Slashdot Mirror

← Back to Stories (view on slashdot.org)

How the Secret Service Cracks Encrypted Evidence

Posted by timothy on from the throw-at-wall-see-what-sticks dept.

tabdelgawad writes "The Washington Post offers this writeup about how the U.S. Secret Service uses a Distributed Network Attack program to crack encryption on computers and drives seized as evidence. How can brute force still succeed with 256-bit encryption, you ask? Customized password dictionaries from the seized computer's email files and browser cache: People still use non-random passwords."

26 of 658 comments (clear)

  1. Passwords?! by Enze6997 · · Score: 5, Funny

    King Roland: The combination is: one . . . Dark Helmet: One. Col. Sandurz: One. King Roland: Two . . . Dark Helmet: Two. Col. Sandurz: Two. King Roland: Three . . . Dark Helmet: Three. Col. Sandurz: Three. King Roland: Four . . . Dark Helmet: Four. Col. Sandurz: Four. King Roland: Five . . . Dark Helmet: Five. Col. Sandurz: Five. Dark Helmet: So, the combination is: one, two, three, four, five. That's the stupidest combination I ever heard in my life! That's the kind of thing an idiot would have on his luggage!

    1. Re:Passwords?! by ArsonSmith · · Score: 5, Funny

      Note to self: Change combination on lugage when I get home.

      --
      Paying taxes to buy civilization is like paying a hooker to buy love.
    2. Re:Passwords?! by Bingo+Foo · · Score: 5, Funny

      I hope I never think any of my passwords are so clever that I feel compelled to tell everyone about them.

      --
      taken! (by Davidleeroth) Thanks Bingo Foo!
  2. In other words.. by doormat · · Score: 5, Insightful

    If your password is something you've ever written on your computer, its likely they'll crack it? Interesting.... moral of the story: dont use words found in the dictionary as your password. Inject spaces or numbers or punctuation into the word if you do. And dont write it down on a sticky note under your keyboard.

    --
    The Doormat

    If you're not outraged, then you're not paying attention.
  3. Now I don't look so crazy... by redmo · · Score: 5, Funny

    for having my hard drive encrypted by a key, on a flash drive, which is encrypted by a password that is generated randomly every five minutes and hased twice before I lock it in my safe deposit box.

    --
    If you're tired, sleep! Wenn Sie muede sind, schlafen!
    1. Re:Now I don't look so crazy... by W3bbo · · Score: 5, Funny

      Law Enforcement can gain access to safety deposit boxes, so your plan is slightly flawed there.

    2. Re:Now I don't look so crazy... by Anonymous Coward · · Score: 5, Funny

      That's why I store my jump drive in my ass, it comes in a handy suppository case!

    3. Re:Now I don't look so crazy... by The+Other+JoshG · · Score: 5, Funny

      Law Enforcement can gain access to your ass, so your plan is slightly flawed there.

  4. Because people are stupid/lazy by Andy+Dodd · · Score: 5, Insightful

    It's always been known that a fully random password is more secure.

    But it's a bitch to remember, so people use easier-to-guess passwords anyway.

    Knowledge of this technique changes nothing. Any crook smart enough to use totally random passwords after this incident probably is already doing so.

    --
    retrorocket.o not found, launch anyway?
  5. Comment removed by account_deleted · · Score: 5, Interesting

    Comment removed based on user account deletion

  6. So, to interpret this article: by reality-bytes · · Score: 5, Interesting



    The U.S. Secret Service is having success with breaking keys using dictionary-attacks.

    Now, reading between the lines:

    The U.S. Secret Service has just perfected a brilliant new method of brute-forcing 256-bit keys in a matter of minutes using the same processing power as a pocket calculator.

    Therefore the previous dictionary-attack system can safely become public knowledge.

    --
    Ripping an new rectum in the fabric of spacetime.
  7. Secret Services Cracks? by Anonymous Coward · · Score: 5, Funny

    How the Secret Services Cracks Encrypted Evidence

    Looks like someone used Microsoft's Grammar Checker to create the headline.

  8. Random by IPFreely · · Score: 5, Funny
    If I thought these guys had any since of humor at all, I'd make a 1.5 Gb file of random binary from a random number generator and store it in a file with a suspicious name.

    Of course I'd probably end up in Camp-XRay being tortured for the password. That's not where I want to spend my summer vacation.

    --
    There is nothing so silly as other peoples traditions, and nothing so sacred as our own.
  9. Re:You think? by Rorschach1 · · Score: 5, Funny

    "This is probably because people still have non-random memories."

    Pfff. I can remember the opcode for the 6502 halt-catch-fire instruction. I can't, however, remember what I had for breakfast. How's that for random?

  10. Tron by Dachannien · · Score: 5, Funny

    You know, it's amazing that Kevin Flynn had such trouble getting the info he needed to hang Ed Dillinger out to dry, considering that the password for the Master Control Program was "master".

    I guess we've come a long way in the past quarter century. Except when it comes to choosing passwords.

  11. Re:It's like social engineering, without the perso by Shadow+Wrought · · Score: 5, Interesting
    What's the point when humans are still the weakest link?

