Slashdot Mirror
FBI Failed To Break Encryption of Hard Drives
benoliver writes to let us know that the FBI has failed to decrypt files of a Brazilian banker accused of financial crimes by Brazilian law enforcement, after a year of attempts. Five hard drives were seized by federal police at the apartment of banker Daniel Dantas, in Rio de Janeiro, during Operation Satyagraha in July 2008. (The link is to a Google translation of the original article in Portuguese.) The article in English mentions two encryption programs, one Truecrypt and the other unnamed. 256-bit AES was used, and apparently both the Brazilian police and the FBI tried dictionary attacks against it. No Brazilian law exists to force Dantas to produce the password(s).
is waterboarding next to get the info?
...both the Brazilian police and the FBI tried dictionary attacks against it
They should have used a Portuguese dictionary not an English one! Geeze! Folks are soooooo US centric!
RIP America
July 4, 1776 - September 11, 2001
Just because you're paranoid does NOT mean that no one's out to get you.
And you KNOW the government is out to get you.
They should publish it as a DVD and within hours they'll be able to download the unencrypted file from a torrent! :o)
I thought this was not just a sound idea but a law.
Great stuff though, but expect some new laws by government that make it illegal not to provide your password/keys to the government upon a court order and if you don't provide it, expect an assumption of guilt and some extra punishment. I am not saying it's right, just saying that's probably going to be one of the outcomes of this.
Of-course the problem is that they got the drives physically (not that I am necessarily on the side of a allegedly corrupt banker, but I am not automatically assuming he is guilty of anything either.) Here is a good application for the 'cloud' (yikes) - keep your encrypted data so that nobody can even know it exists in the first place.
You can't handle the truth.
http://xkcd.com/538/
No, AES has been independently vetted and attacked by multiple security organizations. The only flaws that have been discovered in the algorithm are minor and inconsequential. The NSA is a double-edged sword - they help with useful security tools such as SELinux as well as their traditional spook espionage. The NSA can't crack AES even with a supercomputer (right now, and only if the user has a decent password and/or 2-factor authentication).
Other agencies such as NSA can probably crack that encryption with ease if not instantaneously
Stop believing in spy movies.
The law of gravity. The feds hang you by your feet out a 5th floor window till you talk......
"The average reporter we talk to is 27 years old......They literally know nothing." - Ben Rhodes
Presumably, they're looking for evidence, and based upon the effort they're going to, I suspect that they might not have a case without whatever is on the disks. Assuming that there's something on there that incriminates him. Which is why the 5th amendment protects the key.
How will you get out of jail though?
Give them the password? You can't since it is random data.
Tell them it was random data? Sure... we believe you! Now give us the password @#&*$!
This does show though that proving that something is not random data would be very important before they try waterboarding a password out of you :)
This say plainly that if you encrypt your info with the right, cheaply available technology, not even the FBI could get it, no matter what is it, or who you are. How much time now till some law around criminalizing the use of encryption gets approved?
Not without violating the 5th amendment. If you can get the key via keylogger or malware it's fair game, otherwise they have to willingly provide it or you've got to crack it. But the constitution as it stands, does not allow the authorities to compel a suspect to produce the files.
How will you get out of jail though?
Give them the password? You can't since it is random data.
Tell them it was random data? Sure... we believe you! Now give us the password @#&*$!
This does show though that proving that something is not random data would be very important before they try waterboarding a password out of you
It depends on what your goal is. If your goal is to hide your secrets to stay out of jail, this may be a bad way to do it, especially if they torture you.
If your goal is, however, to keep your drug lord employer's secrets, otherwise they'll torture and kill your entire family, that's another thing entirely.
... if I were the FBI and I could decrypt TrueCrypt, I'd not admit it and hope everyone keeps using it.
If there is ever a case along the lines of: "Well, m'lud the prosecution have not proved there are any encrypted files - it's just a block of encrypted data, so there is no case to answer" then I suggest we all follow it very closely.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
No, AES has been independently vetted and attacked by multiple security organizations. The only flaws that have been discovered in the algorithm are minor and inconsequential.
That only matters if the implementation used doesn't have any important flaws. And a password wasn't stored anywhere by accident or 'overlooked mechanism' (caches etc). And the chosen keylength was enough to make brute-force attack unfeasible. And nobody else has/leaks password.
They don't have to crack a tried & tested algorithm, they only have to find the weakest link. Surely there's many links, most of those weaker than the algorithm itself.
If the passphrase has more than 256 bits, brute-forcing it is less efficient by a fair margin, than direct guessing. On the practical side, passphrase guessing likely becomes very expensive for something like 50+ bits of entropy with a good key-setup. Keep in mind that the key-setup may make you work for, e.g., 1 sec of CPU time per guess. With 50 bits, that is (assuming an EC3 small unit for simplicity) around 25 Billion USD for the crack. For every 10 additional bits, add a factor of 1000. With this money, you can built special-purpose hardware, but incidentally, that is likely only going to be faster but not cheaper.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Not never. Given enough time and CPU cycles, anything stored locally can be cracked. It's just a matter of how long you want to wait.
