Slashdot Mirror
How the Secret Service Cracks Encrypted Evidence
tabdelgawad writes "The Washington Post offers this writeup about how the U.S. Secret Service uses a Distributed Network Attack program to crack encryption on computers and drives seized as evidence. How can brute force still succeed with 256-bit encryption, you ask? Customized password dictionaries from the seized computer's email files and browser cache: People still use non-random passwords."
Sounds pretty logical to me.
Which kind of makes much hard for conspiracy theories that the FBI/NSA/Secret Service require all these back doors into encryption software and/or operating systems. What's the point when humans are still the weakest link?
I use the built in crypto in Fedora (the device level encryption passed to a loopback file mounted under /enc). I doubt that, absent a key sniffer, my passwords would *ever* be discovered. I have some english words in them (most are long phrases with nonsense punctuation thrown in at several places), so I guess that could be some kind of issue. But overall, I feel pretty secure.
;)
Of course, I'm not actually defending any data that the government would care about, so it's all moot
(Unless the government has a pressing need to read my private journal about me bitching about how I can't get a date. In that case, those spooks are outta luck!)
Comment removed based on user account deletion
The U.S. Secret Service is having success with breaking keys using dictionary-attacks.
Now, reading between the lines:
The U.S. Secret Service has just perfected a brilliant new method of brute-forcing 256-bit keys in a matter of minutes using the same processing power as a pocket calculator.
Therefore the previous dictionary-attack system can safely become public knowledge.
Ripping an new rectum in the fabric of spacetime.
This ties in nicely with the "BBC Writer Tries PC Repair" thread. Most people don't understand their computer's software, even if they're criminals trying to hide evidence, apparently.
Have you read my blog lately?
Since when does the Press care about what they publish? Case in point: the Press hears that the US military is tracking OBL by his use of a satellite phone. No further calls from the phone are ever made. Perhaps if the Press would have thought about what they were doing...
It's becoming increasingly clear that human language facility is mostly a giant system of cross references. Sometimes those references attach to other experiences outside the language network, like other sensations and actions. But the language itself is a highly flexible collection of weighted references. There's no intrinsic "meaning" to the words and other language elements, just our shared experiences, including our experience of language itself. These private dictionary attacks are an extremely sophisticated attack on the very human space of personal language constraints.
--
make install -not war
Especially when all they have to do is offer them chocolate before they bust them;-)
If brevity is the soul of wit, then how does one explain Twitter?
You don't have to use random passwords to be secure. Slightly modified acronym passwords tend to be almost as good as completely random passwords, and people tend not to mention the phrase that the acronym is from very often.
For example, a password 'JWfimf#aIgtVae' is about as good as random; and yet, it's simply an acronym for "Juffo-Wup fills in my fibers and I grow turgid. Violent action ensues." with a hash sign thrown in for good measure. Any Star Control II fan would have an easy time remembering it after just a couple uses.
I once listened to a Philip Glass record for an hour and a half before I realized it was skipping.
I always wondered this: If your computer is siezed, but the incriminating data is encrypted, do you have to give the password to decrypt it? I'd imagine not, since it would be self-incrimination. But it seems like a lot of people get caught with having illegal stuff on their hard drives. Are they just not encrypting their data? I can see someone not knowing how to encrypt a cache of internet files (kiddie porn or something), but wouldn't most people who attract this kind of attention just keep stuff locked up? Anyone know how well Macs auto-encryption stands up (whenever you log out, all personal files are encrypted using a 256 bit key or something)? It's one feature I think is really neat with Mac OS X on my brand new Mini.
There's always 24445 as a valid combination that can be spoken as 1-2-3-4-5... (One 2, Three 4s, 5).
People always seem to stumble on that when they ask for my combination and I tell them that. Then I show them the correct combination and a light dawns on their heads...
Does anyone have any ideas on how well FileVault in Mac OS X would stand up to this? Seems to me that with a strong, unique password it would be pretty much unbreakable since the entire home directory is encrypted.
A friend of mine ran crack over /etc/passwd on his physics department's unix system, successfully cracking 20% of the passwords on file. He sent the results to his sysadmin, with a note asking the sysadmin to implement crack system-wide, and was promptly reprimanded.
On VAX VMS you had to pick a password from a list of randomly generated "pronouncable" strings, if I recall correctly. On many properly-managed UNIX installations the crack program is used to check the user's passwords and will not allow you to use a crackable one. Is there as option to allow only hard passwords on Windows? I honestly don't know...
On the whole, soft password problem seems like a healthy n00b-usability-over-security type thing.
Erh, yes they can : The Diceware Passphrase Home Page
Passphrases are the only sensible solution I've ever heard of for divising keys that are both relatively easy to remember and sufficiently random so as to be secure. A random string of characters cannot be reliably memorized. Any word, no matter in what language and no matter how obscure, can be cracked by a dictionary attack. A sequence of words chosen at random can be memorized, and if it's about six or seven words long, is probably beyond the reach of cracker software, even the Secret Service's.