    Especially when all they have to do is offer them chocolate before they bust them;-)

    --
    If brevity is the soul of wit, then how does one explain Twitter?
  12. Acronym passwords are a good compromise by Rei · · Score: 5, Interesting

    You don't have to use random passwords to be secure. Slightly modified acronym passwords tend to be almost as good as completely random passwords, and people tend not to mention the phrase that the acronym is from very often.

    For example, a password 'JWfimf#aIgtVae' is about as good as random; and yet, it's simply an acronym for "Juffo-Wup fills in my fibers and I grow turgid. Violent action ensues." with a hash sign thrown in for good measure. Any Star Control II fan would have an easy time remembering it after just a couple uses.

    --
    I once listened to a Philip Glass record for an hour and a half before I realized it was skipping.
  13. Re:Isn't the effectiveness now compromised? by khrtt · · Score: 5, Interesting

    A friend of mine ran crack over /etc/passwd on his physics department's unix system, successfully cracking 20% of the passwords on file. He sent the results to his sysadmin, with a note asking the sysadmin to implement crack system-wide, and was promptly reprimanded.

    On VAX VMS you had to pick a password from a list of randomly generated "pronouncable" strings, if I recall correctly. On many properly-managed UNIX installations the crack program is used to check the user's passwords and will not allow you to use a crackable one. Is there as option to allow only hard passwords on Windows? I honestly don't know...

    On the whole, soft password problem seems like a healthy n00b-usability-over-security type thing.

  14. Choosing a password. by bmalia · · Score: 5, Funny

    Enter a new password: ***** [penis]

    Sorry, your password is not long enough.
    Enter a new password:

    --
    There's no place like ~/
  15. Re:I feel pretty safe under Fedora. by Quixote · · Score: 5, Funny
    Unless the government has a pressing need to read my private journal about me bitching about how I can't get a date. In that case, those spooks are outta luck!

    ... and so, it appears, are you. ;-)

  16. Re:256-bit encryption? by bofkentucky · · Score: 5, Interesting

    You've never seen the "shoot here to destroy" stickers that Uncle sam sticks on his computers, usually they are just slightly off center of the hard drive spindles, not sure how a multi-disk box gets tagged, but its probably in a similar manner.

    Remember that P-3 that landed in chicom airspace back in 2000/2001, supposedly hammers were used to beat the interior of that bird all to hell when the pilot realized they weren't going to make it to a safe landing area.

    --
    09f911029d74e35bd84156c5635688c0
  17. Password is not correct by MachDelta · · Score: 5, Funny

    At my former job, one of the programs we used would return "Password is not correct" if you input the wrong password.

    So, for a month, my password was "correct".

    Hey, at least I had a handy reminder if I ever forgot what it was. :P

  18. Eat this! by Maradine · · Score: 5, Funny

    Hey, SS!

