Slashdot Mirror
How Long to Crack an 'Encrypted' HD?
brainburger asks: "In the UK, Tony Blair has recently lost a parliametary vote to allow the police to hold terrorist suspects for 90 days without trial. One of the justifications the police gave for the extension from 14 days to 90 days was that they need the extra 76 days to decrypt the computer hard-drives of suspects. This has been seen by some as the only compelling reason to allow 90 days. The time-limit has been extended to 28 days instead, but Tony Blair insists 90 days is required. Are there really any encryption systems that cannot be cracked in 28 days, but which can be cracked in 90? Aside from the not-much-discussed issue that the police can no longer interrogate a suspect after they are charged, I suspect the police meant unencrypted machines. What do you think?"
But remember the requirement - 90 days for the POLICE to crack the encryption- I don't know why they don't just make it 'indefinite detention'.
I have nothing to hide. So, why are you spying on me?
I'd better not use AES to encrypt my hard drive or I'd guess they can hold me without charge until the sun burns out.
1: Today's terrorism is different because attacks do not have political aims and are designed to cause mass casualties, with no warning, involving suicide bombers
Retired senior judge Gerald Butler states: "The mere fact a threat is "completely different" is, of itself, no justification for an extension in the detention laws. But it is true we face a new and terrifying threat in this country."
Not politically motivated?!
What on earth are these people talking about? Good gried, "GET OUT THE MIDDLE EAST, WEST!" sounds _very_ political to me! "STOP MESSING IN OUR AFFAIRS", sounds political to me!
These attacks are completely and totally politically motivated.
The militants in the Middle East, right or wrong, is ABSOLUTELY, COMPLETELY, and TOTALLY in the middle of a political struggle with the West.
I think it's a bullshit excuse, that's what I think. With encryption algorithms, we're talking orders of magnitude, and most algorithms that can't be bruteforced in 28 days will take longer than 90. This is just a shitty excuse to get joe public on Tony's side.
Are there really any encryption systems that cannot be cracked in 28 days, but which can be cracked in 90?
Probably, but since encrypted hard drives usually involve a passphrase being converted into a key of suitable length by one-way hash algorithms, why not crack the passphrase instead of the actual key? Even with 256-bit AES (or something like it), a weak passphrase-based key is probably one of the easier ways to go after the data. Of course, if the suspect carries their completely random key around on a USB drive of some sort, that's a different matter.
How long does it take the police to figure out that my drive is not corrupted, it just isn't running Windows.
DYWYPI?
Come on, I've seen them decrypt files and hard drives in a matter of minutes on 24. What are the pommy police up to, maybe they need to start watching it for tips.
If they didn't stop to look at all the naked pictures I am sure they could get through it much quicker.
The United Kingon approaches counter-terrorism as part of a criminal investigation and has to deal with due process of law. Hence the debate over extending detention from 14 days to 90 days.
The United States approaches counter-terrorism as military action and the President signs an executive order that allows for indefinite detainment of suspects.
Fascinating. The UK has much more experience dealing with domestic terrorism -- did they originally overreact as well or are the two circumstances different from the get-go?
So you're saying I should make the volume unencrypted so they don't hold me long, but use AES encrpyted data stored stenographically within my porn collection so they can't get at my secrets?
Why, that might almost work...
Forget thrust, drag, lift and weight. Airplanes fly because of money.
Hold on. Anyone remember the Regulation of Investigatory Powers 2000 Act? Isn't it an offence - punishable by a prison sentence - to not hand over encryption keys? If they need to crack it, they can just tell the suspect to hand over his key(s). If he/she doesn't, he goes down for more than 90 days anyway ...
Exactly.
This time was referring to habeas corpus.
Basically when Tony Blair came to power it was 7 days. He raised it to 14, now 28 but he still wants 90 days.
This is the period of time the police are legally allowed to hold you with no evidence whatsoever that you've done anything wrong, just because they suspect you might have. It's a period of time where the police can hold you while look for evidence. Once they find the smallest amount of evidence they can then charge you and then can keep looking for evidence.
This bill's meant to allow the police to break any encryption so that they would now be able to pick people up they suspect of terrorism and detain them until they've broken every encrypted file on their computer on the off chance that they'll find evidence that way when they can't find any other evidence whatsoever.
3 entire wasted months of your life dragged away from your job (which probably won't be there when you return) and your family while they break your PGP encrypted emails to your girlfriend on the off chance the two of you are discussing how to blow up parliament.
As an example: Check this story out. This journalist hadn't actually done anything, and they released him after a day. They did during that time confiscate his computer equipment.
If this had been raised to 90 days it's entirely possible he'd have been held for 90 days while they decrypted anything they found on his hard drives.
After the 90 days are up they would still have released him. And they would not even have to explain why he'd been locked up, because he'd never been charged.
The bill has too major flaws.
1) There's nothing really to stop the power being abused by police who don't like the look of someone or have a grudge against them, which is exactly what it is designed to prevent. You do require the judges permission keep them for that long, but it's not too hard to create a case of why you suspect someone.
2) This odd 90 days which the Police told Tony Blair that they can break any encryption in. They can't - it's impossible!
- There'll be multiple encrypted files, particularly if they are encrypting their communications (guilty or not guilty). Each one would need 90 days.
- They'll not know the encryption algorithm in all cases, so would need to try every one. Each one would need 90 days.
- There are HUNDREDS of encryption algorithms that use such large keys that you can't realistically expect to crack the password in 90 years, let alone 90 days. There are a few around that even with all the supercomputers in the world working it won't have tried every key before the universe ends. And it's still possible to take one and write your own with an even longer key. (The details of which would be secret so they couldn't crack it in the first place anyway).