Slashdot Mirror
How the Secret Service Cracks Encrypted Evidence
tabdelgawad writes "The Washington Post offers this writeup about how the U.S. Secret Service uses a Distributed Network Attack program to crack encryption on computers and drives seized as evidence. How can brute force still succeed with 256-bit encryption, you ask? Customized password dictionaries from the seized computer's email files and browser cache: People still use non-random passwords."
King Roland: The combination is: one . . . Dark Helmet: One. Col. Sandurz: One. King Roland: Two . . . Dark Helmet: Two. Col. Sandurz: Two. King Roland: Three . . . Dark Helmet: Three. Col. Sandurz: Three. King Roland: Four . . . Dark Helmet: Four. Col. Sandurz: Four. King Roland: Five . . . Dark Helmet: Five. Col. Sandurz: Five. Dark Helmet: So, the combination is: one, two, three, four, five. That's the stupidest combination I ever heard in my life! That's the kind of thing an idiot would have on his luggage!
Sounds pretty logical to me.
Why did they not keep their tactic of creating customized password dictionaries secret? Seems like they just gave potential criminals a big warning...
My password is totally unguessable - I mean, who else has the password asdjklf;@#$#@jjdakl?
No - wait, I meant that *wasn't* my password! Hey, stop ssh'ing into my box! No - not my 20 GB of Sailor Moon music collection!
Well, guess I'll have to use my backup password of qwurf$#@ff5a` from now on - No, wait -
Damn it!
52 Weeks, 52 Religions with John Hummel
If your password is something you've ever written on your computer, its likely they'll crack it? Interesting.... moral of the story: dont use words found in the dictionary as your password. Inject spaces or numbers or punctuation into the word if you do. And dont write it down on a sticky note under your keyboard.
The Doormat
If you're not outraged, then you're not paying attention.
for having my hard drive encrypted by a key, on a flash drive, which is encrypted by a password that is generated randomly every five minutes and hased twice before I lock it in my safe deposit box.
If you're tired, sleep! Wenn Sie muede sind, schlafen!
Which kind of makes much hard for conspiracy theories that the FBI/NSA/Secret Service require all these back doors into encryption software and/or operating systems. What's the point when humans are still the weakest link?
It's always been known that a fully random password is more secure.
But it's a bitch to remember, so people use easier-to-guess passwords anyway.
Knowledge of this technique changes nothing. Any crook smart enough to use totally random passwords after this incident probably is already doing so.
retrorocket.o not found, launch anyway?
In cases like this (and many others) security is only as strong as the person who manages it. Choose a weak password, choose weak security. I'm sure, however, if this information is public that their actual system is much more advanced. Sort of makes you wonder how sophisticated the NSA's equipment is.
shop.envescent.com - Computer hardware and more.
I use the built in crypto in Fedora (the device level encryption passed to a loopback file mounted under /enc). I doubt that, absent a key sniffer, my passwords would *ever* be discovered. I have some english words in them (most are long phrases with nonsense punctuation thrown in at several places), so I guess that could be some kind of issue. But overall, I feel pretty secure.
;)
Of course, I'm not actually defending any data that the government would care about, so it's all moot
(Unless the government has a pressing need to read my private journal about me bitching about how I can't get a date. In that case, those spooks are outta luck!)
Comment removed based on user account deletion
The U.S. Secret Service is having success with breaking keys using dictionary-attacks.
Now, reading between the lines:
The U.S. Secret Service has just perfected a brilliant new method of brute-forcing 256-bit keys in a matter of minutes using the same processing power as a pocket calculator.
Therefore the previous dictionary-attack system can safely become public knowledge.
Ripping an new rectum in the fabric of spacetime.
Well, not until you put it in my browser cache. Thanks a lot, buddy.
666-607: 6th floor apartment of the beast
This ties in nicely with the "BBC Writer Tries PC Repair" thread. Most people don't understand their computer's software, even if they're criminals trying to hide evidence, apparently.
Have you read my blog lately?
"People still use non-random passwords."