    Go stick a pig
    -----BEGIN PGP MESSAGE-----
    Version: PGP 8.1

    qANQR1DBw04DB6hKqQuGABkQD/4ndRFLEcpsuHpf24/Moh2W MS bDwKKMWLDYRUG8
    4Jap4LfE3kpiVoiHvKWpSTz2z6lxbknY88 15gzDnFVPCDgH9L/ 0Rzyh7hF1J5xm2
    nVF1z1EkQPgNJhk8nrzSs3fu96D9wSuLEt wZhkXjCaTR02/H9+ AQ8lDFKVDQYYAi
    XI4Z1knJn+kLvXhyDOXfoyBp8htnRsG5AA wGUJc/GOgAbO668a KoitTl8bwK8Amr
    HNgk/wpSGPODVb1VQ3CL8uy1F1efM1UWmO SpddpBa2gWgfs8lm b6KUrfCes38xSe
    tzfZ1b0RxyeKJkkSAwJFRH9pJb3cmXfw75 b05d6LKHphwyXXb1 rrDaw2ct6Qt5lA
    Ot8+RMrUVd1w3EXEZFO2lV0NeHyWlw0V8q qIFNM+UHcIQCP6kE eIj6niRoG87m7X
    EbdUD8Q7rrW8ELD1MBYR/uW0paxJKClUfU mRfoYnj9H4WpHd2X PdIT6AZX23rWK8
    GLJPRDo+1DK5JWGzCDmpCqPCk/hC6IaTY4 dj+A1ee7y/w255AS JxBoteG0EKC1j8
    EEgdDMGn0/7PVP221FfvUmHiEptXaOIfrH jouJ6RdammqmHWYC sjpmATiWHEP6jf
    V1Vw12K2pNTt5h9oVhf0N0g1GyD4jLLmpM OPb0qSCyk8DWaEt0 IZIjqS/QwVV3Ng
    i6516BAAj4IEcxfYcbEyxvfyDqwkxzJ6R2 GSy2D9i1P6/xiy6a ASo8qSeArFO4KZ
    ATj5YyIDe2HnX66b6z9KaJrRlStSAhKr8l E05enZbjjD9zuliM M09a1L9RDGwB1T
    glArSeHh09AKDyYOYRA3eOp6Tdlog4quaQ M8AszGHfdK07+VI7 4sODIqxI46pd/a
    frOd100aZXP0w5928LbQT4HSUw9pQAsILN Oftik4aRCNozbquR 0wJ+UDaX8f2Qf3
    tvX51ONAm2hSsjkWiBO9n2TMnYYV4th1m4 BVR0sFMO/Pw8tktG 70WC3Y6rDt02G9
    ZE6hbscNP2dPGk9Zn1xn0HJSzogOqOYwc7 nCPRIkfrZQ6GUNIQ jDhNphAkJjZQg7
    4X31KiVUuJ4LsTNrpvLwl1P+rvzrPHr3Eg IZRGRTBiSTyC4u9d fF1NLlh/iDHEwH
    MdarZSX1QRgEJt/ncSvfhqHwGo21HR9lZ7 l00xu9nQCt5PA+qf xIkJN4vsIidT0h
    YcopCBgJX61SHI+zdZkvbZ+z0NrrnTx5QD HP7FGrsEsjtrSEDE wEXjKPAltPlmQT
    dzMXIikb/312gs99vRUxKh+4tQlSQKlrWr ms/8QXoDCJ/TGbFR b8vpes6+8ce5ii
    7iIxoRlYaN5QcwPizj9cFy6AQBGHZGnXDO RX0rs8uzlaDNYnP+ PSwMYBPLhLEbzn
    JD0YluWuDrSeGkgFtYzFSf/HPdv8jrHPdV hyvtB0UxjP8VeVGY +ZIMgT+pnKyuGb
    liHKlUowBHmL7pbP5F/A348XNovPFL/YG/ xR7XScBtV7W4dSPu 0uiwSnoprHDY10
    rRO7SHaproOa+CchbNySs2raYmqk02vebG ZKL17aTZzxxwLgcC q0EfCKNuAR09pm
    P54a5qvTc3f3qv5MhvktHrQV6BGzBJvZPs q/bQw8y5OG0j96ym h5CA4YlCfJvdGV
    pfRCp8Np+DUPqT7CswmULPjYlsJJjHsxaT 3z/mHqNvkddu5QPj iIn4BXsLTIUMBv
    +yPSaWVugMtoyBwruemTV9AwgE90W6nw50 GWlHtF9zrDZ4JO8z aubc1mOsEDI1hf
    LPNVSamLx1VY4rwe7yePeAredp8VuT+nJE KGIGd+I0l32NbU1n OB6ju7MtqzYGga
    yiiy1f9TE3GVMogQ00c4OIpWXjNMa2GZFZ kcP1uN1mKiFtMQxF QxiPU+bUJhvCI=
    =qYai
    -----END PGP MESSAGE-----
    and you mother, too!

    M

    --

    trustedworlds.net - gaming, security, and the gunk that lives in between

  19. OMG! by temojen · · Score: 5, Interesting
    Unlike other distributed networking programs, such as the Search for Extra Terrestrial Intelligence Project -- which graphically display their number-crunching progress when a host computer's screen saver is activated -- DNA works silently in the background, completely hidden from the user. Lewis said the Secret Service chose not to call attention to the program, concerned that employees might remove it.

    "Computer users often experience system lockups that are often inexplicable, and many users will uninstall programs they don't understand," Lewis said. "As the user base becomes more educated with the program and how it functions, we certainly retain the ability to make it more visible."

    Wait... Secret Service employees have administrator rights? This is just wrong. Their IS department should know better.

  20. Reminds me of a story... (offtopic) by hanshotfirst · · Score: 5, Funny
    A minister wakes one Sunday morning to a bright sunny day. He decides to play hooky for a day, and calls his Jr. Pastor to cover services for him as he is very sick.

    He then proceeds to get his golf bag and head for the links. The course is beautiful, the sun is shining, and his game is great.

    Up in heaven, St. Peter asks God "Aren't you going to do something about this?" God replies, "Wait and see."

    As the round of golf continues, the minister is shooting the best game of his life. On the 18th tee, The minister swings... God commands the ball and it bounces off the water, out of a bunker, and right into the cup.

    St. Peter is incredulous. "Why are you REWARDING this man for shirking his duty!? I don't understand?!"

    God replies "Who's he going to be able to tell about it?"

    --
    Why, oh why, didn't I take the Blue Pill?
  21. Re:Reminds me of a story... (even more offtopic) by commodoresloat · · Score: 5, Funny
    So a guy walks into a church and goes to confession. He tells the priest: "Father, I'm 75 years old, and I've been happily married and faithful for 50 years. I have two children in their thirties and I've never cheated on my wife. Until yesterday. I was driving down the street and saw these two hot 20-year old coeds hitchhiking. I picked them up and drove them to a hotel. They convinced me to join them in the hotel where I proceeded to have sex with both of them for the next two hours."

    The priest is quiet for a moment and then says, "are you sorry for your sins?"

    The man replies, "Sins? What do you mean?"

    The priest sounds concerned. "What do I mean? What kind of Catholic are you?"

    The man replies, "Catholic? Father, I'm Jewish!"

    The priest is incredulous. "Well then why are you telling me this?

    The man replies, "are you kidding? I'm telling everybody!"