Slashdot Mirror
FBI Failed To Break Encryption of Hard Drives
benoliver writes to let us know that the FBI has failed to decrypt files of a Brazilian banker accused of financial crimes by Brazilian law enforcement, after a year of attempts. Five hard drives were seized by federal police at the apartment of banker Daniel Dantas, in Rio de Janeiro, during Operation Satyagraha in July 2008. (The link is to a Google translation of the original article in Portuguese.) The article in English mentions two encryption programs, one Truecrypt and the other unnamed. 256-bit AES was used, and apparently both the Brazilian police and the FBI tried dictionary attacks against it. No Brazilian law exists to force Dantas to produce the password(s).
is waterboarding next to get the info?
...both the Brazilian police and the FBI tried dictionary attacks against it
They should have used a Portuguese dictionary not an English one! Geeze! Folks are soooooo US centric!
RIP America
July 4, 1776 - September 11, 2001
Just because you're paranoid does NOT mean that no one's out to get you.
And you KNOW the government is out to get you.
before they break 256-bit aes. Even if computer power somehow went up magnitudes
the sun would go nova before they crack the encryption.
Could take a while.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
They should publish it as a DVD and within hours they'll be able to download the unencrypted file from a torrent! :o)
I thought this was not just a sound idea but a law.
Great stuff though, but expect some new laws by government that make it illegal not to provide your password/keys to the government upon a court order and if you don't provide it, expect an assumption of guilt and some extra punishment. I am not saying it's right, just saying that's probably going to be one of the outcomes of this.
Of-course the problem is that they got the drives physically (not that I am necessarily on the side of a allegedly corrupt banker, but I am not automatically assuming he is guilty of anything either.) Here is a good application for the 'cloud' (yikes) - keep your encrypted data so that nobody can even know it exists in the first place.
You can't handle the truth.
http://xkcd.com/538/
The FBI failed to break the encryption code of hard drives seized by federal police at the apartment of banker Daniel Dantas, in Rio de Janeiro, during Operation Satyagraha. The operation began in July 2008. According to a report published on Friday (25) by the newspaper Folha de S. Paulo, after a year of unsuccessful attempts, the U.S. federal police returned the equipment to Brazil in April.
According to the report, the fed only requested help from USA in early 2009, after experts from the National Institute of Criminology (INC) failed to decode the passwords on the hard drives. The government has no legal instrument to compel the manufacturer of the American encryption system or Dantas to give the access codes.
Isn't that interesting, they can't get 'access codes' from the manufacturer. Why should there even be any access codes, is this just an assumption that there are codes like that for those encryption providers or is this a fact?
You can't handle the truth.
If this were to happen in the US, are there any laws here that would force us to give up our passwords?
No, AES has been independently vetted and attacked by multiple security organizations. The only flaws that have been discovered in the algorithm are minor and inconsequential. The NSA is a double-edged sword - they help with useful security tools such as SELinux as well as their traditional spook espionage. The NSA can't crack AES even with a supercomputer (right now, and only if the user has a decent password and/or 2-factor authentication).
*offers b4upoo a roll of tinfoil and a bag containing 26 scrabble tiles*
Parent should be modded +Conspiracy Theorist.
Other agencies such as NSA can probably crack that encryption with ease if not instantaneously
Stop believing in spy movies.
Presumably, they're looking for evidence, and based upon the effort they're going to, I suspect that they might not have a case without whatever is on the disks. Assuming that there's something on there that incriminates him. Which is why the 5th amendment protects the key.
This say plainly that if you encrypt your info with the right, cheaply available technology, not even the FBI could get it, no matter what is it, or who you are. How much time now till some law around criminalizing the use of encryption gets approved?
Other agencies such as NSA can probably crack that encryption with ease if not instantaneously.
Anyone serious about their security will use long passwords.
Even with supercomputer time, you're never going to crack anything the length of "the quick brown fox jumps over the lazy dog" (43 characters)
[Fuck Beta]
o0t!
Other agencies such as NSA can probably crack that encryption with ease if not instantaneously.
Doubtful, we are not talking about a cipher that was created by some guy in his spare time -- this is a cipher that has been tested by numerous experts and cryptology researchers around the world. Unless the NSA has some secret way to break the code, which is possible but they probably would not want to let everyone know about over something like this, I doubt that they could crack it.
Palm trees and 8
It's customary in Slashdot to ask if we are for or against someone.
This guy is a banker who has been accused of several crimes, but convicted only once, of trying to bribe an officer, Brazilian federal police "delegado" (I think the closest English translation would be "sheriff") Protogenes Queiroz.
Anyone can be accused of a crime and it's up to the state to prove him guilty beyond any reasonable doubt.
However, when a very rich banker is arrested and gets a writ of habeas corpus within fifteen minutes after his arrest from none other than the president of the country's supreme court... Personally, I don't think any reasonable doubt remains.
... if I were the FBI and I could decrypt TrueCrypt, I'd not admit it and hope everyone keeps using it.
The government has a vested interest in appearing a lot more competent or advanced than they are. Then I look at the Gulf Oil Spill and know otherwise.
If the NSA could have unlocked it for them, I believe the FBI would have been there in a split second. They probably already asked.
Gotta ask, does AES have a backdoors that they can go "compell" an organization to give them the keys to it? Seems like shaky ground to secure data on, but the article mentions it.
This is a locally encrypted file...they don't need to crack the AES key, they just need to brute force the password. Because it is highly unlikely that the password characters are uniformly distributed (more likely a few special characters only), a large distributed attack should be able to 'crack' it with much less difficulty than reversing the AES itself.
It is not crazy to think that the NSA could have this capability.
That might be true of AES, but it also depends on the implementation of AES in the application where it is being used. As long as the implementation of AES isn't flawed in Truecrypt. The FBI / NSA also have the source code to look for potential weaknesses.
Perhaps if they don't find any weaknesses and find the implementation IS correct they will grant it FIPS compliance so my company can use it.....(and save us a fortune).
No, AES has been independently vetted and attacked by multiple security organizations. The only flaws that have been discovered in the algorithm are minor and inconsequential.
