Slashdot Mirror
Police Need 90 Days To Crack Hard Drives
Twyko64 writes "The UK police may need 90 days to hold terrorist suspects because it takes that long to crack a suspect's PC hard drive." From the article: "Combining the analysis, the translation and second stage analysis, add inter-country co-operation and interview strategy formation, and from the police point of view, the existing 14 days is inadequate and 90 days doesn't look excessive. Another factor is encryption sophistication. If 256-bit triple-DES or similar techniques are used then decryption could require supercomputer-levels of cracking."
Nothing for you to see here. Please move along.
Hmmmm. Guess I'll come back in 90 days for the dupe...
Be a real patriot: Question authority. Think for yourself. Formulate your own conclusions.
They're really going to hate it when suspects start using steganography. Imagine having to brute-force decrypt, only to then have to search for a particular piece of straw in a haystack...
Do not look into laser with remaining eye.
*I* always use at *least* 1024-bit AES!
the subject says it all .. please replace TFA with one written by a clue-holder.
Most times a police department cannot even ANALYZE data properly if a machine is not running some modern form of Microsoft Windows on an x86 platform.
They have automated TOOLS that go through and find Web browser histories, caches, and cookies.
On machines where users do not run Microsoft Internet Explorer and use Outlook for email, often times departments are SOL.
If you "get" pointers add me as a friend (116)!
They should just pin the suspect down and pump five rounds into their head.
Oh wait...
If it's illegal to not provide the police with a key to encrypted data, why can't they just put that person in prison for that crime and decrypt the data at their leisure?
Who ordered that?
3des. 3 x des. des uses 64 bit key. Well, 56 bit if you remove the useless parity.
3 x 56 = 168. or 3 x 64 = 192. Either way, 256 is is not.
256 bit AES, then maybe.
I thought that was why the UK introduced the RIP act (http://www.hmso.gov.uk/acts/acts2000/20000023.htm )? Could they just demand that the person comes up with the keys -- if they don't, hold them through the RIP act and brute-force them, if they do -- then they've either got evidence or the innocent person can go free?
It seems that they are just using this as an excuse to hold someone indefinately?
for some politician to propose commandeering the unused CPU cycles of the nations PCs, ala distributed.net but mandatory.
"Prefiero morir de pie que vivir siempre arrodillado!"
Psssh. That's gotta be a worst case scenario. In my experience, even people who are paranoid enough to encrypt things tend to be careless with their keys. I found one once where the guy had encrypted the hell out of it, and left a copy of the key in the default key gen directory. Some people just throw it in the trash, and then forget to empty the trash, or forget to secure purge it afterward, so the key can be recovered.
For big corporations and places that have enough staff to be able to implement a good crypto policy, I'd be surprised if you COULD crack it in 90 days. 256 isn't anywhere near as high as you could go if you were paranoid, and storing data that you didn't need to read all the time.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
The idea is that you're holding them without any charge until you gather the evidence on the hard drive.
I understand that the police will sometimes be unable to completely make a case until they've gathered all the evidence, but it seems that there should be some sort of intermediate level to say, "We have at least some reason to hold this guy."
Perhaps what's needed is a judge to say, "Yeah, you have enough evidence, and the guy presents enough of a flight risk, for me to let you hold him for three months", even if that evidence would be insufficient for a real indictment.
Because right now it sounds like "We're going to lock this guy up for 90 days with absolutely no evidence at all on our say-so."
So basically, the 90-day period is not because that's how long their fancy "supercomputer" needs to crack it, but because they are unable to cope with the number of computers confiscated from their terrorist suspects. Sounds like they need an additional supercomputer.
"Eddies," said Ford, "in the space-time continuum." "Ah," nodded Arthur, "is he? Is he?"
That government can crack triple DES in more than 14 but less than 90 days on their secret supercomputer. No wonder they dropped opposition to crypto exports. The question is, which algorithms/key sizes can we use that is likely still uncrackable?
The underlying objective is for the UK to adopt the US model of 'terrorist' detention. Extending the permitted period for detention of 'suspects' without charge to 90 days is a step in the desired direction for this. And as people are saying, 90 days won't be enough time to crack anything that's properly secured. In 90 days, our boys in blue, who don't really get this IT stuff very well, might perhaps be able to crack an UNENCRYPTYED drive. Not all terrorist suspects have hard drives, anyway. I guess they'll have to let the ones who don't go straight away.
It's never so bad that it can't get worse.