What's easier to remember, Your dogs name or z*4jhDm28&:1~. Now I will wait for someone to reply with "but my dogs name is z*4jhDm28&:1~"
And you know what happens when people use a random password? They write it down and either put it in their top desk draw or on a nice post-it note on their monitor.
How the Secret Services Cracks Encrypted Evidence
Looks like someone used Microsoft's Grammar Checker to create the headline.
Dictionary attacks and other brute force attacks still don't work too well on passphrases so those who use them can protect their drug money for a little while longer. It should also be noted that the DNA attack won't work unless the Secret Service has your private key file. The actual encryption can't be broken easily so they have to attack the weak encryption on the digital private key that's stored on your computer. If the key is stored in a manner that they can't get to it, then your data will still be safe. E.g. the key is stored on an IC in the computer that self destructs if it is tampered with like IBM's ultra-paranoid laptops. The IC would detect a brute force attack and destroy the key.
--
Want a free iPod?
Or try a free Nintendo DS, GC, PS2, Xbox. (you only need 4 referrals)
Wired article as proof
Of course I'd probably end up in Camp-XRay being tortured for the password. That's not where I want to spend my summer vacation.
There is nothing so silly as other peoples traditions, and nothing so sacred as our own.
"This is probably because people still have non-random memories."
Pfff. I can remember the opcode for the 6502 halt-catch-fire instruction. I can't, however, remember what I had for breakfast. How's that for random?
It's becoming increasingly clear that human language facility is mostly a giant system of cross references. Sometimes those references attach to other experiences outside the language network, like other sensations and actions. But the language itself is a highly flexible collection of weighted references. There's no intrinsic "meaning" to the words and other language elements, just our shared experiences, including our experience of language itself. These private dictionary attacks are an extremely sophisticated attack on the very human space of personal language constraints.
--
make install -not war
You know, it's amazing that Kevin Flynn had such trouble getting the info he needed to hang Ed Dillinger out to dry, considering that the password for the Master Control Program was "master".
I guess we've come a long way in the past quarter century. Except when it comes to choosing passwords.
Especially when all they have to do is offer them chocolate before they bust them;-)
If brevity is the soul of wit, then how does one explain Twitter?
You don't have to use random passwords to be secure. Slightly modified acronym passwords tend to be almost as good as completely random passwords, and people tend not to mention the phrase that the acronym is from very often.
For example, a password 'JWfimf#aIgtVae' is about as good as random; and yet, it's simply an acronym for "Juffo-Wup fills in my fibers and I grow turgid. Violent action ensues." with a hash sign thrown in for good measure. Any Star Control II fan would have an easy time remembering it after just a couple uses.
I once listened to a Philip Glass record for an hour and a half before I realized it was skipping.
Even allowing for a 10 character word length and 4 randomizations per word (letters, numbers, spaces) that's still under a million variations.
From the article:So that's less than 25,000 seconds to crack your password.
416 minutes
approximately 7 hours
People just cannot memorize enough randomness to defeat that kind of attack.
I always wondered this: If your computer is siezed, but the incriminating data is encrypted, do you have to give the password to decrypt it? I'd imagine not, since it would be self-incrimination. But it seems like a lot of people get caught with having illegal stuff on their hard drives. Are they just not encrypting their data? I can see someone not knowing how to encrypt a cache of internet files (kiddie porn or something), but wouldn't most people who attract this kind of attention just keep stuff locked up? Anyone know how well Macs auto-encryption stands up (whenever you log out, all personal files are encrypted using a 256 bit key or something)? It's one feature I think is really neat with Mac OS X on my brand new Mini.
It looks like they figured it out after all. I just hope Martin is OK...
It all comes back to the old axiom: If you rob a bank, make damn sure you pay your taxes.
The basic idea is, if you break the law, you cover every hole you can think of, no matter how trivial. Just like Al Capone should have paid his taxes, criminals (and everybody else for that matter) today need to start using better passwords.