That only matters if the implementation used doesn't have any important flaws. And a password wasn't stored anywhere by accident or 'overlooked mechanism' (caches etc). And the chosen keylength was enough to make brute-force attack unfeasible. And nobody else has/leaks password.
They don't have to crack a tried & tested algorithm, they only have to find the weakest link. Surely there's many links, most of those weaker than the algorithm itself.
Modern encryption done right cannot practically broken at this time. However, many people do it wrong. You need something like 64 bit passphrase entropy to be secure, better 128 bit. As English gives only about 1.5 bit/char, that means a secure passphrase should have something like 90 characters with a minimum of around 45 characters. With random digits/letters, you can do better, for example 12 digits/letters just fulfill the minimum requirement.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Hard drive encryption has nothing to do with public-key encryption, much less public-key encryption using smallish keys (by today's standards, 1024 is practically insecure).
Symmentric encryption keysizes are not comparable to public key encryption keysizes. 128-bit AES keys are unbreakable today, and 256-bit keys are just healthy overkill.
Not never. Given enough time and CPU cycles, anything stored locally can be cracked. It's just a matter of how long you want to wait.
My blog
You never want to wait longer then the heat-death of the universe, and most of the time the length of a human life time is sufficient. Anything longer then that counts as never.
We hope your rules and wisdom choke you / Now we are one in everlasting peace
Actually, this would not be unprecedented. I have heard of stories where the FBI sent macs and linux machines to CSIS (Canada's spy agency) because the FBI guys only knew how to crack into windows machines.
Jesus was a compassionate social conservative who called individuals to sin no more.
Agree. If they have the capability they're not going to reveal this for a relatively uninteresting financial crime. There is some question regarding the NSA and one of the standards to generate random numbers: http://www.schneier.com/blog/archives/2007/11/the_strange_sto.html
It could even be that the NSA was asked first and failed, then they sent it to the FBI.
Daniel Dantas was involved in many shady operations, including one when the MCI company, which has used some funny accounting, bought Brazilian Embratel.
It was the Brazilian federal government which asked the US government for help in cracking that encryption. International cooperation among different countries law enforcement agencies often happens in crimes involving international money laundering, so probably the US state department went to some effort to fing which agency was the most likely to decrypt those disks.
If the passphrase has more than 256 bits, brute-forcing it is less efficient by a fair margin, than direct guessing. On the practical side, passphrase guessing likely becomes very expensive for something like 50+ bits of entropy with a good key-setup. Keep in mind that the key-setup may make you work for, e.g., 1 sec of CPU time per guess. With 50 bits, that is (assuming an EC3 small unit for simplicity) around 25 Billion USD for the crack. For every 10 additional bits, add a factor of 1000. With this money, you can built special-purpose hardware, but incidentally, that is likely only going to be faster but not cheaper.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Or 'r0naldo7'.
My blog
Not never. Given enough time and CPU cycles, anything stored locally can be cracked. It's just a matter of how long you want to wait.
Wrong. There is a finite amount of matter and energy (and hence computing power) in the universe. With AES 256 these limits are already very close and possibly exceeded.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Not never. Given enough time and CPU cycles, anything stored locally can be cracked. It's just a matter of how long you want to wait.
Close enough to never that it really doesn't matter.
With modern technology the sun will have swallowed the Earth before you crack that disk.
But even if we see significant improvements in technology and we manage to crack the disk in just 50-100 years, that's probably effectively "never" as you'll likely be close enough to death not to really care too much about the incriminating evidence getting out.
Hell, even 10-20 years might as well be "never" if it exceeds the statute of limitations
"Work is the curse of the drinking classes." -Oscar Wilde
Assuming AES has absolutely no exploitable flaw, the key has sufficient entropy, etc., you'd have to wait for the death-heat of the universe.
However, as I said, given enough time and CPU, anything stored locally is crackable. That's because there are no encryption methods with absolutely no exploitable flaws and password-based keys almost never have sufficient entropy.
My blog
How much you want to bet that this is going to bring up the whole law enforcement backdoor issue again? Where they try to get laws passed requiring all makers of encryption software to put in law enforcement backdoors so they can instantly get at your personal files. This issue seems to keep popping up whenever they run into problems like this. And, btw, what is the FBI doing going after a brazilian national anyway? Isn't that slightly out of their jurisdiction?
If the key is also stored on the drive, protected only by a password, it isn't merely "not crazy to think that the NSA could have this capability" it is "crazy to think that random script-kiddies do not have this capability".
Most people pick lousy passwords. Brute-forcing them is restricted only by the speed of your hardware(and password-guessing is one of those conveniently parallel problems that scales with almost perfect linearity across however many nodes you want to throw at it).
Either this guy is way above average when it comes to picking good passwords, or the key was, in fact, stored separately and never located, or (tinfoil hat) they actually cracked his password three years ago, didn't find enough evidence to build a case, and would rather "admit defeat", and encourage other malefactors to trust in their encryption, than just admit that they don't have a case....
Depends on how the password was generated, assuming I restricted myself just to lower case letters, then every letter can encode ~4.7 bits of information, that means a 55 letter sentence is going to encode more information than a 256-bit AES key, an average sized sentence is going to be long enough to do that, and even taking into account the patterns in language that sentence can still theoretically encode more than the 256-bit keys.
And if your smart you don't use a password, you use just a random number stored in a file and encrypt that with a password but store it on a separate device, I think they would find it hard to say that destroying a key is destroying the evidence and they would have to prove you actually destroyed it.
You need to use passwords that are both long and good. A naive brute-force system is, as you say, going to take forever to get "the quick brown fox jumps over the lazy dog"; but a slightly cleverer system that starts with a dictionary attack in the relevant language(s), then common slang and permutations(like l33tsp35k), then moves on to cliche phrases in those languages, and then just starts the naive brute-force would crush a password of that sort like a bug.
Some time back, I think it was on slashdot, there was discussion of a system designed specifically for that purpose. It would be seeded with all relevant and available biographical details(any writings, books/movies found in suspect's residence, terminology associated with known hobbies/professional background, etc.) and generate a dictionary of password guesses that somebody would "cleverly" choose if they were looking for something obscure; but personally memorable.
