Slashdot Mirror
Police Need 90 Days To Crack Hard Drives
Twyko64 writes "The UK police may need 90 days to hold terrorist suspects because it takes that long to crack a suspect's PC hard drive." From the article: "Combining the analysis, the translation and second stage analysis, add inter-country co-operation and interview strategy formation, and from the police point of view, the existing 14 days is inadequate and 90 days doesn't look excessive. Another factor is encryption sophistication. If 256-bit triple-DES or similar techniques are used then decryption could require supercomputer-levels of cracking."
Most times a police department cannot even ANALYZE data properly if a machine is not running some modern form of Microsoft Windows on an x86 platform.
They have automated TOOLS that go through and find Web browser histories, caches, and cookies.
On machines where users do not run Microsoft Internet Explorer and use Outlook for email, often times departments are SOL.
If you "get" pointers add me as a friend (116)!
That just means they'll keep you for 50 years without a trial (or however long it takes them to crack your encryption). Interesting that those that use encryption are automatically considered criminals.
I thought that was why the UK introduced the RIP act (http://www.hmso.gov.uk/acts/acts2000/20000023.htm )? Could they just demand that the person comes up with the keys -- if they don't, hold them through the RIP act and brute-force them, if they do -- then they've either got evidence or the innocent person can go free?
It seems that they are just using this as an excuse to hold someone indefinately?
for some politician to propose commandeering the unused CPU cycles of the nations PCs, ala distributed.net but mandatory.
"Prefiero morir de pie que vivir siempre arrodillado!"
That government can crack triple DES in more than 14 but less than 90 days on their secret supercomputer. No wonder they dropped opposition to crypto exports. The question is, which algorithms/key sizes can we use that is likely still uncrackable?
The underlying objective is for the UK to adopt the US model of 'terrorist' detention. Extending the permitted period for detention of 'suspects' without charge to 90 days is a step in the desired direction for this. And as people are saying, 90 days won't be enough time to crack anything that's properly secured. In 90 days, our boys in blue, who don't really get this IT stuff very well, might perhaps be able to crack an UNENCRYPTYED drive. Not all terrorist suspects have hard drives, anyway. I guess they'll have to let the ones who don't go straight away.
It's never so bad that it can't get worse.
Holding someone for 90 days without charge, then finding their computer hard-drive didn't actually hold any incriminating evidence doesn't look too good. Is there anything that stops them looking at the hard drive after having to release a suspect? IANAL, but if your prima facie evidence is encrypted on a computer, what right have you got to arrest them in the first place?
They can't and don't, but what the hell, it's a pretext. The police have never liked this whole deal of having to let people go if you don't have enough evidence to charge them with anything. The longer they can get to find something that will stick, the more criminals they successfully prosecute and the safer we all are.
Now, if you'll excuse me I have to open my new estate agency, pontine transit solutions a speciality...
Real Daleks don't climb stairs - they level the building.
You think that they can afford to hire some lunix rocket surgeon as a computer forensics expert on what the local PD pays?
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
What if I don't use a programmed algorithm?
The old "manipulate the image in the picture" effect would allow me to hide data in an image, and it could be done to where only modifying the image to specific hue or color adjustments reveals the data. It would be something that someone could memorize, and open files read-only to find, modify in RAM, and never save back to the drive once the message is known. There could be thousands of photos in someone's photo album, and only a few that actually contain data too, so that it's hard to even find the files used, let alone to figure out how they're used.
I could also know that certain letters in a text file based on some derivation of a number sequence for position of the letter or word is the message. Anyone that I'm corresponding with could also know the sequence, but if neither party writes it down then it's much harder. It would also work for storage of sensitive data, and be even better security since there'd be only one person who'd know how to recover it.
The most effective way to hide something or protect something is to ensure that nothing is ever written down about recovering it, ever. If there's no key to find then it's again down to brute force.
Do not look into laser with remaining eye.
Generally they try to capture a complete computer containing all the algos used for the steganography. That way they don't have to search for a needle in a haystack. It's a bit like the code devices of WWII. It was always easier to capture a code machine than try to brute force the code itself
This is actually wrong. Kirchoff's principle applies as equally to steganography as it does to cryptography; even with completly knowledge of the algorithm it should be computationally infeasible to determine a secret message is implanted in the cover text.
Secure stegangraphy is truly undetectable.
Simon.
Wouldn't that fall under not incriminating ones self ? I mean, why should you be forced to turn evidence over to someone to use against you ?
UPS Sucks
That's because they are criminals. Failure to turn over your encryption key is an offence under the RIP Act, punishable IIRC by up to two years imprisonment.
I guess that's why one may use TrueCrypt with its support for two-level plausible deniability. I.e. it's practically impossible to prove there isn't more on the encrypted volume than you see, unless you have an enormous time to spend on trying to crack the hidden nested volume.
Beware: In C++, your friends can see your privates!
Even Mossad knows that torture is a dead end (no pun intended). Torturing someone will just give you what you want to hear. Competent interrogators use psychology and are far subtler.