Does anyone have any ideas on how well FileVault in Mac OS X would stand up to this? Seems to me that with a strong, unique password it would be pretty much unbreakable since the entire home directory is encrypted.
Enter a new password: ***** [penis]
Sorry, your password is not long enough.
Enter a new password:
There's no place like ~/
criminals (and everybody else for that matter) today need to start using better passwords
Well, OK, so you're talking about this in more or less academic terms... but, I'd say that what criminals really need to do (um, espcially the ones that are smart enough read up on this sort of thing) is to use their brains for, say, something other than crime.
Don't disappoint your bird dog. Go to the range.
Passphrases are the only sensible solution I've ever heard of for divising keys that are both relatively easy to remember and sufficiently random so as to be secure. A random string of characters cannot be reliably memorized. Any word, no matter in what language and no matter how obscure, can be cracked by a dictionary attack. A sequence of words chosen at random can be memorized, and if it's about six or seven words long, is probably beyond the reach of cracker software, even the Secret Service's.
One of the best ways I've seen to construct a secure passphrase is Diceware. Arnold Reinhold constructed a list of about 7500 words of up to six characters in length. Roll five dice to pick out a word in the list; do this a few times to create a passphrase, commit the phrase to memory, and burn anything you might have written down. He calculated that if you choose a passphrase consisting of seven words this way, you have about 90 bits of entropy, which a cracker probably couldn't break in this lifetime. His sample phrase is cleft cam synod lacy yr, which probably takes some practice to memorize, but it can be done.
Always keep a sapphire in your mind
You've never seen the "shoot here to destroy" stickers that Uncle sam sticks on his computers, usually they are just slightly off center of the hard drive spindles, not sure how a multi-disk box gets tagged, but its probably in a similar manner.
Remember that P-3 that landed in chicom airspace back in 2000/2001, supposedly hammers were used to beat the interior of that bird all to hell when the pilot realized they weren't going to make it to a safe landing area.
09f911029d74e35bd84156c5635688c0
This might not be new to some, but it's quite easy to create random passwords that you can remember, although, I suppose you could argue that they are not completely random. Anyway, here goes:
1. Think of a sentence that you can remember, e.g., "My two lovely kids Spike and Mary eat noodles every day!"
2. Take the first letter of each word and use some common substitutions: "M2lkS&Mened!" - Bingo, not only is it a pretty random collection of letters but it includes numbers, upper case and lower case mixed and even punctuation. All lovely stuff to blunt brute force password attacks.
3. When you type it in, say the sentence to yourself in your head. It's really quite easy to remember that way. Also, you can even just about get away with writing it down (in an office environment) and not many people will understand it. Of course, I don't recommend this but people are people.
4. Don't forget to dump the sentence every few months or so and make up a new one. It's no big deal, they're easy to remember.
Hope that helps some.
At my former job, one of the programs we used would return "Password is not correct" if you input the wrong password.
:P
So, for a month, my password was "correct".
Hey, at least I had a handy reminder if I ever forgot what it was.
Looks like your password is the least of your problems....
Wouldn't ever work... microsoft already spoiled that one.
Hey, SS!