If it isn't some horrible random string, the per-character entropy is likely to be painfully low.
It may happen that you are forced by somebody to reveal the password to an encrypted volume. There are many situations where you cannot refuse to reveal the password (for example, due to extortion). Using a so-called hidden volume allows you to solve such situations without revealing the password to your volume.
The AES encryption has been public for a long time, nobody has found anything that would allow anyone to crack it with any computer out there today, the NSA has more stuff available and they still allow Top-Secret material to be protected with AES-256 (it has FIPS compliance), I doubt the NSA would do that if they thought there was any chance that AES could be cracked
The XKCD for that
I don't believe in time. It's a grand conspiracy designed to sell watches.
They should not be trying brute-force against an AES key.
They should be working to find where the key materials is stashed. Nobody memorizes a 256-bit key.
It might be stored using a weaker symmetric crypto algorithim... then they should be trying to brute force the passphrase.
Or hold the guy in prison until he produces the evidence.
Assuming the contents of the hard drive is believed to contain evidence of a crime, committed by him, or someone else, he still has to produce that evidence, no?
If the NSA could have unlocked it for them, I believe the FBI would have been there in a split second. They probably already asked.
You must remember that the NSA is in the national security business. Revealing that AES can be broken would be beyond huge, it'd be bigger than the breaking of the Enigma codes during WWII. It'd also destroy the value, because afterwards everyone would migrate to something else. So even if NSA has that capability it'd be Top Secret and not revealed just to catch this guy. It's something they'd use in secret for signals intelligence and only reveal if it was absolutely necessary in defense of the United States.
Gotta ask, does AES have a backdoors that they can go "compell" an organization to give them the keys to it?
AES itself? No. Any particular encryption software? Possibly, but as TrueCrypt is open source that's unlikely. Same with the full disk encryption in Linux. As pure brute force, there's not enough energy in the sun to break a 256-bit encryption. But there can always be some kind of algorithmic attack. I think for AES256 there was an attack lowering the strength to about AES128 strength. Still plenty strong but you can't knew if there's a better one.
Live today, because you never know what tomorrow brings
Neither of the Brazilian Ronaldos are in this World Cup. However, if you're looking for a password to a disk coming from Portugal, this could be plausible.
2^(256/96) = ~6.35. So for your claim of it taking 96 characters to be true, those characters would have to be taken from a set of 6-7 characters. Which is an awfully questionable assumption. If you choose characters from, say, the full set of printable ASCII characters (95 characters), you only need log_95(2^256) = slightly less than 39 characters.
I'm not so sure of the 6 bits for every character on the keyboard part.
abcdefghijklmnopqrstuvwxyzåäöABCDEFGHIJKLMNOPQRSTUVWXYZÅÄÖ1234567890!"#€%&/()=?+,.-;:_^'*~©@£$|[]±÷ç‘’æøßé®ü
There, those are the characters I can easily type on my keyboard, unless I counted wrong that's 205 characters which requires 8 bits per character.
But perhaps you meant only alphanumerics?
Greylisting is to SMTP as NAT is to IPv4
One of the great features of TrueCrypt is the whole alternate partition/segment idea. One password gives access to real data, while another (a duress password) would give some other access to an alternate segment. Put some benign documents in the alternate partition, and then under threat of water boarding, hand out the duress password. Assuming this all works, they find nothing, you go home.
Granted, I'm not encouraging this idea for criminal activity, but rather for truly sensitive data that shouldn't fall into the wrong hands.
$ man woman *
-bash:
A password based on a phrase where you substitute 3-4 letters for a few special characters and insert 1-4 extra characters into the middle of a word as to mess with the length, would be about has hard to break as the AES key itself. This would be an easy to remember password that would only take a few seconds to type and would render dictionary attacks useless.
"a large distributed attack should be able to 'crack' it with much less difficulty than reversing the AES itself"
Of course brute forcing a 256bit key could take 1,000,000,000,000 computers that could do 1,000,000,000,000 AES comparisons per second(aka, about 32,768 cores at 3ghz) about 1.8e+42 millennia. So, by "much less", so you mean to reduce the effectiveness to 1/10^42(0.00000000000000000000000000000000000000001%) would only take those 1 trillion 32k core 3ghz super computers 1000 years to break.
Assuming this person used a semi-decent password, the only way to get around this would be torture, key got cached/written down, bugged his keyboard, or general luck.
Fun fact told to me via a PHD in encryption. A 256bit symmetric algorithm that has no work around (AES has flaws that reduces its effectiveness) and using computers so efficient that it takes the theoretically smallest amount of energy to flip a bit, would on average consume most of the energy in the known universe to break a single key. (Think consuming all the stars in the Milkyway galaxy just a start)
"It is not crazy to think that the NSA could have this capability." I would say overly optimistic.
You have no idea what you are talking about, do you?
Copyright 2010. All rights reserved. This comment may not be copied in any way including, but not limited to caching.
I suspect that they might not have a case without whatever is on the disks. Assuming that there's something on there that incriminates him. Which is why the 5th amendment protects the key.
I always thought the 5th was more about the process of forcibly extracting new data from your head being far too dangerous and error-prone, rather than it being some right to not be incriminated.
So, you work for the NSA I take it, and want to make sure nobody believes the NSA's cryptology researches could have possibly found and exploiteded a critical (or designed-in) weakness of AES and other crypto?
Sorry... no you cannot.. 6 bits can only represent 63 characters.
The uppercase and lowercase letters + numbers alone are 62 characters.
There are 92 characters on the keyboard. And you need at least 7 bits.
zxcvbnm,./ZXCVBNM?asdfghjkl;'ASDFGHJKL:"qwertyuiop[]QWERTYUIOP{}`1234567890-=~!@#$%^&*()_+
No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.
Emphasis mine. The interpretation there is that while one can be ordered to hand over the objects, one cannot be ordered to give up the password as that's tantamount to bearing witness against oneself. It's not really that far out there and it's an interpretation which has worked in court.
I find it interesting that this news story appears, claiming that the FBI has "failed" to crack the encryption of these hard drives. A story like that doesn't just pop out of nowhere. I doubt very much that a reporter has been investigating the FBI's progress in a forensic investigation, and even more that the FBI would give out that information to an investigative reporter unless they wanted to.
