Slashdot Mirror

← Back to Stories (view on slashdot.org)

Police Need 90 Days To Crack Hard Drives

Posted by Zonk on from the they'll-get-better-with-practice dept.

Twyko64 writes "The UK police may need 90 days to hold terrorist suspects because it takes that long to crack a suspect's PC hard drive." From the article: "Combining the analysis, the translation and second stage analysis, add inter-country co-operation and interview strategy formation, and from the police point of view, the existing 14 days is inadequate and 90 days doesn't look excessive. Another factor is encryption sophistication. If 256-bit triple-DES or similar techniques are used then decryption could require supercomputer-levels of cracking."

2 of 693 comments (clear)

  1. Re:They're really going to hate it when... by AKAImBatman · · Score: 0, Troll

    For example, if I embedded information in a picture in my ~/pics dir, I have thousands of pictures in there. Now lets say I embedded information in every single picture, most of it useless.

    All you're doing here is attempting to create security through obscurity. Considering that modern computers can process terrabytes of data in short order, this is not an effective move.

    Now take it a step further and implement a system for embeddeding multiple, encrypted, messages in each picture, where upon the message revealed depends on the key used.

    The first part is more security through obscurity. The temp files, registry entiries, recent files lists, and other computer droppings would make it fairly easy to figure out which file and which sub-message.

    The second part of this (encryption) is the REAL barrier. But that is irrelevant to the steganography. The worst case scenario is that I have to apply algorithms against your encrypted messages to generate probablilities of which messages are of importance and which ones are random garbage. This isn't as hard as it might seen. Probabilistically, it's nothing more than a game of, "one of these things, is not like the other one." Once you have the messages scored by probability, you start running decryption attacks on them (assuming you didn't capture the keys, which is unlikely) in the order of their probablity until you find the message you need.

    Again, it's the encryption that's making the difference. NOT the steganography.

    --
    Javascript + Nintendo DSi = DSiCade
  2. Re:Distributed Encryption? by JRHelgeson · · Score: 1, Troll

    Uh, you mean, like, Freenet?

    Hiding the footsteps of child pornographers since 1999.

    --
    Good security is based upon reality and common sense. Common sense is a function of having common knowledge.