W MS bDwKKMWLDYRUG88 15gzDnFVPCDgH9L/ 0Rzyh7hF1J5xm2t wZhkXjCaTR02/H9+ AQ8lDFKVDQYYAiA wGUJc/GOgAbO668a KoitTl8bwK8AmrO SpddpBa2gWgfs8lm b6KUrfCes38xSe5 b05d6LKHphwyXXb1 rrDaw2ct6Qt5lAq qIFNM+UHcIQCP6kE eIj6niRoG87m7XU mRfoYnj9H4WpHd2X PdIT6AZX23rWK84 dj+A1ee7y/w255AS JxBoteG0EKC1j8H jouJ6RdammqmHWYC sjpmATiWHEP6jfM OPb0qSCyk8DWaEt0 IZIjqS/QwVV3Ng2 GSy2D9i1P6/xiy6a ASo8qSeArFO4KZl E05enZbjjD9zuliM M09a1L9RDGwB1TQ M8AszGHfdK07+VI7 4sODIqxI46pd/aN Oftik4aRCNozbquR 0wJ+UDaX8f2Qf34 BVR0sFMO/Pw8tktG 70WC3Y6rDt02G97 nCPRIkfrZQ6GUNIQ jDhNphAkJjZQg7g IZRGRTBiSTyC4u9d fF1NLlh/iDHEwH7 l00xu9nQCt5PA+qf xIkJN4vsIidT0hD HP7FGrsEsjtrSEDE wEXjKPAltPlmQTr ms/8QXoDCJ/TGbFR b8vpes6+8ce5iiO RX0rs8uzlaDNYnP+ PSwMYBPLhLEbznV hyvtB0UxjP8VeVGY +ZIMgT+pnKyuGb/ xR7XScBtV7W4dSPu 0uiwSnoprHDY10G ZKL17aTZzxxwLgcC q0EfCKNuAR09pms q/bQw8y5OG0j96ym h5CA4YlCfJvdGVT 3z/mHqNvkddu5QPj iIn4BXsLTIUMBv0 GWlHtF9zrDZ4JO8z aubc1mOsEDI1hfE KGIGd+I0l32NbU1n OB6ju7MtqzYGgaZ kcP1uN1mKiFtMQxF QxiPU+bUJhvCI=
Go stick a pig
-----BEGIN PGP MESSAGE-----
Version: PGP 8.1
qANQR1DBw04DB6hKqQuGABkQD/4ndRFLEcpsuHpf24/Moh2
4Jap4LfE3kpiVoiHvKWpSTz2z6lxbknY8
nVF1z1EkQPgNJhk8nrzSs3fu96D9wSuLE
XI4Z1knJn+kLvXhyDOXfoyBp8htnRsG5A
HNgk/wpSGPODVb1VQ3CL8uy1F1efM1UWm
tzfZ1b0RxyeKJkkSAwJFRH9pJb3cmXfw7
Ot8+RMrUVd1w3EXEZFO2lV0NeHyWlw0V8
EbdUD8Q7rrW8ELD1MBYR/uW0paxJKClUf
GLJPRDo+1DK5JWGzCDmpCqPCk/hC6IaTY
EEgdDMGn0/7PVP221FfvUmHiEptXaOIfr
V1Vw12K2pNTt5h9oVhf0N0g1GyD4jLLmp
i6516BAAj4IEcxfYcbEyxvfyDqwkxzJ6R
ATj5YyIDe2HnX66b6z9KaJrRlStSAhKr8
glArSeHh09AKDyYOYRA3eOp6Tdlog4qua
frOd100aZXP0w5928LbQT4HSUw9pQAsIL
tvX51ONAm2hSsjkWiBO9n2TMnYYV4th1m
ZE6hbscNP2dPGk9Zn1xn0HJSzogOqOYwc
4X31KiVUuJ4LsTNrpvLwl1P+rvzrPHr3E
MdarZSX1QRgEJt/ncSvfhqHwGo21HR9lZ
YcopCBgJX61SHI+zdZkvbZ+z0NrrnTx5Q
dzMXIikb/312gs99vRUxKh+4tQlSQKlrW
7iIxoRlYaN5QcwPizj9cFy6AQBGHZGnXD
JD0YluWuDrSeGkgFtYzFSf/HPdv8jrHPd
liHKlUowBHmL7pbP5F/A348XNovPFL/YG
rRO7SHaproOa+CchbNySs2raYmqk02veb
P54a5qvTc3f3qv5MhvktHrQV6BGzBJvZP
pfRCp8Np+DUPqT7CswmULPjYlsJJjHsxa
+yPSaWVugMtoyBwruemTV9AwgE90W6nw5
LPNVSamLx1VY4rwe7yePeAredp8VuT+nJ
yiiy1f9TE3GVMogQ00c4OIpWXjNMa2GZF
=qYai
-----END PGP MESSAGE-----
and you mother, too!