What better way to insure the ability to read encrypted messages than to have a story in the news about how they are unable to decrypt a certain encryption method? Everybody thinks: "Oh look, the FBI can't crack method X! That's the one we should all use!" when the FBI has been cracking it all along. Even if it means they have to blow the prosecution of this Brazilian, it's probably worth the ability to read a lot of other peoples' messages without them knowing about it.
You are welcome on my lawn.
The FBI has not solved the P=NP problem, either
Or implemented practical cold fusion
Or developed a practical AIDS vaccine
Or found the cure to cancer
Or solved world hunger
Or stopped the oil spill
They failed to do all these things.
Wrong. There is a finite amount of matter and energy (and hence computing power) in the universe. With AES 256 these limits are already very close and possibly exceeded.
With no or infinitesimally low entropy spent per operation, it could still be infinite. Though with energy being quantized, the lower bound is believed to be kT ln 2. With that you can show that even the sun converted by E=mc^2 couldn't flip through a 256 bit register. Burning up the universe technically could, but I think we can say that's close enough.
Live today, because you never know what tomorrow brings
I'll create a GUI interface in Visual Basic...
Try all the words that are written in his office. The password may be under the keyboard, it may be also the serial number of the mouse (how many of you use this) ? Of course, it may be only in his memory: for example the beginning of a fairy tale, but there is a good chance that it is written somewhere. Do not use bruteforce, try to be smart: guess like in movies ;-)
How about this: I don't need to crack YOUR password - I just need to come up with a transform that generates the same output as your password would have.
If I know that somewhere in that block of data is your email address. I can just start doing transforms at every offset - the ones that don't produce a match will quickly get eliminated (>99% will be eliminated on the first byte, ditto for subsequent bytes - think of it as a very efficient sieve of Eratosthenes tilted on edge). The ones that are left, continue. Eventually, I'll have many transforms and start positions that convert the binary data to the target phrase.
So I continue to apply the transform until either:
I don't need your pass phrase, I don't need anything more than the maximum cycle length. I won't be able to decrypt all your stuff, but your email and spreadsheet data will probably be doable in a reasonable length of time, given today's hardware.
Wrong, it's the right against self incrimination.
I'm saying, what is the reason for this right? There's no right against incrimiation; anything or anyone other than what's locked in your own mind is allowed to incriminate you, why is there an exception? The police are allowed to forcibly dig through your stuff if they get a warrant, what is the reason behind making forcibly digging through your mind completely prohibited? Keep in mind here that your stuff can sort-of be an extension of your mind in some cases, such as if you keep a diary or a to-do list...
The interpretation there is that while one can be ordered to hand over the objects, one cannot be ordered to give up the password as that's tantamount to bearing witness against oneself.
Not that long ago, there were a few stories here about some guy named Boucher who was being required to unlock an encrypted drive on his laptop, because he had unlocked it for the customs people and therefore his unlocking it for the court would not provide any new information. Where if you're required to unlock something that you haven't been seen unlocking before, that provides new information that yes you really are able to unlock it (which of course means that the court didn't previously know that it was asking the right guy, which is a danger if the court is allowed to try to beat it out of you).
Banker is from Brazil and evidence was seized there. Why FBI was involved? It is not their jurisdiction and they are not encryption experts. Maybe those journalists should learn something about NSA before writing "article" about failed decryption.
In Brazil, proofs produced by illegal means cannot be used (Federal Constitution, Art. 5, Inc. LVI).
Which is conveniently and apparently easily circumvented by the government redefining the specific act of coercion to not be torture and hence not illegal.
Furthermore the FBI is not under the jurisdiction of the Brazilian government.
Not never. Given enough time and CPU cycles, anything stored locally can be cracked. It's just a matter of how long you want to wait.
Wrong. There is a finite amount of matter and energy (and hence computing power) in the universe. With AES 256 these limits are already very close and possibly exceeded.
You should probably use html tags so it doesn't look like you're arguing with yourself. Unless that's how you want it to look.
"I don't care about the Constitution!" --Bill O'Reilly, November 17, 2009
According to the report, the FBI and the INC used the same technology to try to break the password. It is a mechanism called a "dictionary" - a computer system that tests password combinations from known data and police information.
Nobody tell the reporters that when trying encryption, "dictionary" is just a fancy computer word for...an actual dictionary.
"I don't care about the Constitution!" --Bill O'Reilly, November 17, 2009
I that is some carp moives shown in reeducation / hidden lock ups as torture?
I don't see what gives you that impression. I'm merely pointing out that, with truecrypt(or any conceptually similar system), there are two things needed to obtain the actual decryption key and decrypt the volume: the password, and the keyfile.
The most secure configuration involves storing the keyfile separately from the encrypted volume(on a smartcard, USB drive, etc.). For reasons of convenience, though, Truecrypt(and, again, most of the conceptually similar systems) support storing the keyfile in the same location as the encrypted material, which is much less of a pain because you only need a password for access, don't have to carry a separate device, and so forth.
If this guy used the system properly, his volumes will be secure. Guessing a 1MB(in the case of truecrypt) random keyfile, or breaking the encryption will be functionally impossible.
If he went with the convenient setup, then the feds have both his encrypted volumes and his keyfiles. They only lack his password. Guessing passwords is, barring extraordinarily good ones, many orders of magnitude easier than guessing encryption keys, and is frequently within easy reach of brute force attack.
I have no comment on the first paragraph, but the last two certainly seem to shout "I actually DO have a clue."
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
Presumably, they're looking for evidence, and based upon the effort they're going to, I suspect that they might not have a case without whatever is on the disks. Assuming that there's something on there that incriminates him. Which is why the 5th amendment protects the key.
Does Brazil have an equivalent to the U.S. Constitution's Fifth Amendment? And actually, there's been quite a bit of dissent over whether or not the Fifth applies to passwords: a Federal judge ruled a while ago that it does so long as the password is in your head. He also ruled that if law enforcement can decrypt the data without need of the password (or manages to guess it) that's okay. Furthermore, in his opinion he said that if said password is written down or otherwise stored in plain text, it's also fair game. Actually, that was a fairly reasoned opinion, I thought, although IHAL (I'm Hardly A Lawyer.) But from what I've read on the subject, I wouldn't say it's cast in stone the Fifth protects such things at this point. If anyone has more information on this subject I'd like to hear it.
