Full Disk Encryption Hard For Law Enforcement To Crack

If you'd rather keep your data private, take heart: disk encryption is a lot harder to break than techno-thriller movies and TV shows make it out to be, to the chagrin of some branches of law enforcement. MrSeb writes with word of a paper titled "The growing impact of full disk encryption on digital forensics" [abstract here to paywalled article] that illustrates just how difficult it is. According to the paper, co-authored by a member of US-CERT, "[T]here are three main problems with full disk encryption (FDE): First, evidence-gathering goons can turn off the computer (for transportation) without realizing it's encrypted, and thus can't get back at the data (unless the arrestee gives up his password, which he doesn't have to do); second, if the analysis team doesn't know that the disk is encrypted, it can waste hours trying to read something that's ultimately unreadable; and finally, in the case of hardware-level disk encryption, tampering with the device can trigger self-destruction of the data. The paper does go on to suggest some ways to ameliorate these issues, but ultimately the researchers aren't hopeful: 'Research is needed to develop new techniques and technology for breaking or bypassing full disk encryption.'"

I wish this was the case in the UK

I wish this was the case in the UK, any encryption keys have to be handed over when asked by the police or .Gov

Re:I wish this was the case in the UK

[0100010001010011]

So use TrueCrypt and a hidden volume. Give them the keys to your outer volume. It mounts and they can browse your collection of Lolcats. Let them prove that's not what they were looking for.

Re:I wish this was the case in the UK

If they know it's a truecrypt drive, they probably would suspect that there's another partition so will try and charge you anyway for withholding.

So basically they make your life hell for a year till charges are dropped and would use any little excuse to question & detain you.

Re:I wish this was the case in the UK

[durrr]

I haven't bothered with hidden partitions, yet. Does it mean I'm subject to legal punishment for not using this feature and thus lacking a password to give to law enforcement so they can take part of my extensive collection of crustacean pornography?

And if that, then what happens when truecrypt suddenly accepts multiple hidden partitions or other more complex schemes? Everyone goes to jail because lawmakers somehow ascended beyond full retard?

Re:I wish this was the case in the UK

[228e2]

That wont work if they were doing any kind of listening/tapping and see you havent accessed any file on said Lolcat volume since you last set it up 4 months ago. Well, they wont even have to have listening data to figure that out.

Re:I wish this was the case in the UK

[fuzzyfuzzyfungus]

It may not help the poor bastard being asked for them; but, depending on the implementation, delivering the keys may simply not be possible.

It takes a pretty exceptional human to actually remember a useful crypto key, so most systems store the key for you and depend on a password, passphrase, and/or some sort of hardware device to grant access to the key. If the system that actually stores the crypto key is designed to resist tampering, there are a reasonable number of initial attempts at forensics that might trip tamper detection and cause the key to be wiped, irrevocably.

Your classier cryptographic coprocessor modules offer such tamper resistance, and the enthusiasm of DRM peddlers and corporate customers who have backups; but really, really, hate data-breach stories will likely continue to push it further down into cheaper and more common business desktops and laptops.

(Even the TPMs of today may be pretty tricky to subvert without pissing them off, though I don't think that they are required to adhere to the same anti-tamper standards as the more serious hardware security modules).

Re:I wish this was the case in the UK

[sunderland56]

We need an encryption package that has *two* passwords:

• One normal one that decrypts as usual;
• A second one that formats the disk and installs a standard version of Windows

You use password #1, but if arrested you give up password #2.

Re:I wish this was the case in the UK

[sco08y]

We need an encryption package that has *two* passwords:

• One normal one that decrypts as usual;
• A second one that formats the disk and installs a standard version of Windows

You use password #1, but if arrested you give up password #2.

That's brilliant, but how do you get the police to use this software? Especially after they've pulled the drive out and plugged it into their forensics kit?

Re:I wish this was the case in the UK

[Dogbertius]

Sadly, the notion of "plausible deniability" works both ways. If they (ie: the authorities) are aware it is a TrueCrypt volume, they can just demand you hand over the passwords for the inner and outer volumes. If you provide just one key (ie: the password for the outer volume that contains junk you don't care about), and you are in a country that demonstrates little to no respect for civil rights, they could very well jail you, even if you aren't using a hidden volume.

Secondly, the authorities demanding you hand over the key (strangely enough) isn't covered under fifth amendment rights, so again, they can demand you hand over the keys, or you could be jailed almost indefinitely.

