Slashdot Mirror
Police Need 90 Days To Crack Hard Drives
Twyko64 writes "The UK police may need 90 days to hold terrorist suspects because it takes that long to crack a suspect's PC hard drive." From the article: "Combining the analysis, the translation and second stage analysis, add inter-country co-operation and interview strategy formation, and from the police point of view, the existing 14 days is inadequate and 90 days doesn't look excessive. Another factor is encryption sophistication. If 256-bit triple-DES or similar techniques are used then decryption could require supercomputer-levels of cracking."
the subject says it all .. please replace TFA with one written by a clue-holder.
3des. 3 x des. des uses 64 bit key. Well, 56 bit if you remove the useless parity.
3 x 56 = 168. or 3 x 64 = 192. Either way, 256 is is not.
256 bit AES, then maybe.
They're really going to hate it when suspects start using steganography.
Generally they try to capture a complete computer containing all the algos used for the steganography. That way they don't have to search for a needle in a haystack.
It's a bit like the code devices of WWII. It was always easier to capture a code machine than try to brute force the code itself.
Javascript + Nintendo DSi = DSiCade
The defacto application used by law-enforcement agencies to do these things is EnCase, if anyone is interested. It's major bucks though, and don't expect to be able to download a demo version. ;-)
Entrepreneur : (noun), French for "unemployed"
Except when they shoot the innocent. Id10t.
MLT - simple and robust open source multimedia framework for Linux
I can't speak to the UK, but in the US you are have a right against self incrimination. You have the right to refuse to answer police questions, and (short of being called to testify before a grand jury and being given blanket non-transactional immunity for your testimony) there's really no way to compel a person to talk to the government about anything they don't want to.
To make laws that man cannot, and will not obey, serves to bring all law into contempt.
--E.C. Stanton
I think the key to this article is not the piece on encryption, but the piece on inter-county cooperation. In the states, it takes a long time for evidence to be approved by the proper authorities for analysis, just because the people doing the analysis don't want to screw up and have the evidence thrown out in court. And as easy as it is to make fun of the police's analysis methods, my guess is most slashdotter's don't even know what it's like to process evidence for a case. It's not just "running automated tools" on some suspect's hard drive. It's getting to know the case, knowing what you're looking for and where to look for it. Many times it's the police themselves that are writing these "automated tools", which only present the evidence in a way less technical minded officers assigned to the case can understand. And what happens once you get that evidence? You have to try to fit it into the puzzle of the case. It isn't CSI, where you find some email detailing the crime that's digitially signed and the suspect confesses to writing it. Often times its finding some random piece of partially-overwritten text and having to see if it fits into the overall case. And yes, most digital forensic labs can analyze your precious reiserfs/ext2/ext3/whatever file systems. In fact, I've never run across a lab that couldn't. So don't think you're 1337 linux system will be safe if it's ever involved in a crime. And if they don't have the tools to analyze them, they'll contact a department that does. That's how the real world of forensics works. Next time you want to talk about a subject you blatently don't understand, do us all a favor and don't hit the submit button.
If the two keys are different, you the encryption phases are encryption + a "wrong" decryption (different key) + encryption again, which is much better than just a single encryption.
Details, of course here.
That "swooshing" sound was the sarcasm going over your head.
Under the "Regulation of Investigatory Powers' (or RIP) bill - failure to disclose the encryption key to something the police believe you have encrypted gets you 2 years in jail...
see here for a good writeup
I don't read your sig, why do you read mine?
Most times a police department cannot even ANALYZE data properly if a machine is not running some modern form of Microsoft Windows on an x86 platform.
While largely correct, the situation changes if you get the attention of the three letter organizations. Of course, if they were on to you, the 90 day thing wouldn't mean anything, as you are more likely to just have your drive imaged and your keyboard bugged. If you got wise to the black bag job, you'd simply disappear...
I can understand the 90 day thing actually working, though, because if you didn't rate the attention of the previously mentioned three letter organizations, you're not really that important. Remember, kids, it's not cracking the encryption that gets the bad guys busted; it's poor key management. Keyboard bugs just make it easier...
Computer evidence is next to useless. It is infinitely easier to fake a word doc than it is someones handwriting, DNA and fingerprints that one might find on a piece of paper. I predict that in 10 years, once new forensic techniques for IT data analysis become available, a whole slew of "terrorists" will have their convictions quashed as the polices simply created a few fake emails. This is not tin-foil hat territory, this has happened numerous times in the past.
When will the public wake up? These "detention without trial" laws are something that the authorities have been seeking for decades. Only now do they feel they have the inertia to get them passed.
The definition of terrorism is "using fear to achieve a politcal goal". I wonder who the REAL terrorists are here...?
