Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Failed To Break Encryption of Hard Drives

Posted by kdawson on from the deploy-the-quantum-computer dept.

benoliver writes to let us know that the FBI has failed to decrypt files of a Brazilian banker accused of financial crimes by Brazilian law enforcement, after a year of attempts. Five hard drives were seized by federal police at the apartment of banker Daniel Dantas, in Rio de Janeiro, during Operation Satyagraha in July 2008. (The link is to a Google translation of the original article in Portuguese.) The article in English mentions two encryption programs, one Truecrypt and the other unnamed. 256-bit AES was used, and apparently both the Brazilian police and the FBI tried dictionary attacks against it. No Brazilian law exists to force Dantas to produce the password(s).

12 of 486 comments (clear)

  1. is waterboarding next to get the info? by Joe+The+Dragon · · Score: 4, Insightful

    is waterboarding next to get the info?

    1. Re:is waterboarding next to get the info? by countertrolling · · Score: 4, Insightful

      That's not offtopic. If they want the info bad enough, that is what they will do. And nobody will be able to prove a damn thing.

      --
      For justice, we must go to Don Corleone
    2. Re:is waterboarding next to get the info? by stonewallred · · Score: 4, Insightful

      If waterboarding is not torture, then you are willing, I presume, to undergo it for two or three days? If not, fuck you.

    3. Re:is waterboarding next to get the info? by keeboo · · Score: 4, Insightful

      I'm guessing there's laws against it in the U.S. too, that didn't stop them. What makes you think they're beyond it in South America? The fact that you live there, perhaps? Quite narcissistic, but that seems to be the norm for Brazilians.

      It seems that, in your opinion, all south american countries are barbaric lands where no laws are to be taken seriously.
      That's incredibly arrogant of yours. Because of things like that, the rest of the World put all US citizens (including the good ones) in the same basket and call them assholes.

      Even you completely disregard the morality (or immorality) of laws, good/bad/weak/silly laws are to be enforced and there are practical issues:

      If they torture the guy in order to obtain the information, the next day that bastard will make a public scandal, cry his human rights were violated etc, and his lawyers will invoke every conceiveable law and the process will stall, badly.
      Then his lawyers will spread doubt about any other evidence previously collected. They will make a party out of it and, in the end, the guy may be considered innocent.

      So, even if you're willing to torture the guy, it's not practical.

    4. Re:is waterboarding next to get the info? by Anonymous Coward · · Score: 5, Insightful

      hat's all nice and stuff, but many people (myself included) believe that they went too far and, basically, criminals are being treated like defenceless babies.

      Fuck you. No, really...fuck you.

      It is not possible to go too far in that direction. You take away just enough rights to prevent an anarchist nightmare, but no more. It's still evil that we must take away those rights, but the few assholes who want to hurt others for personal gain make it necessary to do so. Still, it is always very, very important that you're always aware that every law, regardless of how well-intentioned, causes you to slide a bit more into the slippery slope towards tyranny. So, when absolutely necessary in order to protect your society's way of life, you do it. Never do it just because some people are getting away with things you don't think they should...the price you're paying isn't worth it.

    5. Re:is waterboarding next to get the info? by Jane+Q.+Public · · Score: 4, Insightful

      I have posted this a number of times, so pardon the repetition. But it is surprising how often this comes up:

      "That it is better 100 guilty Persons should escape than that one innocent Person should suffer, is a Maxim that has been long and generally approved." -- Benjamin Franklin

  2. Re:Wrong Agency by Anonymous Coward · · Score: 5, Insightful

    Other agencies such as NSA can probably crack that encryption with ease if not instantaneously

    Stop believing in spy movies.

  3. Re:Maybe it was just random data by swilver · · Score: 4, Insightful

    How will you get out of jail though?

    Give them the password? You can't since it is random data.

    Tell them it was random data? Sure... we believe you! Now give us the password @#&*$!

    This does show though that proving that something is not random data would be very important before they try waterboarding a password out of you :)

  4. Re:Maybe it was just random data by Tumbleweed · · Score: 4, Insightful

    How will you get out of jail though?
    Give them the password? You can't since it is random data.
    Tell them it was random data? Sure... we believe you! Now give us the password @#&*$!
    This does show though that proving that something is not random data would be very important before they try waterboarding a password out of you

    It depends on what your goal is. If your goal is to hide your secrets to stay out of jail, this may be a bad way to do it, especially if they torture you.

    If your goal is, however, to keep your drug lord employer's secrets, otherwise they'll torture and kill your entire family, that's another thing entirely.

  5. this is obviously disinformation :) by Anonymous Coward · · Score: 4, Insightful

    ... if I were the FBI and I could decrypt TrueCrypt, I'd not admit it and hope everyone keeps using it.

  6. Re:Validating technology by kylemonger · · Score: 5, Insightful

    The FBI can't crack it, true, but crypto is rarely the weakest link. Can you prevent the FBI from installing a keylogger on the computer you use to access the drives? Can you prevent them from installing a camera somewhere that records your keystrokes, or records your computer screen? It sounds like they moved on this guy too soon. If you need a brick of encrypted data to make your case against a white collar criminal, that's just lazy police work. If you build enough of a case against him beforehand, he'll give you the key as part of a deal to reduce his jail-time. Then you can use that data to go after the next leve of baddies.

  7. Weakest link? by Alwin+Henseler · · Score: 4, Insightful

    No, AES has been independently vetted and attacked by multiple security organizations. The only flaws that have been discovered in the algorithm are minor and inconsequential.

    That only matters if the implementation used doesn't have any important flaws. And a password wasn't stored anywhere by accident or 'overlooked mechanism' (caches etc). And the chosen keylength was enough to make brute-force attack unfeasible. And nobody else has/leaks password.

    They don't have to crack a tried & tested algorithm, they only have to find the weakest link. Surely there's many links, most of those weaker than the algorithm itself.