Finally, there are some interesting articles by Bruce Schneier on alternate means of incrimination. www.schneier.com/paper-truecrypt-dfs.pdf

In short, there are many ways to give a judge the idea that the use of a hidden volume is likely (ie: check path histories for previously opened files, check temp folders, etc). Not only would these indicate the possibility of a hidden volume, but some files that were meant to be encrypted may be 100% available (eg: Microsoft Word makes temporary backups of files in your %APPDATA% folders in case it crashes and you want to recover your work; as one example). Unless one is very diligent and knows what he/she is doing with respect to encrypting data, it would seem the only safe method is to encrypt the entire disk and boot off of it exclusively, all while keeping the machine itself disconnected from the internet to avoid hacking attempts, and locked in massive safe so the authorities don't install a keylogger (application or physical device) or start taking snapshots of your disk daily to aid in cracking the password.

You may be able to secure your data, but with multiple means of data accidentally being leaked due to the OS or various applications used in day-to-day life, along with unscrupulous policing agencies allowed to overrule fundamental civil rights, it is likely that one will ultimately lose their data and/or freedom either way.

Re:I wish this was the case in the UK

[NotSanguine]

It takes a pretty exceptional human to actually remember a useful crypto key

Not really. How hard is to remember a paragraph from your favorite novel or lyrics from a popular song. It's even better if you *mis-remember* the quote/lyrics so that you're the only one who would come up with the result even if someone tried to brute force the key by scanning all your books and listening to all your music.

Perhaps something like:
While the music played you worked by candle light, those San Francisco nights - you were the best in town, Just by chance you crossed the diamond with the pearl, you turned it on the world, that's when you turned the world around

Or maybe:
I was alone I took a ride, I didn't know what I would find there. Another road where maybe I could see another kind of mind there. ooh and I suddenly see you, ooh did I tell you I need you? Every single day of my life.

Try and brute force those keys. Using punctuation makes it even harder. And these are the first verses to well known songs. Use the third verse of an obscure song (one you don't like would be even better). The music makes it much easier to remember and just about anyone can remember songs/lyrics.

Some people just have zero imagination. Sigh!

Re:I wish this was the case in the UK

[mSparks43]

From the actual paper (worth reading if you have academic access):

Challenges can also arise when a defendant appears to be cooperative. For instance, the defendant may provide incorrect decryption details but the defense may claim that the encrypted container was damaged in some manner, which was why it would not open.

They also list several court cases where truecrypt FDE rendered the machines inaccessible many years after the fact.

Re:I wish this was the case in the UK

[MaskedSlacker]

where they'll find some kinky and embarrassing (but not illegal) stuff to keep them busy. At worst they'll think you're a secret crossdressing BDSM fetishist or whatever

I recommend BDSM furry granny porn. Just so they don't try to claim the 30-something girl in the porn is 17 and falsely charge you with child porn possession just for kicks (it's happened).

Re:I wish this was the case in the UK

I have a great little program that produces random numbers out of the random.data file.
Funny thing is, truecrypt thinks it's a partition...

Re:I wish this was the case in the UK

[mikael]

These days, the disk controller for the disk drive is logically tied to the hard disk drive platter itself, by an encryption key. If you tried swapping round the controllers to repair the disk drive, that wouldn't work as the encryption keys are different.
You wouldn't even get the disk information sector back.

Re:I wish this was the case in the UK

[Doodlesmcpooh]

But it also depends what you have on the encrypted volumes. If it's evidence of tax avoidance then it might be worth giving it up. If you have the plans to the sequel of 9/11 then it's better to do the time for withholding the key.

Re:I wish this was the case in the UK

[sunderland56]

If they leave the drive in the laptop, obviously no issue. It would solve the XKCD lead pipe problem.

If the encryption was in hardware (on the drive controller), also no issue.

*Any* solution will not get around pulling out the hard drive, swapping its controller, and running forensics - but if the key/algorithm is sufficiently strong it would take them a while. The thing is that most computer crime labs try the easy things first - so put in a booby trap at one of the easy steps.

Re:I wish this was the case in the UK

[fluffy99]

Unfortunately, it's not difficult to look at the OS for evidence that the hidden partition exists. Even if they don't realize its a truecrypt hidden volume, they might start asking for usb drives that you haven't turned over.

www.schneier.com/paper-truecrypt-dfs.pdf

Re:I wish this was the case in the UK

[theedgeofoblivious]

Or what?

They'll prosecute you for not giving them your password?

If they had enough evidence that they were able to get a search warrant to get the data on your computer, you were probably already about to be prosecuted for something pretty substantial.