Under the Regulation of Investigatory Powers Act it is already an offence not to hand over encryption keys to the police when requested to do so.
If a person is detained, the police could investigate the hard disk and ask for the appropriate keys, if the suspect refuses they could then be charged under RIPA.
They would then be brought in front of a magistrate who would determine if there was a case for refusing bail (if they are truly a threat then bail would be refused) before the case is taken up by the higher courts.
The police could then have all the time they want to crack the disk, my rights would be less infringed than they already are and the police would actually have to work to prove the case for a serious crime.
More like 2 million years. We're talking powers of 2 here, so 512 is not twice as hard to break as 256...257 is twice as hard to break as 256. 512 is 2^256 times as hard to break as 256.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
Then you don't know much about cryptogrphy! Do you think DES, RSA, AES, and so on are insecure because the algorithms used are public knowledge? No, the security of a good cipher lies revolves around maintaining the secrecy of the key.
Let us consider hiding some data in an image. Assuming the use of decent steganography techniques, then without knowledge of the key used when hiding the data, it is impossible to know that they are hidden in the image in the first place, let alone retrive them.
If this is not so then an attacker would be able to knock up a quick shell script that scanned every file on the system to detect hidden data--thus making the use of steganography pointless in the first place!
"And in the U.S. we have secret courts that will issue warrants with virtually no burden of proof."
:P
No we don't, they issue warrents right out in the open
(sad but true, due to the lack of public scrutiny, they might as well be secret)
-nB
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
No, that's not right. I think you're probably confused with the argument that Double-DES doesn't appreciably increase security -- because of a meet-in-the-middle attack, known plaintext attacks on Double-DES have complexity 2^56+2^56. That's why you never hear of "Double-DES" -- there's really no point. However, that's not true with Triple-DES, which is why it is used. As some other posters have pointed out, the complexity of breaking 3DES is around 2^112. That's unbreakable by a brute force attack using any conceivable technology. Your linear combination of complexities would be pretty easily breakable using something like the EFF's Deep Crack machine.
Triple-DES is 168-bit encryption, or at least if by "x-bit encryption" you mean that the keysize is x bits, which I think is pretty much standard. It's *effectively* 112-bit due to certain known weaknesses, but technically, it's still 168-bit.
:)
Of course, that's really just a technical issue, especially compared to the rather glaring errors ITFA you're pointing out, but I think it's something worth mentioning.
quidquid latine dictum sit altum videtur.
Then you don't know much about cryptogrphy!
Oh, but I do. Except in Steganography, the extraction algo *IS* the key. Now you can use encryption above and beyond the steganography, but that doesn't make the message any more secure than if you'd sent the encrypted message by itself.
The whole intent of using steganography is to obscure the fact that the message was sent. Once that line of defense is down, you're on to more traditional lines of defense.
If this is not so then an attacker would be able to knock up a quick shell script that scanned every file on the system to detect hidden data--thus making the use of steganography pointless in the first place!
As another fellow pointed out, you can already do that. There are a variety of methods that can be used to detect its use. The key is that there's no way to tell *which* image might be carrying a message among all the images floating around the internet. Now if I capture your computer and find images of cute kittens, I'll start looking for signs that this machine was engaged in steganography. However, if I'm looking at random postings to alt.binaries.cute.kittens, I'm going to have a hard time sorting through the sheer amount of data to find what I'm looking for. For all I know, it may not even exist! That is the *real* quandry that steganography poses.
Javascript + Nintendo DSi = DSiCade
DES stands for Data Encryption STANDARD, and the standard has changed, or rather the standard has been evolving. There used to only be 56 bit DES, then 168 bit called 3DES, now there are more types of encryption that have been accepted into the Data Encryption Standard.
Your comment is akin to saying that Ethernet is only 10 meg or 100 meg. If your going to refer to 1000 MB/Sec transfer rates, then it is GIGABIT. Uh, it's all Ethernet...
For clarity, they refered to AES, the Advanced Encryption Standard as the forthcoming replacement for DES. Now that AES has been adopted, it is now part of the DES standard and we now have 256 DES on up.
Good security is based upon reality and common sense. Common sense is a function of having common knowledge.
It is not. The final schedule of the act indicates that none of the act comes into force until the secretary of state so orders, on a section by section basis. And the section on handing over encryption keys has never been subject to such an order.
This is why the police were asking for these powers after the July 7th bombings; they haven't got them yet.
Torture of the kind that you see on TV dosen't work well.
There are other methods that work quite well. For instance: dilating the eyes with drugs, propping the subjects eyes open , and then directing an absurd amount of light into the eyes will break most people down quickly.
There are other methods that can gain the subjects acquiesence with very little mess and few lasting marks (on the outside).
