Police Need 90 Days To Crack Hard Drives

Twyko64 writes "The UK police may need 90 days to hold terrorist suspects because it takes that long to crack a suspect's PC hard drive." From the article: "Combining the analysis, the translation and second stage analysis, add inter-country co-operation and interview strategy formation, and from the police point of view, the existing 14 days is inadequate and 90 days doesn't look excessive. Another factor is encryption sophistication. If 256-bit triple-DES or similar techniques are used then decryption could require supercomputer-levels of cracking."

256? 3des? no.

[jlcooke]

3des. 3 x des. des uses 64 bit key. Well, 56 bit if you remove the useless parity.

3 x 56 = 168. or 3 x 64 = 192. Either way, 256 is is not.

256 bit AES, then maybe.

Re:No such thing as "256-bit triple des"

[Proaxiom]

That should be the tip-off for the uninitiated, in any case. Triple DES has an effective key length of 112 bits. I'm sure they meant 256-bit AES, but it's a good clue that the author has no idea what he's talking about.

Seriously, nobody, including name-your-favourite-government-agency, is brute forcing a 256-bit AES key. Not in 90 days. Not in 90 years. Think about the number 2^256 for a second, and consider the computing power required to do that many operations.

What may be possible in 90 days is brute forcing passwords, which is practical if the perp uses password-based keys. The article doesn't mention that.

It's also possible that the authorities are just exaggerating their capabilities so as to deter pedophiles and what-not. If you can't read people's mail, it's sometimes effective to pretend to be reading people's mail.

Re:They're really going to hate it when...

[AKAImBatman]

They're really going to hate it when suspects start using steganography.

Generally they try to capture a complete computer containing all the algos used for the steganography. That way they don't have to search for a needle in a haystack.

It's a bit like the code devices of WWII. It was always easier to capture a code machine than try to brute force the code itself.

Re:Blatantly WRONG

[XorNand]

The defacto application used by law-enforcement agencies to do these things is EnCase, if anyone is interested. It's major bucks though, and don't expect to be able to download a demo version. ;-)

Re:And you think they're a terrorist... why?

[glesga_kiss]

What's really fucked up is that people like the Guilford Four, also accused of terrorism during a politically sensitive time, we put away on fake evidence compiled by the police who were anxious to get a result. Back then, you were "innocent until proven Irish". Now it's "until proven Islamic". They were tortured for confessions and finger pointing. Sound familiar? Something happening RIGHT NOW?

Computer evidence is next to useless. It is infinitely easier to fake a word doc than it is someones handwriting, DNA and fingerprints that one might find on a piece of paper. I predict that in 10 years, once new forensic techniques for IT data analysis become available, a whole slew of "terrorists" will have their convictions quashed as the polices simply created a few fake emails. This is not tin-foil hat territory, this has happened numerous times in the past.

When will the public wake up? These "detention without trial" laws are something that the authorities have been seeking for decades. Only now do they feel they have the inertia to get them passed.

The definition of terrorism is "using fear to achieve a politcal goal". I wonder who the REAL terrorists are here...?

Re:They're really going to hate it when...

[mikerich]

This is such blatant 'the sky is falling!' government propaganda.

Under the Regulation of Investigatory Powers Act it is already an offence not to hand over encryption keys to the police when requested to do so.

If a person is detained, the police could investigate the hard disk and ask for the appropriate keys, if the suspect refuses they could then be charged under RIPA.

They would then be brought in front of a magistrate who would determine if there was a case for refusing bail (if they are truly a threat then bail would be refused) before the case is taken up by the higher courts.

The police could then have all the time they want to crack the disk, my rights would be less infringed than they already are and the police would actually have to work to prove the case for a serious crime.

Re:They're really going to hate it when...

[cortana]

Then you don't know much about cryptogrphy! Do you think DES, RSA, AES, and so on are insecure because the algorithms used are public knowledge? No, the security of a good cipher lies revolves around maintaining the secrecy of the key.

Let us consider hiding some data in an image. Assuming the use of decent steganography techniques, then without knowledge of the key used when hiding the data, it is impossible to know that they are hidden in the image in the first place, let alone retrive them.

If this is not so then an attacker would be able to knock up a quick shell script that scanned every file on the system to detect hidden data--thus making the use of steganography pointless in the first place!

Re:90 days, eh?

[mikerich]

I sometimes wonder if the evidence is along the lines of 'looking foreign with possession of, or intent to grow, a beard'. From The Daily Telegraph (27/01/05):

That police activity has been considerable. Since September 11, 2001 to the end of last year, 701 people have been arrested under the Terrorism Act 2000, which requires only "reasonable suspicion" to arrest. Most have come from various branches of the Muslim community - either North Africans, who were the subject of most arrests in the immediate post-September 11 period, and Middle Eastern Muslims, or British-born suspects of Pakistani origin.

However, only 119 of those arrested were charged under the Act. Of those, 45 were also charged with offences under other legislation. A total of 135 others were charged under other legislation, including charges for "terrorist offences that are already covered in general criminal law such as grievous bodily harm and use of firearms or explosives". There have also been a number of fraud cases.

Of the rest, about 60 were transferred to immigration authorities and 351 were released without charge. Only 17 individuals have been convicted of offences under the Terrorism Act and there have been "lesser" convictions, either Irish-related or as a result of membership of proscribed terror groups.

There have been no convictions of alleged Islamic fundamentalist terrorists for the kind of readily understandable "direct" terrorist offences, such as bombings, shootings or possession of explosives and guns, which characterised the years when the Provisional IRA attacked the mainland.

Re:They're really going to hate it when...

[Dread_ed]

Torture of the kind that you see on TV dosen't work well.

There are other methods that work quite well. For instance: dilating the eyes with drugs, propping the subjects eyes open , and then directing an absurd amount of light into the eyes will break most people down quickly.

There are other methods that can gain the subjects acquiesence with very little mess and few lasting marks (on the outside).

Re:90 days, eh?

[Parity]

Err, we have both. The prior poster was referring to the patriot act provisions that allow for closed hearings held in an undisclosed location with an unpublished docket. Supposedly they aren't entirely secret in that they're supposed to reveal what they've done some amount of time after the fact. Unless a motion is granted to keep the information secret for longer do to an investigation still being 'ongoing'...

Of course, that's supposed to be only in case of terrorists, ordinary criminal cases are supposed to be tried in ordinary open courts (although even there, the court can seal entire hearings so all you know is that the police made a motion before a judge at a particular time and place, not anything about the content of the motion. In wiretap warrants, for example, so as not to tip off the person to be spied on.)