If you had a choice between being prosecuted for not giving them your password or being prosecuted for whatever else you were about to be prosecuted for, I expect that in most cases you'd want to be prosecuted for not giving them your password.

The government can threaten you with an alternative prosecution, but they can never actually compel you to give up your password.

Re:I wish this was the case in the UK

[Teun]

It's about time some Brit went to the European Court of Human Rights, according to most legal opinion you don't have to incriminate yourself.

Re:I wish this was the case in the UK

[mr100percent]

In the US, you have the right to remain silent. Fifth Amendment gives you protection against self-incrimination, so supposedly if you refuse to hand over the key the court isn't supposed to assume it means you're guilty.

Of course, the Bush administration did threaten people like John Walker Lindh or the Lackawanna Six with being sent to Guantanamo indefinitely if they didn't plead guilty, so we're not exactly in great legal territory.

Re:I wish this was the case in the UK

[MagicM]

It's even better if you *mis-remember* the quote/lyrics

Who knew that kissthisguy.com would become the #1 password dictionary.

Re:I wish this was the case in the UK

[MagicM]

You sound like someone who hasn't seen this yet, but would enjoy it.

Re:I wish this was the case in the UK

[tsotha]

Cops aren't that stupid. The first thing they do when they get your drive is copy it, and all the tinkering gets done on the copy.

Re:I wish this was the case in the UK

[DamnStupidElf]

It's obviously foolish to use public text verbatim as a key. Common Crawl has a 40 TB dataset that costs approximately $150 to MapReduce on EC2. Any key that happens to be a (reasonably short, say under 1KB) substring of that data costs $150 to break. Any key within a short hamming distance of a substring in that database costs roughly 2^hamming_distance more to break; two changed bytes is only worth $600. I imagine that large organizations who care have much larger databases including the text of most published books. It's such an obvious idea and until you realize that attackers have access to all the public source data that you do it sounds like a good idea to just pick a random string from a book to use as a passphrase. Don't kid yourself; no matter how obscure or unpopular a song is there will be lyrics for it somewhere on the Internet, not to mention in published books.

You can take a published string and make it a reasonably secure passphrase by adding enough entropy to it, but you still have to remember the entropy that you've added. Why not just start with a diceware passphrase and memorize the entropy directly?

Re:I wish this was the case in the UK

[Restil]

What you need is a red herring partition that contains a lot of sensitive but not illegal information. Fill it up with a lot of documents on various radical protests or government conspiracies... the thing that paranoid lunatics would see fit to hide behind strong encryption. Hopefully the authorities will be convinced that this is the "illegal" information you were trying to hide and ignore any other possibilities.

-Restil

Re:I wish this was the case in the UK

[networkBoy]

As I understand it, the fifth amendment does not apply if you've written the key down, if it is only in your mind then you should be fine, and failing that you can forget the key.

Re:I wish this was the case in the UK

[AK+Marc]

Wrong. The idea that the encryption *algorithm* is resistant to analysis is one of the most common mistakes beginners in encryption make. Only the key makes the encryption hard to break.

So, how would the police go about decrypting my drive encrypted with a commercial program with the key of 1234? Because, from my experience dealing with police and FBI computer forensics, they'd use the same program and type in "1234" like they were a user. Perhaps the NSA would just look at the screen and no longer see the code, but see "blonde, brunette" without seeing the code, but those actually doing the work in the vast majority of cases would use the program as loaded on the disk.

You made the beginner mistake of confusing what they "could" do with what they "do" do.

With the commercial software package--because they can trust it. That means it's not worth the trouble to reverse-engineer it. With your home-brewed, booby-trapped software that they don't trust at all? They'll take the trouble,

No, they don't. They make a certified copy, then try your boobytrapped software. When that fails, they make another certified copy, and try something else. They *will*, in all cases, try your home-brewed booby-trapped software.

Re:I wish this was the case in the UK

I think you are vastly underestimating the cost to brute force a pass phrase!

You need to test every substring with an expensive process: perform the (salted, multi-round) substring->key conversion, attempt to decrypt one or more cipher blocks, and decide if the result is correct plaintext... a well-designed FDE system will not make this an easy task, and you have to repeat it an awful lot of times to brute force the passphrase.

A 40 TB corpus has approximately 4 x 10^16 substrings of less than 1K, or 4 x 10^15 if we assume strings start on word boundaries and an average word length of 10 or less. Even if you charitably assume the whole hash/decrypt/validate process can be done in 1 ms of compute time per candidate, thats 4 x 10^13 seconds (about 1M years) of compute time. Unless Amazon has drastically lowered their prices, I don't think you'll be getting that for $150...

