Slashdot Mirror
How Long to Crack an 'Encrypted' HD?
brainburger asks: "In the UK, Tony Blair has recently lost a parliametary vote to allow the police to hold terrorist suspects for 90 days without trial. One of the justifications the police gave for the extension from 14 days to 90 days was that they need the extra 76 days to decrypt the computer hard-drives of suspects. This has been seen by some as the only compelling reason to allow 90 days. The time-limit has been extended to 28 days instead, but Tony Blair insists 90 days is required. Are there really any encryption systems that cannot be cracked in 28 days, but which can be cracked in 90? Aside from the not-much-discussed issue that the police can no longer interrogate a suspect after they are charged, I suspect the police meant unencrypted machines. What do you think?"
But remember the requirement - 90 days for the POLICE to crack the encryption- I don't know why they don't just make it 'indefinite detention'.
I have nothing to hide. So, why are you spying on me?
I'd love to see how Safehouse from www.pcdynamics.com will do. Encrypt file-based real drive volumes with AES, Twofish, Blowfish, 3DES, and DES.
Kris
Kriston
I'd better not use AES to encrypt my hard drive or I'd guess they can hold me without charge until the sun burns out.
is that if cracking encrypted hard disks is really that important, it would be better to simply give police enough computer power to crack the encryption in less time and avoid the civil liberties issues. Of course, giving the police that much computer power will eventually guarantee even more civil liberties issues.
The higher the technology, the sharper that two-edged sword.
this is no dupe?!?!!? what are u talking about. the last article stated that blair wanted 90 days.
this article states that he didnt get what he wanted.
quite different if u ask me...and somewhat interesting
Just cracking it isn't enough. They have to then sift through gigs of data to look for evidence. And that's ignoring stegnography.
Agile Artisans
1: Today's terrorism is different because attacks do not have political aims and are designed to cause mass casualties, with no warning, involving suicide bombers
Retired senior judge Gerald Butler states: "The mere fact a threat is "completely different" is, of itself, no justification for an extension in the detention laws. But it is true we face a new and terrifying threat in this country."
Not politically motivated?!
What on earth are these people talking about? Good gried, "GET OUT THE MIDDLE EAST, WEST!" sounds _very_ political to me! "STOP MESSING IN OUR AFFAIRS", sounds political to me!
These attacks are completely and totally politically motivated.
The militants in the Middle East, right or wrong, is ABSOLUTELY, COMPLETELY, and TOTALLY in the middle of a political struggle with the West.
I think it's a bullshit excuse, that's what I think. With encryption algorithms, we're talking orders of magnitude, and most algorithms that can't be bruteforced in 28 days will take longer than 90. This is just a shitty excuse to get joe public on Tony's side.
If you want an unreadable hard drive, you can forget about blowfish, twofish, MD5, SHA, and every other cryptographic solution. There is only one way to do it and one number to remember: 1.21 gigawatts.
Are there really any encryption systems that cannot be cracked in 28 days, but which can be cracked in 90?
Probably, but since encrypted hard drives usually involve a passphrase being converted into a key of suitable length by one-way hash algorithms, why not crack the passphrase instead of the actual key? Even with 256-bit AES (or something like it), a weak passphrase-based key is probably one of the easier ways to go after the data. Of course, if the suspect carries their completely random key around on a USB drive of some sort, that's a different matter.
f439f4af0cd24d0d07144ec2f6853d2f
Comparing it to Windows will be a moot point, since El Dorado is going to have a 40% larger code base than XP.
How long does it take the police to figure out that my drive is not corrupted, it just isn't running Windows.
DYWYPI?
Come on, I've seen them decrypt files and hard drives in a matter of minutes on 24. What are the pommy police up to, maybe they need to start watching it for tips.
The United Kingon approaches counter-terrorism as part of a criminal investigation and has to deal with due process of law. Hence the debate over extending detention from 14 days to 90 days.
The United States approaches counter-terrorism as military action and the President signs an executive order that allows for indefinite detainment of suspects.
