypt or BitLocker often only encrypt data volumes. Certainly that leaves you more vulnerable. The product I use actually encrypts the full drive,and provides pre-boot authentication at all times. So I think the advice to never use hibernate isn’t correct if you truly have full disk encryption.