One of the best ways I've seen to construct a secure passphrase is Diceware. Arnold Reinhold constructed a list of about 7500 words of up to six characters in length. Roll five dice to pick out a word in the list; do this a few times to create a passphrase, commit the phrase to memory, and burn anything you might have written down. He calculated that if you choose a passphrase consisting of seven words this way, you have about 90 bits of entropy, which a cracker probably couldn't break in this lifetime. His sample phrase is cleft cam synod lacy yr, which probably takes some practice to memorize, but it can be done.
Always keep a sapphire in your mind
You've never seen the "shoot here to destroy" stickers that Uncle sam sticks on his computers, usually they are just slightly off center of the hard drive spindles, not sure how a multi-disk box gets tagged, but its probably in a similar manner.
Remember that P-3 that landed in chicom airspace back in 2000/2001, supposedly hammers were used to beat the interior of that bird all to hell when the pilot realized they weren't going to make it to a safe landing area.
09f911029d74e35bd84156c5635688c0
You can use a randomly generated pronouncable "word" that is a basically a pronouncable mixture of consonants and vowels. You'll need to use, say, twice the length to get the security of a purely random password, but its much easier to remember.
> Since when does the Press care about what they publish? Case in point: the Press hears that the US military is tracking OBL by his use of a satellite phone. No further calls from the phone are ever made.
OBL knew it was possible before it was leaked to the press. Word got out to the press after he stopped using the sat phones.
And you know what happens when people use a random password? They write it down and either put it in their top desk draw or on a nice post-it note on their monitor
Not everyone does that... Personally, I open a text editor, enter well-mixed gibberish until I find a key sequence that "feels" comfortable to type, then type it over and over until my fingers remember it.
I couldn't actually tell you my passwords, and could swear to that in court without perjuring myself... "I" simply don't know them. But I can type them with no problem.
Also, another trick that I recommend everyone adopt for their own security... Memorize three "good" passwords (as in, more-or-less indistinguishable from a string of random characters). Use one for public purposes (ie, normal websites), one for normal moderate security use (normal user accounts at work and home), and reserve the last one for root/admin accounts and online financial sites.
Now, that alone will do better than nothing, but one further very easy to remember step will make each one very nearly as good as a separate random string for every single one - Pick an arbitrary character (or two) of your password, and replace them with something about the place you use it. For example, you might change the fourth and seventh characters for the last two letters in the name of the site or machine.
Combining those, you have a basically secure password that you can easily remember, and having one use of it compromised reveals absolutely nothing. Only someone that knows at least two of them has any shot at all of guessing the rest, and even then, only within one of your three classes of password.
Of course, personally, I've simply memorized how to type around two dozen "good" passwords. But for those who don't feel quite so paranoid, the above works rather well.
That does emply one extra layer of security - cat the encoded file onto a block of random data, then when you want to access the encrypted stuff, use dd to get the blocks that are actual data and put it on a tmpfs, then decrypt as normal. They'll have to work out where the random data ends and the encrypted data starts before they can actually start to decrypt it
95% of all computer errors occur between chair and keyboard (TM)
Wouldn't ever work... microsoft already spoiled that one.
One of the best solutions I've seen is to use tier passwords plus a case-dependent "salt". For example your base low-security password could be the string "HB9y1a" (possible to remember when you use it for 10 different things), and then you can append the first two letters of the site you're using. So for slashdot your password would be "HB9y1asl". Of course you don't have to do exactly this; invent your own variant for extra obscurity.
Wait... Secret Service employees have administrator rights? This is just wrong. Their IS department should know better.
Actually, it isn't really all that stupid. It's a perfectly valid combination from a 5 digit set.
If you were to exclude this, and many other "stupid" combinations, there would be very few left, which, therefor, would be stupid combinations, because you would only be using a small subset of the whole set of possible combinations.
There is, for example, not a single 4 digit code (like a PIN number) that isn't somehow easy to remember when entering it into a keypad. There is always some clear pattern to remember.
That's bad, I'll grant you - but the guys running the Jet Alone project set the main password granting full control over their nuclear-powered giant mech to a four-letter dictionary word. No wonder Ritsuko 0wn3d them so easily...
(Two-letter, if they weren't using the Roman alphabet. No, I'm not saying what the password was; this ain't Usenet, and I don't think he greps himself so often these days, but I still don't want to summon him up...)
Real Daleks don't climb stairs - they level the building.
Any password based on a word is inherently flawed.
A much better way to create passwords is based on finger movements. For example, the index finger horizontal rows on the keyboard give a password such as: r f v u j m (type that password in notepad or something and you'll see what I mean)
This is a very simple example of finger movement passwords. Much more complex passwords can be created by alternating fingers (r u f j v m), or using more fingers in the pattern.
I personally use a password that is 12 characters long that I have no problem typing but I couldn't recite if my life depended on it.
Just make sure you don't inadvertently encounter a dvorak keyboard layout!
- Cary
--
Fairfax Underground: Where Fairfax County comes out to play
For example: "master" would be ",sdyrt"
Easy to remember and much more secure.
Becomes
Of course, you would then add in caps, numbers, or non-alpha characters as you see fit. And if you're thinking of hanging the "decryption key" on your cube wall, it's much less conspicuous with song lyrics than a sentence such as the parent's example.
