Slashdot Mirror
FBI Failed To Break Encryption of Hard Drives
benoliver writes to let us know that the FBI has failed to decrypt files of a Brazilian banker accused of financial crimes by Brazilian law enforcement, after a year of attempts. Five hard drives were seized by federal police at the apartment of banker Daniel Dantas, in Rio de Janeiro, during Operation Satyagraha in July 2008. (The link is to a Google translation of the original article in Portuguese.) The article in English mentions two encryption programs, one Truecrypt and the other unnamed. 256-bit AES was used, and apparently both the Brazilian police and the FBI tried dictionary attacks against it. No Brazilian law exists to force Dantas to produce the password(s).
is waterboarding next to get the info?
Could take a while.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
I thought this was not just a sound idea but a law.
Great stuff though, but expect some new laws by government that make it illegal not to provide your password/keys to the government upon a court order and if you don't provide it, expect an assumption of guilt and some extra punishment. I am not saying it's right, just saying that's probably going to be one of the outcomes of this.
Of-course the problem is that they got the drives physically (not that I am necessarily on the side of a allegedly corrupt banker, but I am not automatically assuming he is guilty of anything either.) Here is a good application for the 'cloud' (yikes) - keep your encrypted data so that nobody can even know it exists in the first place.
You can't handle the truth.
*offers b4upoo a roll of tinfoil and a bag containing 26 scrabble tiles*
To be fair, the US FBI probably *should* be US-centric. We already have a whole group of people who do the same thing, but specifically *not* US-centric.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
Other agencies such as NSA can probably crack that encryption with ease if not instantaneously
Stop believing in spy movies.
Presumably, they're looking for evidence, and based upon the effort they're going to, I suspect that they might not have a case without whatever is on the disks. Assuming that there's something on there that incriminates him. Which is why the 5th amendment protects the key.
... if I were the FBI and I could decrypt TrueCrypt, I'd not admit it and hope everyone keeps using it.
The government has a vested interest in appearing a lot more competent or advanced than they are. Then I look at the Gulf Oil Spill and know otherwise.
If the NSA could have unlocked it for them, I believe the FBI would have been there in a split second. They probably already asked.
Gotta ask, does AES have a backdoors that they can go "compell" an organization to give them the keys to it? Seems like shaky ground to secure data on, but the article mentions it.
The FBI can't crack it, true, but crypto is rarely the weakest link. Can you prevent the FBI from installing a keylogger on the computer you use to access the drives? Can you prevent them from installing a camera somewhere that records your keystrokes, or records your computer screen? It sounds like they moved on this guy too soon. If you need a brick of encrypted data to make your case against a white collar criminal, that's just lazy police work. If you build enough of a case against him beforehand, he'll give you the key as part of a deal to reduce his jail-time. Then you can use that data to go after the next leve of baddies.
No, AES has been independently vetted and attacked by multiple security organizations. The only flaws that have been discovered in the algorithm are minor and inconsequential.
That only matters if the implementation used doesn't have any important flaws. And a password wasn't stored anywhere by accident or 'overlooked mechanism' (caches etc). And the chosen keylength was enough to make brute-force attack unfeasible. And nobody else has/leaks password.
They don't have to crack a tried & tested algorithm, they only have to find the weakest link. Surely there's many links, most of those weaker than the algorithm itself.
Hard drive encryption has nothing to do with public-key encryption, much less public-key encryption using smallish keys (by today's standards, 1024 is practically insecure).
Symmentric encryption keysizes are not comparable to public key encryption keysizes. 128-bit AES keys are unbreakable today, and 256-bit keys are just healthy overkill.
Your comparison to quantum computing is dead wrong. Quantum computers are not currently known to be useful for brute forcing any algorithm.
The only reason they are useful for breaking things like RSA, is that we have large number factoring algorithms that work on quantum computers (Shor's algorithm). RSA was known to be vulnerable to large number factoring from the moment it was designed. In fact, as a one way encryption function, that's part of it's design. We assume that problem to be "hard", but with large enough quantum computers we can make it "easy". Brute forcing RSA was never considered as factoring the modulus is already more than an order of magnitude easier.
AES does not rely on a one way mathematical function for security, so talking about quantum computers breaking it is just silly. Weaknesses in the algorithm itself are the biggest threat to it. Your points about entropy per character are also rather silly as that's an implementation issue and has nothing to do with the AES algorithm. Also for the record, the character set of all keyboard enterable keys is about 6.6 bits of entropy with a random distribution. No idea where you got 4.24 bits from, but even random lowercase letters alone have more entropy per character than that.
assemblerex's point remains valid. Until computers are build from something other than matter, or occupy something other than space, it is unlikely that we will be "brute forcing" 256-bit keys.