The higher the technology, the sharper that two-edged sword.
It's fairly easy to create a good, strong password for the really important stuff. I usually suggest the following:
1. Pick a phrase, any phrase "maryhadalittlelamb"
2. Add three "typos" with digit, capital and special character "marXyhadali6ttlel!amb"
3. Remember the typos as part of the words: "marXy" "li6ttle" "l!amb"
It'll never match a dictionary attack. It's too long with too large a character set to be brute forced, close to 128 bits. A hybrid attack possibly might but even if you know the phrase in 1. and exectly the method I told you guessing both the position and character will take about (21*20*19 * 10 (0-9) * 26 (A-Z) * 30 (the easy special chars) = 60 million permutations per phrase and in reality you won't know the phrase or if I did something slightly different, like adding two digits.
The most general fault people make is too short passwords, because they get annoyed by typos and because many systems don't handle more than 8 characters. That's too little if the attacker can run the password cracker locally, it's only good as network passwords where first off the network slows you down and second you can have slowdowns and lock-outs in place.
Live today, because you never know what tomorrow brings
In Soviet Russia, KGB decrypts you!
> But the constitution as it stands, does not allow the authorities to compel a suspect to produce the files.
The Constitution may not allow it. But these days, they simply violate it and blame the terrorists for making them do it.
On the other hand, if the NSA had broken AES, they'd have to worry that their counterparts in Russia/China/India/Country-of-Interest might have done the same, and therefore worry that all the government agencies that currently use AES as 'secure' aren't secure either. So they'd want it to be known that it was breakable, in order to get replacements in place.
If it were the best available, they might not release that they had already broken it, but even just a few comments about likely weaknesses (maybe even through third-party mouthpieces) would get others looking for holes and other options.
'Sensible' is a curse word.
Of course, practically any information has a use by date on it. In this case, he just needs it to hold out until he dies of old age.
I don't think you completely understand either how encryption scales then or how computer power scales at the moment.
Computers typically have become around twice as fast every two years orso in recent history, although this is becoming quite hard to keep up nowadays.
Most encryption algorithms on the other hand can be scaled up arbitrarely high, by just changing a parameter. Brute forcing 128 bit AES vs 256 bit AES is not a factor two harder. It is a factor 2^128 harder.
Want it even harder? Just change the algorithm (or a parameter) to use 512 bits. The only reason AES 128 and AES 256 are in use at the moment is because experts agree that these are highly unlikely to be brute-forced in the near future, not because 256 bits is somekind of practical limit. You could create a 200000 bit encryption algorithm if you wanted to, but there is simply no point.
Well, no. That's only if you use classical electromagnetic medium, witch is what normal computers use now a days. But, we now have Quantum computers, and although they don't have enough qubits to crack an AES 256 key today, they will surely have in the future. In fact when they have enough qubits they will be able to crack any classical encryption algorithm, no matter how big.
The funny thing about quantum physics, is just that is goes against all your common sense.
Well, in 10 years I'm sure we will have quantum computer with enough qubits that will crack this instantaneously. But hopefully they will occupied being used for science instead of this kind of stuff.
That's also a form of encryption: The decompression algorithm is the key. It's just that many people use widely available keys, and moreover indicate the used key in the file name.
The Tao of math: The numbers you can count are not the real numbers.
Quite the opposite. IF the NSA can trivially crack AES, they want everyone out there to feel sure they can't. That way it stays in use.
Which is, again, why we'll probably just keep someone awake for 3 days while we scream at them and hit them under the arms with a phonebook until they talk.
A bullet may have your name on it but splash damage is addressed "To whom it may concern."
I believe the reason is so that if someone says they're innocent and is convicted of a crime they can't be convicted of perjury as well.
So exactly how often does a government agency admit to failure at an issue this big ? I'm reading this as "FBI just managed to break TrueCrypt so we hope all you people use it."
Can I light a sig ?
Doesn't mean you wont spend the rest of your life in a box. You might be 'right', but was it worth it?
---- Booth was a patriot ----
>>>"In Brazil, proofs produced by illegal means cannot be used"
>>"Same in America, and usually ..."
As oppossed to Africa where Bazil actually is.
I don't believe that's correct. AES is to the best of our knowledge uncrackable by the NSA with current computing resources. The flaws that have been discovered publically are minor and inconsequential. It is possible that the NSA has a practical attack against AES, and others but that they choose not to reveal this as GHCQ did not reveal their cracking of Enigma.
Practically this doesn't make much difference to 99.9% of us The NSA is unlikely to go after us little guys, the risk of revealing their secret would outweigh the benefit. However if you're ever holding the UN to ransom don't assume that AES, RSA et al are secure against a national government.
The spooky thing here is the "Or can they?" factor. Certainly no way obvious of course and no way anyone else figured out, but then they had a good head start here. Oh the other hand, when you have $5 wrenches (as they do), they're probably more at an advantage with unbreakable crypto, seeing as us smalltimers will have a hard time using that strategy.
Over 2 years ago i had the feds raid my house, i used DriveCrypt Plus Pack (www.securstar.com) to encrypt my drive, they returned the drive a year later saying the drive was corrupted.
keep in mind the feds have thousands of cases and usually hire outside companies to crack it, they are limited by time and budget.
just goes to show the myth of any gov agency can crack commercial encryption software.
Immunity means "Immunity against prosecution." So this is not the sort of thing they can use against someone. They can't say "You are immune from prosecution, now testify about your crimes. Ok, you testified, now we are going to charge you with those crimes." The person was given immunity from prosecution, can't prosecute them for those crimes.
The point of immunity is securing someone's testimony against another party. So lets say you and I had committed some crimes together. However your part was pretty minor, you'd done little things and you weren't the guy planning things. The prosecutors decide I'm the one they really want, you are just a petty crook they don't care about. However, you won't testify against me, not because you are scared of me but because in doing so you'd admit to your own crimes. They say "Ok we'll grant you immunity. Any crimes you testify about committing, you can't be prosecuted for." You then go and testify to all the stuff I've done. I go to jail, you do not.