It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
It's common practice for a local Blockbuster employee making $8 a hour, to have their personal hard drive computer secure with a $2000 piece of software that requires expertise to use and 90 days for a federal security agency to crack, isn't it?
If you're an average Joe, Hussar, Muhammad, John, Mary, Xi, Pieter, you drive a taxi for a living, or are a student, or you own a small convenience store, and arrested for suspicious activities, but your hard drive is encrypted with an expensive 256bit encryption software, maybe, just maybe, (a personal hunch) there is something you're hiding. Maybe.
Myself, a 25 year IT veteran, Federal Government manager, plus a dozen years experience military service in communications and electronics, my hard drive is wide open.
But then again, perhaps I'm being paranoid...or the 90 days are justified. As the saying goes, if you've got nothing to hide...
Hold them as long as it takes is my opinion, or they decrypt the hard drive for the investigators, which if they had nothing to hide, would mean they would get out in a few days.
Management is doing things right; leadership is doing the right things. - Peter F. Drucker
"most image programs use temporary files"
Another good reason for RAM drives
It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
it has long been suspected that the NSA doesn't approve any encryption that they don't have the ability to break in some reasonable time frame...
This is definitely plausible if you believe in the rumoured quantum encryption and a few other such concepts. But I believe it was one of Phil Zimmerman's reasonings to release PGP, or at least a meme that developed from its release, that the more stuff that is encrypted the less effective decrypting becomes since even with advanced techniques it will still be too difficult to decrypt everything if everything is ecrypted.
If you not only incrypted important documents, but every file from your mp3's on up and also ran a program that randomly generates encrypted noise files so a harddrive has maybe 10 critical documents and 500,000 noise documents -- it would be sort of like throwing your shredded documents into the compost bin.
With this methodology, even if a file could be cracked in ten minutes, your still looking at over 9 years of work to find 10 documents. And say the files could be cracked in 30 seconds each you are still looking at 6 months of work and then however long it would take to analyze the noise from signal.
In the end, however, this sort of tactic would probably give a court a valid reason under this ruling to keep you locked up for a long time without any real evidence. Not like this isn't happening already. In the end it would sort of be a reverse tactic of wounding, not killing, the enemy -- the more techs that are busy trying to decode garbage and take care of pawns in jail the less enemy you have to deal with. And if people are willing to blow themselves up for a cause, I think it wouldn't be to hard to get volunteers for this sort of occupation.
Ok what about with rainbow tables, vast stores of precomputed hashes? They say that with a 64GB table, it'll take a few minutes to crack any Windows lanmanager password up to 14 characters in size using "all possbile characters on a standard keyboard (not including those alt+xxx characters)" on a standard 666 MHz system. Some individual table sets have been known to reach 600+GB in size. How do the likes of 3DES and AES stand up to that? I'm an encryption noob.
So then you need a method of being able to hide precisely what is encrypted and what is not. Look around and you'll find systems for filling a file system with chaff files to make finding the real data more interesting. One I looked at ended up with a filesystem with all the files apparently the same size, with constantly changing timestamps and all apparently contain random data. This system then allowed you to apply keys to make certain files readable while leaving the rest as noise. The point of this is that even the empty file system is full of rubbish files. It is impossible to tell (without the complete set of keys) precisely what is really data and what is just generated chaff. This gives you a lever of plausible deniability - if you are asked for the keys to the repository, you can hand over the keys and let them at it. It would be difficult (never say never) to correctly identify encrypted files amongst the chaff which were not covered by the keys provided.
Cheers,
Toby Haynes
Anything I post is strictly my own thoughts and doesn't necessarily have anything to do with the opinions of IBM.
I do think they should pay full compensation if nothing comes of their investigation. A detained person can't work, and will quite probably also lose their job. Given the police force's tendency towards extreme paranoia and abuse of power, especially when given sweeping powers, the government must be willing to pay up, and pay up big, anytime they make a mistake.
Maybe we should start differential taxation - if you support extended imprisonment without trial and excessive police powers because you think it will make you safer, then you must also be willing to pay extra for it. I don't want my taxes wasted on this game of idiots.
So you lose all your toes, and have your genitals fried off, because you *CAN'T* give them what they want. This is why torture is useless.
After all that, you *do* give them what they want... a confession and lots of information.
Sure, it's crap you made up in a delirium that'll waste hundreds of hours of valuable time that would be better spent going after actual criminals. But the White House parrots will claim this proves torture "works" anyways.
Stop looking for proof that the world hates you. The term paddywagon is one of respect, from the days when most cops were Irish. Paddywagons were driven by the Irish - they weren't carrying them.
And I'm Irish on my paternal great-grandfather's side.
If the g'vt kept the data on you that google does you'd better believe you'd be calling it "doing evil"
There was a time, around the mid-1800s, when Americans would identify themselves as just that -- Americans. This was back in the early days of the republic, and there was still a cultural (and sometimes a real) memory of the war of independence. Self-identification as American was part of the pride.
