Slashdot Mirror

← Back to Stories (view on slashdot.org)

Police Need 90 Days To Crack Hard Drives

Posted by Zonk on from the they'll-get-better-with-practice dept.

Twyko64 writes "The UK police may need 90 days to hold terrorist suspects because it takes that long to crack a suspect's PC hard drive." From the article: "Combining the analysis, the translation and second stage analysis, add inter-country co-operation and interview strategy formation, and from the police point of view, the existing 14 days is inadequate and 90 days doesn't look excessive. Another factor is encryption sophistication. If 256-bit triple-DES or similar techniques are used then decryption could require supercomputer-levels of cracking."

15 of 693 comments (clear)

  1. 256? 3des? no. by jlcooke · · Score: 5, Informative

    3des. 3 x des. des uses 64 bit key. Well, 56 bit if you remove the useless parity.

    3 x 56 = 168. or 3 x 64 = 192. Either way, 256 is is not.

    256 bit AES, then maybe.

  2. Re:No such thing as "256-bit triple des" by Proaxiom · · Score: 4, Informative
    That should be the tip-off for the uninitiated, in any case. Triple DES has an effective key length of 112 bits. I'm sure they meant 256-bit AES, but it's a good clue that the author has no idea what he's talking about.

    Seriously, nobody, including name-your-favourite-government-agency, is brute forcing a 256-bit AES key. Not in 90 days. Not in 90 years. Think about the number 2^256 for a second, and consider the computing power required to do that many operations.

    What may be possible in 90 days is brute forcing passwords, which is practical if the perp uses password-based keys. The article doesn't mention that.

    It's also possible that the authorities are just exaggerating their capabilities so as to deter pedophiles and what-not. If you can't read people's mail, it's sometimes effective to pretend to be reading people's mail.

  3. Re:They're really going to hate it when... by AKAImBatman · · Score: 4, Informative

    They're really going to hate it when suspects start using steganography.

    Generally they try to capture a complete computer containing all the algos used for the steganography. That way they don't have to search for a needle in a haystack.

    It's a bit like the code devices of WWII. It was always easier to capture a code machine than try to brute force the code itself.

    --
    Javascript + Nintendo DSi = DSiCade
  4. Re:Blatantly WRONG by XorNand · · Score: 4, Informative

    The defacto application used by law-enforcement agencies to do these things is EnCase, if anyone is interested. It's major bucks though, and don't expect to be able to download a demo version. ;-)

    --
    Entrepreneur : (noun), French for "unemployed"
  5. Re:Illegal not to give the police the key? by Raul654 · · Score: 3, Informative

    I can't speak to the UK, but in the US you are have a right against self incrimination. You have the right to refuse to answer police questions, and (short of being called to testify before a grand jury and being given blanket non-transactional immunity for your testimony) there's really no way to compel a person to talk to the government about anything they don't want to.

    --


    To make laws that man cannot, and will not obey, serves to bring all law into contempt.
    --E.C. Stanton
  6. Re:And you think they're a terrorist... why? by glesga_kiss · · Score: 4, Informative
    What's really fucked up is that people like the Guilford Four, also accused of terrorism during a politically sensitive time, we put away on fake evidence compiled by the police who were anxious to get a result. Back then, you were "innocent until proven Irish". Now it's "until proven Islamic". They were tortured for confessions and finger pointing. Sound familiar? Something happening RIGHT NOW?

    Computer evidence is next to useless. It is infinitely easier to fake a word doc than it is someones handwriting, DNA and fingerprints that one might find on a piece of paper. I predict that in 10 years, once new forensic techniques for IT data analysis become available, a whole slew of "terrorists" will have their convictions quashed as the polices simply created a few fake emails. This is not tin-foil hat territory, this has happened numerous times in the past.

    When will the public wake up? These "detention without trial" laws are something that the authorities have been seeking for decades. Only now do they feel they have the inertia to get them passed.

    The definition of terrorism is "using fear to achieve a politcal goal". I wonder who the REAL terrorists are here...?

  7. Re:They're really going to hate it when... by mikerich · · Score: 4, Informative
    This is such blatant 'the sky is falling!' government propaganda.

    Under the Regulation of Investigatory Powers Act it is already an offence not to hand over encryption keys to the police when requested to do so.

    If a person is detained, the police could investigate the hard disk and ask for the appropriate keys, if the suspect refuses they could then be charged under RIPA.

    They would then be brought in front of a magistrate who would determine if there was a case for refusing bail (if they are truly a threat then bail would be refused) before the case is taken up by the higher courts.

    The police could then have all the time they want to crack the disk, my rights would be less infringed than they already are and the police would actually have to work to prove the case for a serious crime.

  8. Re:They're really going to hate it when... by cortana · · Score: 4, Informative

    Then you don't know much about cryptogrphy! Do you think DES, RSA, AES, and so on are insecure because the algorithms used are public knowledge? No, the security of a good cipher lies revolves around maintaining the secrecy of the key.

    Let us consider hiding some data in an image. Assuming the use of decent steganography techniques, then without knowledge of the key used when hiding the data, it is impossible to know that they are hidden in the image in the first place, let alone retrive them.

    If this is not so then an attacker would be able to knock up a quick shell script that scanned every file on the system to detect hidden data--thus making the use of steganography pointless in the first place!

  9. Re:90 days, eh? by networkBoy · · Score: 3, Informative

    "And in the U.S. we have secret courts that will issue warrants with virtually no burden of proof."