Holding someone for 90 days without charge, then finding their computer hard-drive didn't actually hold any incriminating evidence doesn't look too good. Is there anything that stops them looking at the hard drive after having to release a suspect? IANAL, but if your prima facie evidence is encrypted on a computer, what right have you got to arrest them in the first place?
They can't and don't, but what the hell, it's a pretext. The police have never liked this whole deal of having to let people go if you don't have enough evidence to charge them with anything. The longer they can get to find something that will stick, the more criminals they successfully prosecute and the safer we all are.
Now, if you'll excuse me I have to open my new estate agency, pontine transit solutions a speciality...
Real Daleks don't climb stairs - they level the building.
The UK police may need 90 days to hold terrorist suspects because it takes that long to crack a suspect's PC hard drive
I write this as a 'Merkin, so forgive if I don't fully "get" UK law, but...
At the point where the police would waste 90 days of supercomputer-level CPU power on cracking an encrypted HDD, wouldn't they already have enough other evidence to charge the suspect with an actual crime, and could just ask for that 90 days as a delay before the actual trial?
The idea of the police making people dissapear for three months at a time on a whim scares the hell out of me. Suddenly sarcasm, or wearing the wrong clothes, or "driving while black" becomes punishable by three months in prison? Time to invest in prison/industrial stock...
Ouch. Technobabble at its worst.
a) Triple DES is 112-bit encryption.
b) If you are using strong encryption, like a 256-bit AES cypher, no number of supercomputers are going to 'crack' it, whether it's 14 or 90 or 900 days, unless it's a really bad implementation.
c) One would HOPE that the police would have evidence before they start impounding things. But this is about 'fishing' for evidence for 'suspected' terrorists. "You look like a terrorist, so we'll impound your things in the hope that we'll find something". So much for presumption of evidence (which I believe holds true in the UK as well.
Things like this make me sad. Just another way for the authorities to 'protect' it's citizens by making that sure they can see all and know all. Welcome to the Panopticon.
...I think we all know what the message is here: Encrypt your personal files, go to jail for 90 days.
More and more, according to law enforcement, encryption is considered only a tool of criminals. There have been a few cases like this in the US where a suspect's use of PGP or other common encryption has been used against him in court, even though no specific evidence was found encrypted.
vk.
Comment removed based on user account deletion
You think that they can afford to hire some lunix rocket surgeon as a computer forensics expert on what the local PD pays?
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
30 days to figure out how to write "Allah" in arabic.
60 days to figure out how to type an arabic password.
The Tao of math: The numbers you can count are not the real numbers.
"You honor, we are going to have to hold the suspect for 2.154E+E122 years."
do you honestly believe someone who knows they've been caught, /., welcome to the fairytale land.
and its only a matter of time before all of the evidence will show up,
will actually stay in the country?
yes yes, take away their passports, surely that will stop them...
oh wait, this is
If the two keys are different, you the encryption phases are encryption + a "wrong" decryption (different key) + encryption again, which is much better than just a single encryption.
Details, of course here.
I think the key to this article is not the piece on encryption, but the piece on inter-county cooperation. In the states, it takes a long time for evidence to be approved by the proper authorities for analysis, just because the people doing the analysis don't want to screw up and have the evidence thrown out in court.
And as easy as it is to make fun of the police's analysis methods, my guess is most slashdotter's don't even know what it's like to process evidence for a case. It's not just "running automated tools" on some suspect's hard drive. It's getting to know the case, knowing what you're looking for and where to look for it. Many times it's the police themselves that are writing these "automated tools", which only present the evidence in a way less technical minded officers assigned to the case can understand. And what happens once you get that evidence? You have to try to fit it into the puzzle of the case. It isn't CSI, where you find some email detailing the crime that's digitially signed and the suspect confesses to writing it. Often times its finding some random piece of partially-overwritten text and having to see if it fits into the overall case.
And yes, most digital forensic labs can analyze your precious reiserfs/ext2/ext3/whatever file systems. In fact, I've never run across a lab that couldn't. So don't think you're 1337 linux system will be safe if it's ever involved in a crime. And if they don't have the tools to analyze them, they'll contact a department that does. That's how the real world of forensics works.
Next time you want to talk about a subject you blatently don't understand, do us all a favor and don't hit the submit button.
If you extrapolate it to "We get to hold people for as long as it takes to find whatever we're looking for on their hard drive", then they can argue for holding you for 200 years, depending how you might have hidden data on the hard drive.