M
trustedworlds.net - gaming, security, and the gunk that lives in between
One of the best solutions I've seen is to use tier passwords plus a case-dependent "salt". For example your base low-security password could be the string "HB9y1a" (possible to remember when you use it for 10 different things), and then you can append the first two letters of the site you're using. So for slashdot your password would be "HB9y1asl". Of course you don't have to do exactly this; invent your own variant for extra obscurity.
Wait... Secret Service employees have administrator rights? This is just wrong. Their IS department should know better.
Any password based on a word is inherently flawed.
A much better way to create passwords is based on finger movements. For example, the index finger horizontal rows on the keyboard give a password such as: r f v u j m (type that password in notepad or something and you'll see what I mean)
This is a very simple example of finger movement passwords. Much more complex passwords can be created by alternating fingers (r u f j v m), or using more fingers in the pattern.
I personally use a password that is 12 characters long that I have no problem typing but I couldn't recite if my life depended on it.
Just make sure you don't inadvertently encounter a dvorak keyboard layout!
- Cary
--
Fairfax Underground: Where Fairfax County comes out to play
For example: "master" would be ",sdyrt"
Easy to remember and much more secure.
Three guys from the CIA, Mossad, and the Iranian Secret Police have a competition. Each of them has a burlap sack, and must go into the jungle to capture a wild boar. The CIA goes first. 30 minutes later, he's back, with a wild boar in the sack. Mossad goes next, and he comes back in just 15 minutes with a similar catch.
The Iranian Secret Police goes next. He's back in 2 minutes. The CIA and Mossad are shocked. "No, you can't have alreayd caught a wild boar."
"Open the sack and see for yourself." The CIA and Mossad look in the bag and see a rabbit with cigarette burns, bruises, cuts, and possibly a few broken bones.
"That's not a boar, that's a rabbit. You lose."
On hearing this, the rabbit shrieks out, "no!!!!!! I'm a wild boar! I've been a wild boar for seven years. I can give you the names of other wild boars who are still loose in the jungle!"
-paul
Pistol caliber is like religion: everyone has their favourite, and theirs is the only right choice.
He then proceeds to get his golf bag and head for the links. The course is beautiful, the sun is shining, and his game is great.
Up in heaven, St. Peter asks God "Aren't you going to do something about this?" God replies, "Wait and see."
As the round of golf continues, the minister is shooting the best game of his life. On the 18th tee, The minister swings... God commands the ball and it bounces off the water, out of a bunker, and right into the cup.
St. Peter is incredulous. "Why are you REWARDING this man for shirking his duty!? I don't understand?!"
God replies "Who's he going to be able to tell about it?"
Why, oh why, didn't I take the Blue Pill?
Remember that P-3 that landed in chicom airspace back in 2000/2001, supposedly hammers were used to beat the interior of that bird all to hell when the pilot realized they weren't going to make it to a safe landing area.
No supposedly, it was. Aircraft with sensitive data or equipment on them always have one of two pieces of simple hardware nearby. Either a sledge hammer, or a regular hammer (for smaller craft). Sometimes several of them. In case of landing somewhere unfriendly, swing repeatedly. On aircraft, where applicable, there's typically an easy way to erase/ruin any data, magnetic storage medium, film, etc.
Ground locations that might be "taken over" and have classified data/equipment have at least: 1 55 gal drum, some liquid that burns well, and a lighter. The above can be replaced with an easy to access incinerator (sometimes both are present). There is a very specific burn procedure that people that work there tend to have to memorize. They start with the most sensitive and keep burning until the lunch order is gone or they're disabled and can't.
- AMW
As for Chavez, he has done his share of dissent-crushing and deportations and indoctrination. Just because he is "against" the "neo-libs" doesn't excuse some of his actions. Venezuela sells a good chunk of its oil to the States -- they may be at loggerheads but they still do a lot of business together.
Sometimes seventeen/Syllables aren't enough to/Express a complete
I worked for a major retailer for a time. My first walk thru the financial auiting department found passwords post-it'd to monitors in plain sight, or just under the keyboard/in the top drawer. In the FINANCIAL AUDITING department.