When the only tool you have is a claw hammer every problem starts to look like the back of someone's skull.
Err, we have both. The prior poster was referring to the patriot act provisions that allow for closed hearings held in an undisclosed location with an unpublished docket. Supposedly they aren't entirely secret in that they're supposed to reveal what they've done some amount of time after the fact. Unless a motion is granted to keep the information secret for longer do to an investigation still being 'ongoing'...
Of course, that's supposed to be only in case of terrorists, ordinary criminal cases are supposed to be tried in ordinary open courts (although even there, the court can seal entire hearings so all you know is that the police made a motion before a judge at a particular time and place, not anything about the content of the motion. In wiretap warrants, for example, so as not to tip off the person to be spied on.)
--Parity
'Card carrying' member of the EFF.
Such a computer can break an ordinary (56-bit) DES key in 18 hours, 12 minutes and 16 seconds at worst. The average time to break a DES key on such a machine would be 9 hours, 6 minutes and 8 seconds.
To break a 128-bit key would require the computer to run for 2^88 seconds, or 9,813,705,283,528,192,184 years.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
(You do not have to testify in your own trial -just, if called on to testify against someone else, you must talk.)
Obviously, you are then at the mercy of the judges who decide if the evidence presented at your own trial actually followed from that testimony. And, you don't have to talk to the cops.... AFAIK, it's still not obstruction unless you withhold physical evidence or actually mislead the police.
However, "Lord" Black of Hollinger Inc. fame is arguing that his testimony should not be compelled in a Canadian court because American justice officials can then take it and attempt to extradite him to the USA to stand trial for nefarious conspiracies. (The Canadian evidence rules don't prevent foreigners from using the info, I guess - American, Syrian, or Egyptian...) Still waiting for the decision on that one, but the general attitude seems to be "we don't care about your USA problems..."
Only if LANMAN hashes are available, which hasn't been necessary for about 4 years. Also, syskey allows encryption of the master EFS key with a further encryption key which can be stored on removeable media. It's still possible to brute force, but that's not exactly a matter of minutes.
Jon.
256-bit anything cannot be brute forced.
It sounds funny, but it is true. Check out Boltzmann's constant. Quote: "Given a thermodynamic system at an absolute temperature T, the thermal energy carried by each microscopic 'degree of freedom' in the system is on the order of magnitude of kT/2" The Background Radiation is at 2.725K. That means any action will use at least 3.76227207 × 10-23 joules. You have 2^256 = 1.15792089 × 10^77 possible keys, which gives 4.35641342 × 10^54 joules. The sun's mass is 1.98892 × 10^30 kilograms, which by E = mc^2 means 1.78755215 × 10^47 joules. This would mean 24 370 832 stars like the Sun, which would be far more than all the stars you can see with the naked eye. And all would have to be converted to pure energy, not fusion. If you want to do it by fusion, you have to blow up the galaxy.
Live today, because you never know what tomorrow brings
Respect my ass. Paddy was a derogatory term for Irishmen. You're forgetting that nobody likes cops unless their ass is in the process of being saved.
Irish folks got jobs as police because it was one of the few employers that would hire them. Everyone else had "No Irish need apply" signs in their windows.
The prison industry in the United States: big business or a new form of slavery?
BY VICKY PELAEZ (Taken from El Diario-La Prensa, New York)
HUMAN rights organizations, as well as political and social ones, are condemning what they are calling a new form of inhumane
exploitation in the United States, where they say a prison population of up to 2 million - mostly Black and Hispanic - are working
for various industries for a pittance. For the tycoons who have invested in the prison industry, it has been like finding a
pot of gold. They don't have to worry about strikes or paying unemployment insurance, vacations or comp time. All of their workers
are full-time, and never arrive late or are absent because of family problems; moreover, if they don't like the pay of 25 cents an
hour and refuse to work, they are locked up in isolation cells.
There are approximately 2 million inmates in state, federal and private prisons throughout the country. According to California Prison
Focus, "no other society in human history has imprisoned so many of its own citizens." The figures show that the United States has
locked up more people than any other country: a half million more than China, which has a population five times greater than the
U.S. Statistics reveal that the United States holds 25% of the world's prison population, but only 5% of the world's people. From
less than 300,000 inmates in 1972, the jail population grew to 2 million by the year 2000. In 1990 it was one million. Ten years ago
there were only five private prisons in the country, with a population of 2,000 inmates; now, there are 100, with 62,000
inmates. It is expected that by the coming decade, the number will hit 360,000, according to reports.
What has happened over the last 10 years? Why are there so many prisoners?
The Navy Motto "IF it ain't broke Fix It" "A day is wasted if you don't learn something new"