Immunity isn't some magic way to make the 5th amendment disappear. What it does is protect someone's 5th amendment rights, while allowing them to testify. The 5th amendment says you can't be made to testify against yourself. So, if you are immune from being prosecuted there is no violation of your rights. Your testimony is not being used against you.
For the same reason they can't say "Ahhh! We had our fingers crossed! Deal doesn't count!" In that case your lawyer would argue to have your testimony, and any evidence as a result of it, suppressed. You only testified because you believed it could not be used against you, and there is a written deal to that effect. If they revoke the deal, then that violates your rights. A judge would then suppress the testimony, and all evidence that comes from it (US courts use a "poisoned fruit" idea that evidence that comes from a violation of rights itself cannot be used). Your lawyer then has the court dismiss the case due to lack of evidence.
There is no law in the US that compels you to give up your password. You may be thinking of Britain, which does indeed have such a law. However in the US just keeping your trap shut would just be good enough. Also, the burden of proof is on the state in criminal cases. So, if the claim is that the data is simply random, they need to prove that the data is NOT just random before they would be able to force anything, even if the law allowed it.
Of course in any case the answer "I don't recall," works plenty well (note how often that is used by people in major investigations). They can't say "Yes you do!" as there's no way to prove it. People forget shit all the time. So they say "What's the password to this," you respond "I don't recall that being encrypted," there's little they can do to prove otherwise.
That doesn't work in the courts, at least not in most free countries. Testimony obtained through coercion, and any evidence resulting from that, is inadmissible. You might notice that police do not just torture people to extract confessions. Why not? Should work very well, torture someone enough they'll confess to whatever you want, no matter if they did it or not. Solves cases really easy. Well, because the courts are going to take a real dim view of that. Their confession and all evidence as a result of it would get suppressed and the case would evaporate. What's more, the police involved are likely to get charged with a crime themselves.
So sure, the XKCD thing is a fairly realistic scenario if you had, say, the location of a nuclear weapon that was going to detonate in a US city and kill a lot of people. In that case, I can see the rules going out the window. They don't so much care about convicting you as finding and disabling the device. However for a criminal prosecution? Ya that kind of stuff goes over not at all.
You might notice that there are more than a few paranoid people on this site. They are convinced that the government is extremely evil, oppressive, and thus obviously extremely capable of doing amazing things that nobody else can. So the government can crack all encryption (even though the best research shows that isn't possible), the government can recover data from any harddrive unless you Gutmann wipe it (even though the best research shows a single overwrite screws over any recovery on EPRML drives). They believe the government is so amazingly competent and evil that they can organize thousands of people to plant explosives in the WTC and just make it LOOK like planes brought it down, and keep all that hushed up, and so on.
They believe that AES is "obviously" crackable simply because the public has it. They need no more evidence than that. It is paranoia, not facts, that they operate on.
Personally, I find it highly likely the government can't crack AES. They use it for classified data, it was designed to help secure our nation's financial system against foreign attack (one of the NSA's missions, they aren't only signals intelligence). It is probably the most analyzed crypto system in history, and nobody anywhere has found a major weakness. I'm going to cast in on the "it's secure" side of things.
The reason for such a right is to ensure that people are treated as innocent until proven guilty. The Fifth Amendement (right against self incrimination) works alongside the Fourth Amendment (right against unreasonable search and seizure) in order to allow this.
We all know what to do, but we don't know how to get re-elected once we have done it
perhaps you could stop believing any drivel you read in a novel. van eck is a fantasy and i can see lots of problems with it becoming practical.
Wealth is the gift that keeps on giving.
You should add another layer to your tinfoil hat. The US Government standard is AES.
If AES was easily and by easily, I mean anyone has the capability to crack it in a reasonable amount of time and reasonable being within the timeframe of normal declassification, you really think they would be using it as their standard?
It's fun to think there exists the ability to just unlock any code (think Sneakers little black box), but the fact is that if that technology existed, it would be exploited and sold to the highest bidder ASAP.
But of course, "that's what they want you to think". If you thought this, add a third layer to that hat.
Or the obvious, if it was known to be easily breakable, the US Government standard for encryption of Top Secret information would be something other than AES. But no, AES _is_ the standard for Top Secret information encryption.
I recognize the algorithm is approved for use by govt agencies, however you cannot use an algorithm by itself.....
It would be nice if truecypt received 'the nod' from NIST. That would then allow my organization to use it.
I make my hats out of lead, with special paint to mask the electromagnetic signature, not TIN. The notion that 'TIN' would protect you from government mind control, eavesdropping, and other electromagnetic manipulation was a lie passed around -- actually TIN amplifies the effect, and makes the tin-hat wearers easier to track.
There are likely better materials to make your hats out of that are more effective, won't enable you to be tracked, and won't amplify the special signals....
I know the US government wants the citizens to think their standard is AES. Gives more credibility to the standard.
As for security measures under the most secret of government... who knows what the standard really is?? If they use something different from AES, or in addition to AES, or a modification to AES (such as special method of selection of key material to evade a certain vulnerability), I am sure they classify that top secret too.
The panacea of crypto standards for them would be one that has a backdoor when someone else uses it, but that when the government uses it, they get to pick a key that has certain properties that close the special avenues of attack completely....
they will assume they've been given the wrong password and continue torturing you
That's only true if they know for sure that data is what they were looking for. But if there's any doubt, all they know is there was an encrypted block and the key you gave them unlocked it. There's no reason to continue asking you for a password since as far as they know, that data is useless.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
If waterboarding is not torture, then you are willing, I presume, to undergo it for two or three days? If not, fuck you.
It has no lasting physical damage. And we already do waterboard our own military personnel to instruct them on what they might face if they were captured. Also the people that use it as a technique are required to also have it done to themselves in order to understand the physical and psychological effects is has.
So yeah, I'd be willing to be waterboarded. And like all techniques meant to momentarily weaken your resolve rather than actually hurt you, no I don't consider it torture.