Protogenes Queiroz is a jerk trying to make a name for himself in the Federal Police. He's a former Federal Police marshal due to it.
All he wants is to make a political career out of it. Dantas was one of the best in the field in Brazil but fucked himself up in a power struggle over the control of Brazil Telecom, a major Brazilian telecommunications carrier, with the Telemar, another carrier. Telemar has backing the Da Silva government for a long time and the government was just happy to allow Queiroz to make a mess out of the case.
Telemar invested USD 20 million in a company run by the Da Silva son. Also financed the movie Son of Brazil telling the story about the President life. If this isn't bribery, I don't know what is.
Any judgement in the Supreme Court is done by a random member of it, including the Court President. If you got any evidence the random choice as biased to make to the Court President you should call a newspaper because you got a major scandal.
Let Dantas free and put the mafia who runs the Brazilian government in jail.
Brazil is just a backwards banana republic. I'm longing to get a away out of this hellhole.
If the passphrase has more than 256 bits, brute-forcing it is less efficient by a fair margin, than direct guessing. On the practical side, passphrase guessing likely becomes very expensive for something like 50+ bits of entropy with a good key-setup. Keep in mind that the key-setup may make you work for, e.g., 1 sec of CPU time per guess. With 50 bits, that is (assuming an EC3 small unit for simplicity) around 25 Billion USD for the crack. For every 10 additional bits, add a factor of 1000. With this money, you can built special-purpose hardware, but incidentally, that is likely only going to be faster but not cheaper.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Not never. Given enough time and CPU cycles, anything stored locally can be cracked. It's just a matter of how long you want to wait.
Wrong. There is a finite amount of matter and energy (and hence computing power) in the universe. With AES 256 these limits are already very close and possibly exceeded.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
And yet, the Government of the US, lead by the President of the US, fought a battle all the way to the Supreme Court of the US, arguing that they had the right to detain US citizens indefinitely without recourse to the courts simply because they called the citizen a name - "Terrorist" and "enemy combatant".
And the courts of the US haven't yet issued a ruling that this is against our precious constitution. Nor has our president, running on a platform of change, spoken out against this travesty:
http://en.wikipedia.org/wiki/Jos%C3%A9_Padilla_(prisoner)
http://www.foxnews.com/story/0,2933,506265,00.html
So, if a Police official steps up to you, and says "I think you are a Terrorist and an Enemy Combatant; please give me your encryption keys to prove your innocence", your refusal means indefinite detention in a military detention facility, subject to military interrogation methods which include those which we ourselves have called war crimes:
http://www.washingtonpost.com/wp-dyn/content/article/2007/11/02/AR2007110201170.html
A piece of paper protects no rights.
And the worms ate into his brain.
A password based on a phrase where you substitute 3-4 letters for a few special characters and insert 1-4 extra characters into the middle of a word as to mess with the length, would be about has hard to break as the AES key itself. This would be an easy to remember password that would only take a few seconds to type and would render dictionary attacks useless.
"a large distributed attack should be able to 'crack' it with much less difficulty than reversing the AES itself"
Of course brute forcing a 256bit key could take 1,000,000,000,000 computers that could do 1,000,000,000,000 AES comparisons per second(aka, about 32,768 cores at 3ghz) about 1.8e+42 millennia. So, by "much less", so you mean to reduce the effectiveness to 1/10^42(0.00000000000000000000000000000000000000001%) would only take those 1 trillion 32k core 3ghz super computers 1000 years to break.
Assuming this person used a semi-decent password, the only way to get around this would be torture, key got cached/written down, bugged his keyboard, or general luck.
Fun fact told to me via a PHD in encryption. A 256bit symmetric algorithm that has no work around (AES has flaws that reduces its effectiveness) and using computers so efficient that it takes the theoretically smallest amount of energy to flip a bit, would on average consume most of the energy in the known universe to break a single key. (Think consuming all the stars in the Milkyway galaxy just a start)
"It is not crazy to think that the NSA could have this capability." I would say overly optimistic.
You have no idea what you are talking about, do you?
Copyright 2010. All rights reserved. This comment may not be copied in any way including, but not limited to caching.
The FBI has not solved the P=NP problem, either
Or implemented practical cold fusion
Or developed a practical AIDS vaccine
Or found the cure to cancer
Or solved world hunger
Or stopped the oil spill
They failed to do all these things.
> But the constitution as it stands, does not allow the authorities to compel a suspect to produce the files.
The Constitution may not allow it. But these days, they simply violate it and blame the terrorists for making them do it.
and then under threat of water boarding, hand out the duress password.
But what about the third password they want? What do you do then?
Turtles.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)