Now, back then, there were self-identified Americans who were actually born in France or England or Germany. To anyone else, they were French or British or German. Their kids, not having any personal experience of the family-homeland, also identified themselves as Americans, though saying you were British-American or French-American or German-American wasn't really an option, since all American families actually hailed from somewhere else in the past. Assimilation (the melting pot) was a very powerful force for white Americans. In a social sense, blacks of the era simply didn't have the social power to self-identify, and their identity was further stripped by having to take their master's surname. Native Americans (or North American aboriginals, if you prefer that appelation) had their own tribal identification, which still remains to this day.
As you get closer to 1900, there were huge waves of immigrants from all over the world, and these were people who wanted a clean slate. They wanted nothing more than to be assimilated. In some families, the language of the homeland was forbidden. Educational institutions sought to have kids learn and speak english without accent. The pride of the immigrant American at the turn of 1900 buried the notion of self-identification of the homeland. My four great grandfathers and mothers (on both mom and dad's sides) spoke very little english because they came to the country when they were too old for schooling, but their kids (my grandmas and grandpas) all spoke English in the upper-midwestern American accent, and while they could understand some of the old languages and maybe speak and read a bit, they were Americans and identified themselves as such.
Consider, then, the melting pot. By the time it got around to me, the national heritage of my family was Belorussian, Lithuanian, French and Norwegian. I only speak one of those languages, but how could I possibly self-identify with any of those nations? I can't, and I don't, but mustly because I still take some pride in being an American, regardless of how my country seems to be perceived at present.
However, their are groups who have been marginalized over time, who seek to re-enforce their sense of identity to elevate their pride. Some black Americans prefer to align themselves with their African roots. Some Irish-Americans identify themselves that way because they seek a tie to their family heritage that may have been repressed as a part of assimilation. Interestingly, the force of assimilation has decreased in American culture. We're a much more multi-lingual, multi-cultural nation, now, and that's also being reflected in the way certain people self-identify. In America, you are free to identify yourself in any way that you prefer, and that's what people do.
Hope it helps.
.. pa-ra-bo-la, pa-ra-bo-la, 2 pi R, 2 pi R, where's your latus rectum, where's your latus rectum, 2 pi R
This is incorrect - wrongful imprisonment compensation is by state. There's a chart available at http://www.pbs.org/wgbh/pages/frontline/shows/burd en/etc/chart.html. It doesn't include federal payouts, which there is a bill under consideration for up to $50,000 a year.
There are other remedies, such as filing suits for false arrest and malicious prosecution, but these carry very high burdens of proof, and are often not successful.
Having been wrongfully jailed for a brief time (only days), I can say that none of this really covers what's necessary. In addition to the expenses associated with imprisonment (lost wages, therapy, etc.), there's also the fact that there's pretty much no way to punish those responsible. Were you brutalized by the police or jailers? Physically coerced into making a confession? I would place bets that the police, prosecutors, and corrections officers will receive little or no punishment. Sadly, the problem goes right to the top - if they were to punish those who gave the orders, several police chiefs, former chiefs, and head wardens in major cities would be in jail.
A friend of mine who was falsely imprisoned for 9 days in Philadelphia still has emotional scars five years later. She won't call the police for anything.
Sorry for ranting - folks are regularly exonerated after years and years of imprisonment, but very few people seem interested in tackling the root of the problem. It's just one of my buttons that gets pressed.
Write your own algorithm and use some section of Pi as your key. This way you can more or less safely forget the key and when law enforcement demands your key you can honestly say "it's four thousand characters long and I didn't memorize it." But then you know that starting at decimal digit 05201974 (which is your brother's birthday, or whatever, transcoded into a string of digits representative of the offset in Pi that the key can be found at) and for the next four thousand digits is the key. You know something which can get you the key, but you don't know the key itself. It's kind of like not having a housekey but knowing there's one under the doormat.
As for the algorithm, I don't know much about encryption but I came up with something a while ago that seemed interesting to me because it almost guaranteed randomization of data. Basically, the file would be sectioned into "chunks" of some size (determined by the key) and then each chunk would have its bits cycled (shifted either left or right, wrapping around) a certain number of times (which is not an identical amount for sequential chunks). In this way, sequential occurences of the same word or phrase in a text document would not likely look anything like one another, especially if each chunk is an obscure size like, say, 13 bits, or 67 bits, or 974 bits. Using a value that is not a common data storage value also lends to the scrambling. That is, don't scramble bytes or words or doublewords, but 3/4ths of a doubleword or 7/8ths of a byte. Maybe conventional encryption already works in this fashion, I don't know. Like I said, I don't know much about encryption.
By using your own encryption algorithms and by using a key which is so unimaginably large that you just couldn't possibly memorize it (maybe it's the first two paragraphs of Moby Dick, maybe it's the entirety of Genesis from your King James Bible, maybe it's the Declaration of Independence) you ensure that they aren't going to get at your data anytime soon.
Reinvent the wheel only at either a lower cost, greater effectiveness, or your own personal enrichment and satisfaction.