The building at the time was not that secure. You could walk in off the street.
Yep.. the human factor is rarely correctable.
{} ------ When I think of a good sig, I'll put it here
Any of you read Dan Browns Digital Fortress?
;)
Basically in this novel the NSA has a secret computer called TRANSLTR, the most powerful computer in the world, that simply brute-forces anything it comes across in 6 minutes. something like 20 million processors or some such large number...
Read it, it's good for people of a paranoid frame of mind
C17H21NO4
"The effort started nearly three years ago to battle a surge in the number of cases in which savvy computer criminals have used commercial or free encryption software to safeguard stolen financial information, according to DNA program manager Al Lewis."
Oh, how the might have fallen...
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
Nah, they just need to steal more so they become revolutionaries or businessmen. "One lawyer with a briefcase can steal more than a thousand men with guns"- The Godfather.
My little site.
Think about it: this article would just encourage high profile targets to use 30+ characters of random garbage for their keychain passwords, rendering their methods next to useless. They're not that stupid.
"How did you break that 256-bit encryption so fast?"
"With our mad deadly worldwide gangster communist frankenstein distributed computing network, bitch."
Tin foil is still the best buffer.
Logic fails you.
"Criminals with enough money are businessmen" and
"Businessmen with enough money are criminals"
are two different statements. I do not agree with both. HOWEVER, often the means of accumulating large sums of money are closer to crime than should be allowed. Skirting the rules of groups as a whole and "morality" is rewarded too often within the boundaries of our current social systems. I don't particularly believe in morality but i have to sleep with my own dreams, which means I'm not rich and slightly bitter that I'm smart enough to have bad ones when I do bad things.
Quit dragging me off topic with your 'karma to burn' self.
My little site.
From http://www.irs.gov/pub/irs-pdf/i1040gi.pdf :
Line 21
Other Income
Use line 21 to report any income not reported elsehwere on your return or other schedules....
Which kind of makes much hard for conspiracy theories that the FBI/NSA/Secret Service require all these back doors into encryption software and/or operating systems. What's the point when humans are still the weakest link?
This is true. Somewhat related to the story about the golfing minister: If the NSA has all these great backdoors, who can be trusted with them.. Certainly not mainstream LEA. Certainly your local copper and most FBI agents are just everyday civil servants.. giving them the resources to backdoor major encryption schemes is as good as giving everyone the capability.
Regardless of what some top minds/admins at the NSA can do, most of LEA is in the "them" camp and must work within the same limitations as the rest of us.
The priest is quiet for a moment and then says, "are you sorry for your sins?"
The man replies, "Sins? What do you mean?"
The priest sounds concerned. "What do I mean? What kind of Catholic are you?"
The man replies, "Catholic? Father, I'm Jewish!"
The priest is incredulous. "Well then why are you telling me this?
The man replies, "are you kidding? I'm telling everybody!"
Here is a way I just thought of to create secure passwords. It seems good enough. It has the benefit that you can derive your password easily without making it less secure at all.
Pick some english words. It doesn't matter at all what they are, so long as the number of repeated letters is low. It can even be a phrase. In fact, it can be your name if you like, but it is better to just pick some words that you can remember.
Pass Phrase: MikeyJohnFatDug
Now you apply a group permutation to this. There are n! different permutations for a Pass Phrase with n unique characters. So the above has 15 unique characters, there are 15! = 1307674368000 ~= 13 *10^11 different permutations.
It is possible to order the permutations in a unique way. So now you just pick a number between 1 and 13*10^11. This seems hard right? Well, maybe not. Pick an equation and then use the first however many significant digits. If you don't want to remember how many digits you used, just find an equation that has a value within the range, and chop the decimal part. Of course you need to write a short script to tell you what permutation corresponds to the number you choose.
Example Permutation: Pi^Pi^Sqrt[3] = 18878025475.0620 so the permutation is 18878025475.