Fascinating. The UK has much more experience dealing with domestic terrorism -- did they originally overreact as well or are the two circumstances different from the get-go?
Beware if you come to New Zealand and are arrested over your HDD. The defense of Not Incriminating Yourself no longer applies to electronic encryption and passwords and you will be charged with something like obstructing justice or worse. My understanding is you could end up in prison for twelve months simply by refusing to decrypt your data.
Hold on. Anyone remember the Regulation of Investigatory Powers 2000 Act? Isn't it an offence - punishable by a prison sentence - to not hand over encryption keys? If they need to crack it, they can just tell the suspect to hand over his key(s). If he/she doesn't, he goes down for more than 90 days anyway ...
IIRC it's a crime in Britain to refuse to hand over encryption keys when required by the police. So why don't they just seize the hard drives and ask for the key? If the suspect gives it up, all is well. If he refuses, then the police don't need to hold him without charge for even one day, much less 90, because they now have a charge to pin on him.
It's hard to be religious when certain people are never incinerated by bolts of lightning.
Police want the time to take some pressure off themselvs. If they can extend the deadline by 2 and a half months they have more time to get everything done. They don't "need it", but they want it because it's a damn sight easier for them.
Although I'm outright against this and any other attempt to make a police state. If you lock a guy up for 3 months you've pretty much taken his job away from him, maybe his house (if renting) and rumours spread fast, so good luck getting hired againa as a "possible terrorist". The reason the vote was against it is because it would ruin people's lives if this were to be brought upon them.
I like muppets.
If you need complete security from all government agencies (or other parties) you need to combine a strong encryption system like ROT13 with a text-based cyphering system like l33t sp34k. Continued study into lossy 1-bit compression, which effectively reduces and entire file to a single bit, could also be used to thwart the unauthorized individuals from gaining access to your data. Of course, you'd have to accept a little data loss if you chose to compress your encrypted files.
I am currently working on the next-gen encryption system that will handle binary files better than ROT13 (yes, I know it's hard to believe). This new system will use the same encryption concepts on the entire WORD. I call this system ROTl33tn00b, or R0t3n for short. When I have my code (pure VB6) finished I will release it to the community under GNU/GPL.
Not necessarily. If you REALLY wanted to hide something on your hard drive, it'd be cakewalk for anyone really determined. Just get a 256 bit encryption system put on there (nearly impossible to 'brute force' with simple computing power due to the sheer number of possibilities).
On top of that you can hide messages in thousands of different possible files on the computer. It could be anywhere; a driver, a PC save game file, the user name and password for someone MMO account spelt backwards, it could be in plain sight on the desktop except its a code-word phrase that only the (presumably) terrorist knows. And thats on top of the encryption so the code breaking geeks can't even being working on this until the computers are done. Hiding data on a computer these days is a joke for anyone willing to spend the time and effort.
"Brute forcing" encryptions is a thing of the past. Contrary to popular belief, hardware has not necessarily kept up with software, as many high-end computer graphics designers will attest to. (Imagine today's top of the line computers trying to real-time render the orc's attack on Helm's Deep with all the fancy graphics, special AI and fancy camera work all going on at the same time.)
Just fishing for the amusing title, but in the (pretty large number of) posts I've looked at so far, no one has made the obvious observation that if the "terrorists" are actually concerned about being held some number of days, then they can just increase the level of encryption they use to make sure that it will take longer than that to decrypt their drives. There is no upper limit on the amount of encryption you use. For the police to claim that they need any fixed number of days is totally bogus, and the British police are just making excuses because they want to hold suspects for longer time periods. Heck, if having a HDD is the excuse for being held longer, then all the smart criminals will simply get rid of their computers. Of course that's on the theory that the amount of time the police are holding them has anything to do with whatever criminal action they might be planning.
In conclusion, I would guess that the stupid TV show called "24" must also be shown in Great Britain.