- "History shows again and again how nature points out the folly of men" -- Blue Oyster Cult, 'Godzilla'
2. Store keyfile in a safe place.
3. Get a defective USB stick. Label "HD KEYFILE" in big red letters. Keep it on the computer desk at all times.
4. Get a 3.5" Floppy. Preferably from pre-1990. Wipe with magnet a couple of times. Label "HD KEYFILE BACKUP" in big red letters. Put on shelf next to computer.
5. Get a blank CD-R. Fill with PR0N. Label "PR0N + HD KEYFILE BACKUP". Mistreat CD-R a little (preferably adding some scratches on the inside. Leave in CD-Rom drive.
In case of arrest:
1. "Um
2. "What ?! It doesn't work ? Good thing I have a backup. It's on the floppy disk."
3. "What now ?! It's broken ? Good thing I have another backup of it on the CD with my PR0N colelction
4. "The CD doesn't work ? OH NO, ALL MY PR0N is GONE ! AAAAARGH !"
It's common practice for a local Blockbuster employee making $8 a hour, to have their personal hard drive computer secure with a $2000 piece of software that requires expertise to use and 90 days for a federal security agency to crack, isn't it?
If you're an average Joe, Hussar, Muhammad, John, Mary, Xi, Pieter, you drive a taxi for a living, or are a student, or you own a small convenience store, and arrested for suspicious activities, but your hard drive is encrypted with an expensive 256bit encryption software, maybe, just maybe, (a personal hunch) there is something you're hiding. Maybe.
Myself, a 25 year IT veteran, Federal Government manager, plus a dozen years experience military service in communications and electronics, my hard drive is wide open.
But then again, perhaps I'm being paranoid...or the 90 days are justified. As the saying goes, if you've got nothing to hide...
Hold them as long as it takes is my opinion, or they decrypt the hard drive for the investigators, which if they had nothing to hide, would mean they would get out in a few days.
Management is doing things right; leadership is doing the right things. - Peter F. Drucker
You could be locked up forever!
Test 1 2 3 4
Shami Chakrabati from Liberty made a very valid point. Holding someone for the equivalent of a typical 6 month jail sentence with no charge is a very good way to alienate that person and his/her community. How would we feel about losing 3 months of our lives, and after that, being released with "no charge". What would our employers think? What would happen to our houses, mortgages during that time? It's easy to think "90 days isn't so much", but think about what it actually means. Shami is great.
Get your own free personal location tracker
it has long been suspected that the NSA doesn't approve any encryption that they don't have the ability to break in some reasonable time frame...
This is definitely plausible if you believe in the rumoured quantum encryption and a few other such concepts. But I believe it was one of Phil Zimmerman's reasonings to release PGP, or at least a meme that developed from its release, that the more stuff that is encrypted the less effective decrypting becomes since even with advanced techniques it will still be too difficult to decrypt everything if everything is ecrypted.
If you not only incrypted important documents, but every file from your mp3's on up and also ran a program that randomly generates encrypted noise files so a harddrive has maybe 10 critical documents and 500,000 noise documents -- it would be sort of like throwing your shredded documents into the compost bin.
With this methodology, even if a file could be cracked in ten minutes, your still looking at over 9 years of work to find 10 documents. And say the files could be cracked in 30 seconds each you are still looking at 6 months of work and then however long it would take to analyze the noise from signal.
In the end, however, this sort of tactic would probably give a court a valid reason under this ruling to keep you locked up for a long time without any real evidence. Not like this isn't happening already. In the end it would sort of be a reverse tactic of wounding, not killing, the enemy -- the more techs that are busy trying to decode garbage and take care of pawns in jail the less enemy you have to deal with. And if people are willing to blow themselves up for a cause, I think it wouldn't be to hard to get volunteers for this sort of occupation.
Why don't they just crack the bones of the person being held, I'm sure that :)
would make all their other related cracking requirments go that little be faster
if you know what I mean...
Arash
Arash Partow's Philosophy: Be a person who knows what they don't know, and not a person who doesn't know.
I can crack my harddrive in a split second by using a sledge hammer.
The future is in beta
The police want to be able to detain terrorist suspects for 90 days without charge. This is probably a figure they pulled out of the air as a good starting point for negotiations, however Tony Blair has decided that whatever the police want they should get when the magic word is mentioned.
One of the justifications was that they need that long to decrypt and analyse data. In which case, it is already a crime not to hand over a password of encryption key when requested so you can get them in custody on that charge for that long.
The arguments for the 90 days are incoherent, but that's what we have grown to expect from our government, especially when it comes to civil liberties and/or technology.