Now, you apply permutation 18878025475 to MikeyJohnFatDug, and whatever that gives you is your password. Memorize it. If you forget it derive it again.
With 15 characters made from 4 words as above, there are approx. n! * (25000 choose 4) different passwords possible. This assumes the attacker knows the length of the password AND how many words are in it AND how you made it. Without this knowledge the password is basically as strong as a random string, and with this knowledge they are still in a hopeless situation.
So you have to remember a few short words in order and a simple equation, for a password that is many orders of magnitude stronger than any commonly used encryption key. They'll brute force the key before they can crack this password.
Now they might try guessing equations, but as long as you have at least 3 operations in it it will be no easier for them by doing this, since there are hundreds of constants you can choose from as well as any numbers, plus about 8 operations, so again it is stronger than the key.
Of course I may have missed something serious here, though it seems kosher to me.
Umm.. this is the NSA we're talking about. I'm sure they're not just putting forth the raw words, but are trying all the common leet-speak variations thereof. And probably word+digit, digit+word and various popular capitalization possibilities. Even with all those variations (maybe 100 for each word) it'll still be a very significant improvement over a brute force attack.
They've been on the Internet too, you know?
Hire a Linux system administrator, systems engineer,
Backspace.
This stopped working once login(1) implementations the world over started paying attention to the "special" characters even when in raw mode. Ah well. Fun while it lasted.
(I was inspired by a SF short story, where two robbers break into a paranoid guy's computer. They set off alarms because they had gotten the password right on the first attempt. The paranoid guy had, for years, deliberately screwed up the first attempt before giving the right one on the second try. Eventually the semi-smart programs adapted and started expecting this behavior.)
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
Unless it's from a self-employment activity!
http://www.irs.gov/publications/p17/ch13.html
espo
The next logical step is to provide a free screen saver download, to lend home computing power to the Secret Service's decription effort. We might call it SecretService@Home.
To encourage participation, our agency might make the decryption process a background feature of a download more likely to be wildly popular .... maybe a game ... perhaps we could call it something appealling to young people with lots of excess computing power ... a name like "America's Army".
And if we wanted to throw scruples out the [MS]window, our agency might create a zombie net exploiting security ports (formerly known as "security holes") to allow truly huge DNAs. Our legal advisors recommend coding our zombierecruiters to target computers outside our country, whose owners may expect little in the way of protection under our Constitution.
DISCLAIMER: Our government never would do this! No, Never!
--- Attorneys Assisting Citizen-Soldiers & Families -
Other income sources (this is for real)
This is not here.
...a pass PHRASE is for your encrypted hard disk.
Dictionary attacks mean sod-all when the passphrase is nothing that might appear in any dictionary (including one compiled from your correspondence and other public clues such as browsing history and Amazon purchases).
Especially when all they have to do is offer them chocolate before they bust them;-)
That survey is almost certainly complete rubbish - if someone came up to me in the street and offered me chocolate in exchange for my password I'd just give them a bogus password so I could get my chocolate.
http://blog.nexusuk.org
They now have TSA-approved locks which have some kind of TSA symbol on them that identify them as "OK". There's a master key for the key locks and the combination locks.
Prior to this I used tie wraps (the good ones with the metal in the latching end) through the lock holes on the zippers. I stashed an ancient wire cutters in an outer pocket for opening at my destination.
I don't know 'secure' these really are, but I suppose it makes it just hard enough that the crackheads working in baggage will choose someone else's luggage to rifle. I'm sure the master key component of the TSA-approved locks is trivial as well.
But as someone said above, if someone wants it, they'll just rip the fscking thing open. But it should be good enough. People have long complained about pilfering from luggage, but the complaints REALLY went up when the TSA banned luggage locking. IMHO most of the luggage pilfered was unlocked to begin with, and once everyone's was, it was open season for luggage handlers to steal, so a trivial amount of locking ought to deny them the easy opportunities.
There's a quote I heard a long time ago, "Don't ask a millionaire how he made his first million."
Dogma - "let's just say we'd like to avoid any empirical entanglements."