I'm not good in groups. It's difficult to work in a group when you're omnipotent. - Q
I worked for a major retailer for a time. My first walk thru the financial auiting department found passwords post-it'd to monitors in plain sight, or just under the keyboard/in the top drawer. In the FINANCIAL AUDITING department.
The building at the time was not that secure. You could walk in off the street.
Yep.. the human factor is rarely correctable.
{} ------ When I think of a good sig, I'll put it here
Because users are lazy and management doesn't always listen. At my last admin job (a school district), I wanted to use it, but staff was dead set against using strong passwords, or even changing passwords. Never mind that it was the same password for the user's pop email account, which was sent in cleartext. In vain, I complained loudly to administration that there needed to be changes to password policy and the email system.
When I left, I'm pretty sure passwords were being compromised by some of the more technically inclined students. Eh, not my problem anymore.
I'm just waiting for "grades for sale" popping up in the local news.
Qualitas edurus commercium, nullus penitus net rimor, nullus deus beneficium
Any of you read Dan Browns Digital Fortress?
;)
Basically in this novel the NSA has a secret computer called TRANSLTR, the most powerful computer in the world, that simply brute-forces anything it comes across in 6 minutes. something like 20 million processors or some such large number...
Read it, it's good for people of a paranoid frame of mind
C17H21NO4
Nobody uses it because all it takes is access to the HDD (think knoppix or other) and the Windows password is rendered utterly useless. The only way to secure a HDD from the Feds is using encryption that is illegal in the USA.
No one uses it because our support ques aren't setup to handle the volume of "I forgot my password" calls we'd get as a result of asking a user to remember anything other than their SSN, or birthdate, or anniversary, or "password".
*dies*
Would you mind telling me what sort of encryption is illegal in the US? I know that it was once illegal to export programs using certain encryption algorithms but that was lifted and I have never heard of any law forbidding the use of any form of encryption in the US.
Tell me about it. Now that I know what they are looking for I know what not to change my password too. It also gave me peace of mind knowing that the pass phrase I use to protect the shit that I don't want anyone knowing has nothing to do with any hobby I have nor is it in any tv program or book I've read.
Supporting World Peace Through Nuclear Pacification
Here is a way I just thought of to create secure passwords. It seems good enough. It has the benefit that you can derive your password easily without making it less secure at all.
Pick some english words. It doesn't matter at all what they are, so long as the number of repeated letters is low. It can even be a phrase. In fact, it can be your name if you like, but it is better to just pick some words that you can remember.
Pass Phrase: MikeyJohnFatDug
Now you apply a group permutation to this. There are n! different permutations for a Pass Phrase with n unique characters. So the above has 15 unique characters, there are 15! = 1307674368000 ~= 13 *10^11 different permutations.
It is possible to order the permutations in a unique way. So now you just pick a number between 1 and 13*10^11. This seems hard right? Well, maybe not. Pick an equation and then use the first however many significant digits. If you don't want to remember how many digits you used, just find an equation that has a value within the range, and chop the decimal part. Of course you need to write a short script to tell you what permutation corresponds to the number you choose.
Example Permutation: Pi^Pi^Sqrt[3] = 18878025475.0620 so the permutation is 18878025475.
Now, you apply permutation 18878025475 to MikeyJohnFatDug, and whatever that gives you is your password. Memorize it. If you forget it derive it again.
With 15 characters made from 4 words as above, there are approx. n! * (25000 choose 4) different passwords possible. This assumes the attacker knows the length of the password AND how many words are in it AND how you made it. Without this knowledge the password is basically as strong as a random string, and with this knowledge they are still in a hopeless situation.
So you have to remember a few short words in order and a simple equation, for a password that is many orders of magnitude stronger than any commonly used encryption key. They'll brute force the key before they can crack this password.
Now they might try guessing equations, but as long as you have at least 3 operations in it it will be no easier for them by doing this, since there are hundreds of constants you can choose from as well as any numbers, plus about 8 operations, so again it is stronger than the key.
Of course I may have missed something serious here, though it seems kosher to me.
Backspace.
This stopped working once login(1) implementations the world over started paying attention to the "special" characters even when in raw mode. Ah well. Fun while it lasted.
(I was inspired by a SF short story, where two robbers break into a paranoid guy's computer. They set off alarms because they had gotten the password right on the first attempt. The paranoid guy had, for years, deliberately screwed up the first attempt before giving the right one on the second try. Eventually the semi-smart programs adapted and started expecting this behavior.)
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
espo
I haven't bothered with locks on my last few flights (and you were still permitted locks at that time) -- Instead, I just used plastic ties.
Security was quite willing to use my own plastic ties rather then their own, which meant I could still tell whether or not my luggage was opened again after it left my sight.
Whether this still applies or not, I don't know.
Give a man a fish, he'll eat for a day, but teach a man to phish...
Linux can also enforce various rules through PAM and even warns you (in FC) when a password is guessable though I don't know if any dist actually mandates passwords based upon a strict set of rules.