Real life is not like that. Before arresting someone, the police are supposed to already have some concrete and substantive basis for suspecting the person has committed a crime, or even stronger evidence that the person is really in the process of planning to commit a crime. The basis that "We think we'll find something AFTER we decrypt the HDD" is totally bogus. The reality here is they just want to quietly lean on the suspects for a longer time, and saying they need that much time because of HDD encryption is just a cheap--and stupid--excuse.
Having said that, I'm surprised the politicians weren't stupid enough to go along with the gag. That already puts them ahead of most American politicians. Can you try to imagine explaining HDD encryption to Dubya?
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
Any cipher that can be cracked given "enough computer power", for any practical value of "enough", is broken. Utterly broken, obsolete, not fit for use, an ex-cipher, singing in the choir unusable. DES, for example.
Guessing a passphrase is believable, though. That might take large-but-feasible computer resources. English text has only one point something bits of entropy per character on the usual estimate. Who has a sixty-character passphrase?
If you need time to crack the hard drive YOU FUCKING TAKE THE HARD DRIVE!. Why do you need to hold the person for 90 days when you can simply take his hard drive and hold it for as long as you want.
Because if he knows you'll find something on his hard drive once you decrypt it, he may decide to disappear during the 90 days it takes you to find it, whereas if you can keep in custody until you finish he wont have that opportunity?
It's a social engineering hack of sorts, albeit the "brute force" method.
Information wants to be free.
Entertainment wants to be paid.
You just want to be cheap.
I dunno - Sting might be really good at maths.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
I think the most obvious step is for your friendly neighborhood criminals & terrorists to start remotely accessing their systems. Dumb terminals basically. There is no reason the computer can't be in another room, building, etc. Shouldn't a VPN over an encrypted wifi link be secure enough? 54 Mbps might be "slow" compared to normal HD access speeds, but the security gain should outweigh any performance loss. The police can't seize anything that isn't in the dwelling without (generally speaking) seeking additional warrants. Your mileage may vary
[Fuck Beta]
o0t!
90 days in jail will ruin you financialy (can't go to work, so can't pay bills), so it's in your best interest to give them the passphrase and hire a lawyer while you still are solvent. Plus, they can tell the other inmates that they think you have kiddie porn on your computer and they'll let the inmates do the torturing.
90 days won't give them enough time to crack the key, but it will make you think really hard about giving them the passphrase so they let you go.
Behold France which is currently in upheaval because unsatisfied Muslims are striking out at the national culture which has been keeping them down, nevermind the fact that the Muslims themselves segregate themselves from the rest of society by refusing to conform to the culture into which they immigrated.
Actually, the riots in France are not motivated on religious grounds. The riots are as a result of huge economic disadvantage, exploitation and unemployment in those communities which are rioting. This has come about because of racism and bigotry in France, not because of religion. The majority of the rioters are not even religious.
The Muslims are not rioting. The poor are rioting. Quite a lot of people will try and distract you from this fact, especially in France, where the poor rioting has a long and well documented history of toppling governments.
May the Maths Be with you!
No, you cannot decrypt a hard disk in 90 days (assuming the use of strong encryption). If you find you're using Rijndael or Serepent, you're good. However, in the period of 90 days, you're more likely to experience a psychological break due to duress (like torture). Most people could handle 14 days, but not 90. Once you break, you'll be more than happy to hand over your keys.
To clarify the difference of 14 and 90 days in detainment, consider the following. Those detaining have had a couple periods on which to deprive the detainee of food and water to the point of going critical without actually killing you. Once someone become dependent on their captors for essentials like food and water, they become loyal. They have also had the opportunity to deprive the person of sleep for a solid 12 or more days, which can drive most people close to the point of insanity. Also, the textbook technique for "breaking" someone where captors inflict physical pain then "rescue" the person from it requires several iterations. 14 days just simply is not enough to accomplish these things. 90 would suffice.
And let me also point out that this is how the United States government operates these days. It would be reasonable to assume some of our closest allies are engaged in similar activities with "terror suspects".
Join Tor today!