Physical torture no, but it does qualify as psychological torture with potentially long lasting effects. Just check the citations in the wikipedia article http://en.wikipedia.org/wiki/Waterboarding. As such, it's a violation of the Geneva Convention (which the US govt claimed didn't apply). Go get a video of you being waterboarded and we might take you seriously.
Actually, this is a great test of TrueCrypt's ability to keep sensitive information sensitive. If the FBI finds a security hole in TrueCrypt, it will be fixed or compensated for, making it safer for everybody else who uses TrueCrypt. If the FBI can't decrypt this, then TrueCrypt has withstood the test of probably the most resourceful law enforcement agency there is.
"If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
Re I find it interesting that this news story appears, claiming that the FBI has "failed" to crack the encryption of these hard drives.
Think back to the early days of Skype and Crypto AG.
Both show that with enough interest, security services can find a way in or around the challenges.
The public is reassured, in private its plaintext in real time.
Domestic spying is now "Benign Information Gathering"
I need to know what the Portuguese word is for 'PASSWORD"
FragHARD or don't frag at all
It shows you what total BS that show is--always being able to crack encryptions in no time. Getting facts out of a prisoner in hours rather than months. I could be wrong, I've only seen a few episodes but that is what happened in the few I watched.
The *correct* approach is to setup the arrest so that you don't arrest the guy and sieze the computer while the encrypted volume is not mounted. Instead, you keep him under surveillance, and when he has the truecrypt volume mounted, you storm in and arrest him before he can unmount it, then copy all the data from the already mounted volume to a thumb drive, or external hard drive.
Or. . .
Secretly install a keylogger somewhere on his system to log the password for the truecrypt volume, and DON'T arrest the guy till you've got the passwords.
Or. . .
Secretly install software on his computer which, when any volume is mounted, starts to transfer the files over the Internet to a police file server.
Or. . .
I've heard of research (seems like it was posted to /. a few years ago) that indicated it would be possible to pickup keystrokes made on a computer which was plugged into a wall power socket, by like tapping the lines outside the residence or something.
Anyhow, my point is, if the police are careful about how they go about the arrest and siezure, they might not have to 'defeat' the encryption. The problem with encryption is at some point, you have to enter the password and decrypt the data. Either the password can be captured, or the decrypted data can be.
Van Eck phreaking is not a fantasy. It may rarely be a practice risk, but it is a real technique. http://www.cl.cam.ac.uk/~mgk25/pet2004-fpd.pdf http://jya.com/emr.pdf Warning pdfs
Xavier Rabourdin for president 2012
If the Brazilian stuff I've seen is any indication, they don't need a password, they need to download the right codec... ;)
The fifth amendment does not apply since this is not in the US. Brazil may have similar protections of the individuals rights.
The US government have made it clear that we have no inalienable rights; any we do not defend vigorously will be taken.
Gotta love it. Truecrypt used intelligently is impervious to dictionary attacks. The trick is keyfiles, which can be used together with garden-variety "weak" passwords. It also has hidden volumes, which have a couple of annoying gotchas, which provide "plausible deniability" (it says here). One nice trick with keyfiles is to use steganography to embed a signifant blob of /dev/urandom output into a photograph, which then hides in plain sight along with hundreds or even thousands of other similar photographs (this circumvents keystroke loggers) -- or on a thumb drive or cd-rom. Shred the cd-rom (or smash the thumb drive with a hammer, etc.), and Truecrypt volumes become indecipherable, because the actual key is literally unknown (and unmemorizible by ordinary human brains). Assuming the banker get his drives back (or his backup!), and recovers his copy of the cd-rom bearing the keyfile from his friend in Freeport who thinks it's a bootleg Grateful Dead concert, Truecrypt brings it all back like Lazarus. The Linux version uses an optional cascade of three keys (AES 256, Serpent and Twofish) and the (optional, but recommended) Whirlpool hash algorithm. Steganography is not part of Truecrypt in any version I know.
``Tension, apprehension & dissension have begun!'' - Duffy Wyg&, in Alfred Bester's _The Demolished Man_
You do realize that NSA didn't design AES right?
Build it, Drive it, Improve it! Hybridz.org
Perhaps they did break it, but they prefer to send a message saying "Ok, dudes, it's still ok to use AES-256"...
Invisible to you, my blockquote tag hat one character spelled wrong and I was in a hurry.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
The other funny thing about quantum computing is that it may well remain infeasible for significant problem sizes forever. Also your statement is wrong. For things like RSA, quantum computing helps. For AES it does not help at all.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
For AES it does not help at all.
I admit I might be wrong, but isn't AES based in primes as well? If so, then quantum computing will solve it. About you statement that quantum computing might never reach an advanced enough state to solve complex problems. Well, I direct you to Quantum Entanglement in Photosynthesis recent findings. That clearly demonstrate that it's possible to maintain the kind of necessary states, no only in high quantities but also at room temperatures. And all this made simply by natural evolution. So yes, it's easy to see that sooner rather than later human technology will be able to use this as well.
That really should say practical risk.
Xavier Rabourdin for president 2012
And like all techniques meant to momentarily weaken your resolve rather than actually hurt you, no I don't consider it torture.
So by that standard you'd be willing to watch your son's testicles get crushed since it only weakens your resolve and doesn't actually hurt you. Good to know you're ok with things that only weaken your resolve in case we ever need some info from you.
Actually, they can. You have the right to remain silent but the US Supreme Court resolved the circuit split on the exculpatory "no" doctrine by ruling that an exculpatory no is not protected in the case Brogan v. United States. This is just another reason not to answer questions from law enforcement.
http://www.tjtaxlaw.com/tjn19980126.htm
They only have to look at the code to see what algorithms are used. Breaking two ciphers takes twice as long as breaking one, which is more or less equivalent to adding one bit to the key - i.e. not much difference. Also, it doesn't have to be two different ciphers, it could be one encrypted twice using one cipher with two different keys.
The article finishes with the mention that Brazil has no law to force him to give up his password. Surely the US, with its codified right to not self incriminate (ie the "right to remain silent"), has no such law either? Just askin', ya know.