Wrong. There is a finite amount of matter and energy (and hence computing power) in the universe. With AES 256 these limits are already very close and possibly exceeded.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
If the key is also stored on the drive, protected only by a password, it isn't merely "not crazy to think that the NSA could have this capability" it is "crazy to think that random script-kiddies do not have this capability".
Most people pick lousy passwords. Brute-forcing them is restricted only by the speed of your hardware(and password-guessing is one of those conveniently parallel problems that scales with almost perfect linearity across however many nodes you want to throw at it).
Either this guy is way above average when it comes to picking good passwords, or the key was, in fact, stored separately and never located, or (tinfoil hat) they actually cracked his password three years ago, didn't find enough evidence to build a case, and would rather "admit defeat", and encourage other malefactors to trust in their encryption, than just admit that they don't have a case....
The XKCD for that
I don't believe in time. It's a grand conspiracy designed to sell watches.
If the NSA could have unlocked it for them, I believe the FBI would have been there in a split second. They probably already asked.
You must remember that the NSA is in the national security business. Revealing that AES can be broken would be beyond huge, it'd be bigger than the breaking of the Enigma codes during WWII. It'd also destroy the value, because afterwards everyone would migrate to something else. So even if NSA has that capability it'd be Top Secret and not revealed just to catch this guy. It's something they'd use in secret for signals intelligence and only reveal if it was absolutely necessary in defense of the United States.
Gotta ask, does AES have a backdoors that they can go "compell" an organization to give them the keys to it?
AES itself? No. Any particular encryption software? Possibly, but as TrueCrypt is open source that's unlikely. Same with the full disk encryption in Linux. As pure brute force, there's not enough energy in the sun to break a 256-bit encryption. But there can always be some kind of algorithmic attack. I think for AES256 there was an attack lowering the strength to about AES128 strength. Still plenty strong but you can't knew if there's a better one.
Live today, because you never know what tomorrow brings
One of the great features of TrueCrypt is the whole alternate partition/segment idea. One password gives access to real data, while another (a duress password) would give some other access to an alternate segment. Put some benign documents in the alternate partition, and then under threat of water boarding, hand out the duress password. Assuming this all works, they find nothing, you go home.
Granted, I'm not encouraging this idea for criminal activity, but rather for truly sensitive data that shouldn't fall into the wrong hands.
$ man woman *
-bash:
A password based on a phrase where you substitute 3-4 letters for a few special characters and insert 1-4 extra characters into the middle of a word as to mess with the length, would be about has hard to break as the AES key itself. This would be an easy to remember password that would only take a few seconds to type and would render dictionary attacks useless.
"a large distributed attack should be able to 'crack' it with much less difficulty than reversing the AES itself"
Of course brute forcing a 256bit key could take 1,000,000,000,000 computers that could do 1,000,000,000,000 AES comparisons per second(aka, about 32,768 cores at 3ghz) about 1.8e+42 millennia. So, by "much less", so you mean to reduce the effectiveness to 1/10^42(0.00000000000000000000000000000000000000001%) would only take those 1 trillion 32k core 3ghz super computers 1000 years to break.
Assuming this person used a semi-decent password, the only way to get around this would be torture, key got cached/written down, bugged his keyboard, or general luck.
Fun fact told to me via a PHD in encryption. A 256bit symmetric algorithm that has no work around (AES has flaws that reduces its effectiveness) and using computers so efficient that it takes the theoretically smallest amount of energy to flip a bit, would on average consume most of the energy in the known universe to break a single key. (Think consuming all the stars in the Milkyway galaxy just a start)
"It is not crazy to think that the NSA could have this capability." I would say overly optimistic.
Immunity means "Immunity against prosecution." So this is not the sort of thing they can use against someone. They can't say "You are immune from prosecution, now testify about your crimes. Ok, you testified, now we are going to charge you with those crimes." The person was given immunity from prosecution, can't prosecute them for those crimes.
The point of immunity is securing someone's testimony against another party. So lets say you and I had committed some crimes together. However your part was pretty minor, you'd done little things and you weren't the guy planning things. The prosecutors decide I'm the one they really want, you are just a petty crook they don't care about. However, you won't testify against me, not because you are scared of me but because in doing so you'd admit to your own crimes. They say "Ok we'll grant you immunity. Any crimes you testify about committing, you can't be prosecuted for." You then go and testify to all the stuff I've done. I go to jail, you do not.
Immunity isn't some magic way to make the 5th amendment disappear. What it does is protect someone's 5th amendment rights, while allowing them to testify. The 5th amendment says you can't be made to testify against yourself. So, if you are immune from being prosecuted there is no violation of your rights. Your testimony is not being used against you.
For the same reason they can't say "Ahhh! We had our fingers crossed! Deal doesn't count!" In that case your lawyer would argue to have your testimony, and any evidence as a result of it, suppressed. You only testified because you believed it could not be used against you, and there is a written deal to that effect. If they revoke the deal, then that violates your rights. A judge would then suppress the testimony, and all evidence that comes from it (US courts use a "poisoned fruit" idea that evidence that comes from a violation of rights itself cannot be used). Your lawyer then has the court dismiss the case due to lack of evidence.
Or the obvious, if it was known to be easily breakable, the US Government standard for encryption of Top Secret information would be something other than AES. But no, AES _is_ the standard for Top Secret information encryption.