    No we don't, they issue warrents right out in the open :P
    (sad but true, due to the lack of public scrutiny, they might as well be secret)
    -nB

    --
    whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
  10. Re:90 days, eh? by mikerich · · Score: 4, Informative
    I sometimes wonder if the evidence is along the lines of 'looking foreign with possession of, or intent to grow, a beard'. From The Daily Telegraph (27/01/05):

    That police activity has been considerable. Since September 11, 2001 to the end of last year, 701 people have been arrested under the Terrorism Act 2000, which requires only "reasonable suspicion" to arrest. Most have come from various branches of the Muslim community - either North Africans, who were the subject of most arrests in the immediate post-September 11 period, and Middle Eastern Muslims, or British-born suspects of Pakistani origin.

    However, only 119 of those arrested were charged under the Act. Of those, 45 were also charged with offences under other legislation. A total of 135 others were charged under other legislation, including charges for "terrorist offences that are already covered in general criminal law such as grievous bodily harm and use of firearms or explosives". There have also been a number of fraud cases.

    Of the rest, about 60 were transferred to immigration authorities and 351 were released without charge. Only 17 individuals have been convicted of offences under the Terrorism Act and there have been "lesser" convictions, either Irish-related or as a result of membership of proscribed terror groups.

    There have been no convictions of alleged Islamic fundamentalist terrorists for the kind of readily understandable "direct" terrorist offences, such as bombings, shootings or possession of explosives and guns, which characterised the years when the Provisional IRA attacked the mainland.

  11. Re:256-Bit Triple DES by slavemowgli · · Score: 3, Informative

    Triple-DES is 168-bit encryption, or at least if by "x-bit encryption" you mean that the keysize is x bits, which I think is pretty much standard. It's *effectively* 112-bit due to certain known weaknesses, but technically, it's still 168-bit.

    Of course, that's really just a technical issue, especially compared to the rather glaring errors ITFA you're pointing out, but I think it's something worth mentioning. :)

    --
    quidquid latine dictum sit altum videtur.
  12. Re:They're really going to hate it when... by AKAImBatman · · Score: 3, Informative

    Then you don't know much about cryptogrphy!

    Oh, but I do. Except in Steganography, the extraction algo *IS* the key. Now you can use encryption above and beyond the steganography, but that doesn't make the message any more secure than if you'd sent the encrypted message by itself.

    The whole intent of using steganography is to obscure the fact that the message was sent. Once that line of defense is down, you're on to more traditional lines of defense.

    If this is not so then an attacker would be able to knock up a quick shell script that scanned every file on the system to detect hidden data--thus making the use of steganography pointless in the first place!

    As another fellow pointed out, you can already do that. There are a variety of methods that can be used to detect its use. The key is that there's no way to tell *which* image might be carrying a message among all the images floating around the internet. Now if I capture your computer and find images of cute kittens, I'll start looking for signs that this machine was engaged in steganography. However, if I'm looking at random postings to alt.binaries.cute.kittens, I'm going to have a hard time sorting through the sheer amount of data to find what I'm looking for. For all I know, it may not even exist! That is the *real* quandry that steganography poses.

    --
    Javascript + Nintendo DSi = DSiCade
  13. Re:No such thing as "256-bit triple des" by Proaxiom · · Score: 3, Informative
    Windows lanman hashes are notoriously weak, tools like rainbowcrack take advantage of that fact to crack the passwords in ridiculously short periods of time (IIRC, weak passwords fall in seconds). Among other issues, the 14 characters are split into two 7-character strings, which are hashed separately. This means finding a long password is equivalent to finding two short passwords: additive complexity rather than multiplicative complexity.

    But brute forcing passwords and brute forcing random encryption keys are two totally different balls of wax. When you break passwords, you rely on the fact that there are a limited number of passwords users will use. If you consider how many 8 character passwords you can construct using upper case letters, lower case letters, and numbers, you'll see there are only around 2^48. If you only use English words than the number is far, far lower (less than 2^20). Those are crackable.

    If, on the other hand, you use a random 256-bit AES key that is not derived from a password (meaning you have to store it somewhere securely), nobody is going to be able to brute force it.

  14. Re:They're really going to hate it when... by Dread_ed · · Score: 4, Informative

    Torture of the kind that you see on TV dosen't work well.

    There are other methods that work quite well. For instance: dilating the eyes with drugs, propping the subjects eyes open , and then directing an absurd amount of light into the eyes will break most people down quickly.

    There are other methods that can gain the subjects acquiesence with very little mess and few lasting marks (on the outside).

    --
    When the only tool you have is a claw hammer every problem starts to look like the back of someone's skull.
  15. Re:90 days, eh? by Parity · · Score: 4, Informative

    Err, we have both. The prior poster was referring to the patriot act provisions that allow for closed hearings held in an undisclosed location with an unpublished docket. Supposedly they aren't entirely secret in that they're supposed to reveal what they've done some amount of time after the fact. Unless a motion is granted to keep the information secret for longer do to an investigation still being 'ongoing'...

    Of course, that's supposed to be only in case of terrorists, ordinary criminal cases are supposed to be tried in ordinary open courts (although even there, the court can seal entire hearings so all you know is that the police made a motion before a judge at a particular time and place, not anything about the content of the motion. In wiretap warrants, for example, so as not to tip off the person to be spied on.)

    --
    --Parity
    'Card carrying' member of the EFF.