"I hope you like Guinness, Sir. I find it a refreshing substitute for, er... food." Col. Jack O'Neil, SG-1
While I disagree with GP, that's a rather poor example. You are still physically torturing someone in order to get information, even if where the information comes from isn't the person being physically tortured.
"I'm not sure I like the fugnutish tone you used in your post!" -RogL (608926)-
Give him a call.
That argument is tantamount to saying, "Only the guilty need privacy."
The argument falls apart when I say, "Okay, so let me video tape you in the shower and put it on the Internet."
I store bank records on my PC. You better believe it's encrypted to hell and back.
I have files on my customers on my laptop. Again, encrypted to hell and back.
There are tons of completely legal and legitimate reasons people want, deserve, and should have encryption that is uncrackable.
You are a vile human being, I just hope to God you're not in a position to carry out your philosophy on other people.
To have a right to do a thing is not at all the same as to be right in doing it
>No Brazilian law exists to force Dantas to produce the password(s)
You know enough pressure applied to a wound, or salt poured into a wound, could really help speed things up.....
sure it's not pretty but Jack Bauer proved that it works. Good luck though trying to break those encryption programs, the whole purpose was to keep them out, what use is it to try and break it...break him instead.
Interrogator : "What is your password?"
Suspect : "I honestly don't know what your talking about."
interrogator : "So, your being difficult eh?"
Actual password - I honestly don't know what your talking about.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
"Even if they they break the encryption, they'll only find his mp3 collection and some seasons on House and Lost..."
So he gets handed over to the RIAA and MPAA who sue him for $975 trillion.
Talk is cheap.
Arrange for a demonstration, like these guys did:
http://www.youtube.com/watch?v=4LPubUCJv58
http://www.youtube.com/watch?v=qUkj9pjx3H0
http://www.youtube.com/watch?v=LV4a2_appig
You'll change your mind pretty quickly, like those guys did.
With quantum computing they could crack it within a year.
You are a vile human being, I just hope to God you're not in a position to carry out your philosophy on other people.
The feeling is mutual, I assure you... I think of people like you, and the thousands or millions of innocent people dead all because someone just like you was unwilling to use any degree of force, no matter how small, to extract information from a single individual obviously intent on causing innocent people harm.
I'm not really religious, but if there is a God I don't think you'll be seeing him for a while after you pass on, as you work off your debt to the innocents in the afterlife. Each one, I am hoping, you will be required to face in person and explain why you believe what you do.
I don't believe you are evil by nature, but it is a shame that great evil is being done because of mistaken beliefs such a yours.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Three people that were against it before they tried it do not a convincing argument make.
As I said, plenty of people in the military are required to undergo this treatment. I think the problem is that you and other people are so far removed from real torture these days, you don't even understand the concept.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I said physical torture was the line, so PRETTY OBVIOUSLY I would not be OK with said force being used on anyone and then calling it not torture from "one mans point of view". Torture is, to me, an absolute regardless of who is being tortured.
It's the ultimate in moral equivalence to re-phrase torture as not-torture simply by selecting the viewer.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Go get a video of you being waterboarded and we might take you seriously.
Only if you agree to say 100% of the time that waterboarding is not torture if I get waterboarded and claim it's not torture when I am done. Are you seriously willing to say that? Because that's basically what you are asking me to do the other way round, when I'm pretty sure you'd go back on your claim to take me seriously.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
That's three people that argued waterboarding was not torture and changed their minds pretty quickly after they experienced it. Also note the law enforcement officer in one of the clips saying that the average person can endure it for 14 seconds.
No, the problem is that you have no idea don't understand the concept. Torture is not what you see in the movies. Torture is simply finding the limits of your tolerance and bringing you to -- and beyond -- that point repeatedly until you break and will do anything to make it stop. Every person is susceptible to some leverage, be it physical, emotional, psychological, financial or otherwise. Every person has a limit to their tolerance. Find the right combination, apply it -- that's torture.
Your argument about the military is bogus. They undergo it once, under controlled conditions, knowing that it will stop when they push the panic button or, at worst, at the end of the exercise.
When I was in the military (not the US one), I was required to spend some time in a room with CS gas. IIRC, I did it three times. It was not a fun experience, but it was not "torture" because I knew that it was "safe". However, having experienced the effects of CS gas on the human body firsthand, I can use it as a torture device. All I need to do is to convey three simple points to you: that I will not stop upping the intensity until you give me what I want, that I will stop once I verified to my satisfaction that I got what I want from you, and that, while I prefer to keep you whole (for my own purposes), I don't really mind permanently damaging you in the process. Perhaps even killing you, but not right away, since it would give you a way out.
Torture is mostly psychological -- it's not the tool, it's how you apply it. And what makes waterboarding so effective a tool is the millions of years natural selection had to produce drowning-averse humans. Trust me, you'll do anything to prevent asphyxiation (otherwise, you'd be an evolutionary dead end).
Back to the clips. Notice how the demonstrations stopped the moment the subjects pushed their respective "panic buttons"? Notice the repeated instructions about code words and suchlike? That is what separates it from "real" torture.
The military exercises are similar in the respect that those who undergo them know they are safe.
Now, I noticed that you avoided the subject of trying it yourself. I do urge you to do so, it is quite illuminating.
To get the maximum effect, hold out the longest possible time and, after it is over but while the experience is still fresh in your mind, contemplate how would you feel if the person administering it would have continued for 20 seconds after you indicated you wanted them to stop.
Any interrogator will tell you that torture produces bad information. The purpose of torture is not to get a particular piece of information out of a particular individual, what you want is to torture large numbers of people in a particular population in order to cow them and make them afraid of standing up to a particular government.
With torture the target is not the person tortured, it is everyone who knows the person who was tortured. They see a broken man and are afraid of becoming the same way.
But making a father watch while his son was water-boarded would be ok?
Let's say the son was 18 years old or so. Well then, why not. It's not torture. He wouldn't like it of course.
But it wouldn't cause lasting damage.
Now if you are talking much younger than that, there I think it starts crossing the line. But then again if the kid and the father had killed innocent people or could prevent them from dying, then it would be OK. The good of the many outweighs the good of the few.
"There is more worth loving than we have strength to love." - Brian Jay Stanley