No, that's not right. I think you're probably confused with the argument that Double-DES doesn't appreciably increase security -- because of a meet-in-the-middle attack, known plaintext attacks on Double-DES have complexity 2^56+2^56. That's why you never hear of "Double-DES" -- there's really no point. However, that's not true with Triple-DES, which is why it is used. As some other posters have pointed out, the complexity of breaking 3DES is around 2^112. That's unbreakable by a brute force attack using any conceivable technology. Your linear combination of complexities would be pretty easily breakable using something like the EFF's Deep Crack machine.
So then you need a method of being able to hide precisely what is encrypted and what is not. Look around and you'll find systems for filling a file system with chaff files to make finding the real data more interesting. One I looked at ended up with a filesystem with all the files apparently the same size, with constantly changing timestamps and all apparently contain random data. This system then allowed you to apply keys to make certain files readable while leaving the rest as noise. The point of this is that even the empty file system is full of rubbish files. It is impossible to tell (without the complete set of keys) precisely what is really data and what is just generated chaff. This gives you a lever of plausible deniability - if you are asked for the keys to the repository, you can hand over the keys and let them at it. It would be difficult (never say never) to correctly identify encrypted files amongst the chaff which were not covered by the keys provided.
Cheers,
Toby Haynes
Anything I post is strictly my own thoughts and doesn't necessarily have anything to do with the opinions of IBM.
Des uses 64-bit, really 56-bit. Correct
3Des uses 128-bit, really 112-bit. It's named 3DES because it does 3 DES encryptions with two separate keys (actually encrypt1-decrypt2-encrypt1). Doing it the obvious (enc1,enc2) way is insecure and can be broken in 2^56 steps (one keysearch) if you have a really big amount of memory, so it does EDE. The D part is there so that you can set E1 equal to E2 and use the same subroutines for 3DES and DES.
256-bit anything cannot be brute forced. Brute force requires that you iterate through every possible key. Now, according to thermodynamics, it takes kT energy to set or clear a bit, where k is Boltzmann's constant and T is the ambient temperature of the system. The coldest you can run it at is 2.3Kelvin (the ambient temperature of the universe). Any colder, and you need more energy to run a heat sink. So, merely to iterate a 256-bit counter through all it's values (never mind actually using an encryption algorithm) requires (2.3)x(2^256)x(k), which is a lot more energy than could be gained by blowing up the Sun in a nuclear reactor and converting it all to energy. So, no cracking of 256-bit keys.
Crappy passwords are another thing, though
So you lose all your toes, and have your genitals fried off, because you *CAN'T* give them what they want. This is why torture is useless.
After all that, you *do* give them what they want... a confession and lots of information.
Sure, it's crap you made up in a delirium that'll waste hundreds of hours of valuable time that would be better spent going after actual criminals. But the White House parrots will claim this proves torture "works" anyways.
Such a computer can break an ordinary (56-bit) DES key in 18 hours, 12 minutes and 16 seconds at worst. The average time to break a DES key on such a machine would be 9 hours, 6 minutes and 8 seconds.
To break a 128-bit key would require the computer to run for 2^88 seconds, or 9,813,705,283,528,192,184 years.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Day 1: Brought in suspects' computer. For the darndest reason it wouldn't turn on so Sgt. Morris and I went on a 2 hour coffee break. Upon return discovered that computer wasn't plugged in. It was getting late so stamped card and went home. Day 2: Sgt. Morris (who is more experienced than me) put the cd we use for scanning into the suspect's computer but it wouldn't load, no matter what we did. Went on 1.5 hour coffee break. Returned and eventually found out CD was inserted in upside down. Was late so stamped card and went home. Day 3: Managed to 'hack' into suspects' computer! Found suspect's 'dirty stuff' folder, and scanned it by hand for security reasons. After 4 hours was exhausted so called it a day and signed off early. (Note to self: Inquire about purchasing cat's outfit for Mrs. Winterton) Day 4: Suspect seems to have had an affection for fight games (note to self: Add "psychotic tendencies" to suspects portfolio). Played some 'Mortale Kombatt' against Sgt. Morris, who managed to beat me numerous amount of times, adding insult to injury by 'finishing me' in several gruesome ways. Ate sandwich, stamped card and went home. Day 5: Finally beat Morris at Mortal Kombat! Now we're getting somewhere! .......
(You do not have to testify in your own trial -just, if called on to testify against someone else, you must talk.)
Obviously, you are then at the mercy of the judges who decide if the evidence presented at your own trial actually followed from that testimony. And, you don't have to talk to the cops.... AFAIK, it's still not obstruction unless you withhold physical evidence or actually mislead the police.
However, "Lord" Black of Hollinger Inc. fame is arguing that his testimony should not be compelled in a Canadian court because American justice officials can then take it and attempt to extradite him to the USA to stand trial for nefarious conspiracies. (The Canadian evidence rules don't prevent foreigners from using the info, I guess - American, Syrian, or Egyptian...) Still waiting for the decision on that one, but the general attitude seems to be "we don't care about your USA problems..."
Marvellous. So here's how "the bad guys" (tm) will fool the coppers.
:)
1 Buy computer with big hard drive.
2 Get geek to store loads of "nonsense" data encrypted with as strong a key as possible (i.e. shopping lists, lists of birthdays, stuff from encyclopedias)
3 Store "bad stuff" (tm) in head only.
4 Get arrested, claim you "were wondering what all those junk files were" and wait 90 days whilst the forensics bods decrypt the useless data.
5 Get let out.
6 Profit !
(yes I admit it this is a piss poor version of the Slashdot "profit" post
Sky subscribers are morons. They pay to be advertised at !
Only if LANMAN hashes are available, which hasn't been necessary for about 4 years. Also, syskey allows encryption of the master EFS key with a further encryption key which can be stored on removeable media. It's still possible to brute force, but that's not exactly a matter of minutes.
Jon.
To cut them a little slack, some of the reasons that they want new extraordinary powers written into the laws is that in the fight against the Irish, they often just ignored and violated laws about police procedures and generally got away with it, whereas today there's more visibility, more television publicity, and more European political concerns about human rights, so they want to make sure that when they're doing extraordinary violations of people's civil rights that they've got laws to permit them to do so.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
What, so now that I do encrypted backups onto removable USB drives using Windows EFS, I'm at risk having to explain myself every time I cross the US border (I'm Canadian)? What's next? VPN software? SSH? SSL'd bookmarks in my browser?
Write your own algorithm and use some section of Pi as your key. This way you can more or less safely forget the key and when law enforcement demands your key you can honestly say "it's four thousand characters long and I didn't memorize it." But then you know that starting at decimal digit 05201974 (which is your brother's birthday, or whatever, transcoded into a string of digits representative of the offset in Pi that the key can be found at) and for the next four thousand digits is the key. You know something which can get you the key, but you don't know the key itself. It's kind of like not having a housekey but knowing there's one under the doormat.
As for the algorithm, I don't know much about encryption but I came up with something a while ago that seemed interesting to me because it almost guaranteed randomization of data. Basically, the file would be sectioned into "chunks" of some size (determined by the key) and then each chunk would have its bits cycled (shifted either left or right, wrapping around) a certain number of times (which is not an identical amount for sequential chunks). In this way, sequential occurences of the same word or phrase in a text document would not likely look anything like one another, especially if each chunk is an obscure size like, say, 13 bits, or 67 bits, or 974 bits. Using a value that is not a common data storage value also lends to the scrambling. That is, don't scramble bytes or words or doublewords, but 3/4ths of a doubleword or 7/8ths of a byte. Maybe conventional encryption already works in this fashion, I don't know. Like I said, I don't know much about encryption.
By using your own encryption algorithms and by using a key which is so unimaginably large that you just couldn't possibly memorize it (maybe it's the first two paragraphs of Moby Dick, maybe it's the entirety of Genesis from your King James Bible, maybe it's the Declaration of Independence) you ensure that they aren't going to get at your data anytime soon.
Reinvent the wheel only at either a lower cost, greater effectiveness, or your own personal enrichment and satisfaction.
256-bit anything cannot be brute forced.
It sounds funny, but it is true. Check out Boltzmann's constant. Quote: "Given a thermodynamic system at an absolute temperature T, the thermal energy carried by each microscopic 'degree of freedom' in the system is on the order of magnitude of kT/2" The Background Radiation is at 2.725K. That means any action will use at least 3.76227207 × 10-23 joules. You have 2^256 = 1.15792089 × 10^77 possible keys, which gives 4.35641342 × 10^54 joules. The sun's mass is 1.98892 × 10^30 kilograms, which by E = mc^2 means 1.78755215 × 10^47 joules. This would mean 24 370 832 stars like the Sun, which would be far more than all the stars you can see with the naked eye. And all would have to be converted to pure energy, not fusion. If you want to do it by fusion, you have to blow up the galaxy.
Live today, because you never know what tomorrow brings