Re:I wish this was the case in the UK

[Grishnakh]

You could also use the first stanza of the Golden Girls theme song that someone keeps posting here lately:

Thank you for being a friend
Traveled down the road and back again
Your heart is true you're a pal and a cosmonaut

Re:I wish this was the case in the UK

[Dr_Barnowl]

You and I understand it, but the popular image* is that encryption is that something that is trivially broken.

The Allies were very lucky that the state of the art was so primitive at the time of WWII, and that the digital computer had not been invented. Even then, they had to devote significant resources, manpower, and intelligence to the production line of breaking Axis encryption. The advances made then contributed significantly to later advances in Information Technology.

The image that people focus on is that that the encryption was broken. Since then, information technology has improved greatly, so the ability to break encryption must have improved greatly, yes?

They forget that breaking the encryption was a gargantuan task compared to the task of encrypting the messages themselves - the encryption was done by basic troops with a portable hand-operated clockwork lightbox, the decryption took large banks of electromechanical equipment and a fair number of geniuses.

Now many of us carry a computer that makes the combined computing power of Bletchley Park look like a toy abacus.

* I'm not talking about the _popular_, popular image, foisted on us by movies like Swordfish. Believe me, if simultaneously having a gun held to your head and receiving a blowjob improved your programming ability to the point where you could break 128-bit encryption in less than a minute, there would be a HELL of a lot of employment opportunities in the thug / fluffer department at most successful software firms.

Re:I wish this was the case in the UK

[F1re]

Don't try that in Australia. BDSM porn is illegal in Australia.

"more research?"

[TheCouchPotatoFamine]

well we [the industry] will be just happy selling encryption with the tagline: so secure - no one can break it - except your average McForensic dude with a software package you can torrent. See, secure!

Re:"more research?"

[betterunixthanunix]

well we [the industry] will be just happy selling encryption with the tagline: so secure - no one can break it - except your average McForensic dude with a software package you can torrent. See, secure!

More like the software industry wants to remain friendly with the Department of Justice, and will gladly push a DoJ-approved cryptosystem on their customers unless their customers start jumping ship. Remember the clipper chip and how a certain large telecom was prepared to play along?

Re:"more research?"

[cusco]

I work with a couple of police departments, and I'd be surprised if any of them could even crack a password, much less decrypt a volume. Sure, there are guys in the IT department that could do it, but they're not "real" police officers so they'd never be allowed to examine evidence. Apparently, at least according to the boys in blue, crimes should only be allowed to be solved by guys who carry guns. Want to see a cop's head explode? Explain to him that you support neighborhood justice groups (which they refer to as 'vigilantes') over centralized courts with expensive lawyers. Only made that mistake once, and fortunately he was transferring out of the area or I might have caused some bad feeling between the department and my employer.

Re:"more research?"

[MightyMartian]

Clearly these police departments are not familiar with using VisualBasic to make a GUI.

Re:"more research?"

[TheGratefulNet]

want to see a lawyer's head explode?

(we all do. read on...)

tell them you support jury nullification.

its almost like telling an electrical repairman that there ARE user-repairable parts inside and that that label is pure hogwash.

lawyers and judges are so smug sure that 'judging guilt' is a hard job, to be left only to those 'qualified'.

the thing is, the so-called pros have done such a bad job over the last few decades, I can't believe that even a random roll of dice would be worse for carrying out justice. perhaps that would even be an upgrade. getting 50/50 would probably BE an upgrade over what we have now.

the fact that regular people are taken out of the loop is actually a safeguard that they are bypassing.

but dare talk to a friendly lawyer about this and they'll likely bite your head off. and if you are in voire dire and dare tell anyone that you are even aware of what JN means, you are immediately dismissed as a juror. worse: if you don't let on during VD and then vote your concience, you can be jailed for contempt!

all for following a legally allowed american principle; but one that has an unspoken 'do not admit to its existence' rule about nullification.

see fija.org for more info. people should all know about this. its one of the best parts of our system, in fact!

Re:"more research?"

[Fnord666]

but dare talk to a friendly lawyer about this and they'll likely bite your head off. and if you are in voire dire and dare tell anyone that you are even aware of what JN means, you are immediately dismissed as a juror. worse: if you don't let on during VD and then vote your concience, you can be jailed for contempt!

That's why I wear a "I Support Jury Nullification!" button to jury duty. I still get to work at the normal time on those days.

Re:"more research?"

[Kjella]

The reason the legal system frowns on jury nullification is that it also gives the jury full freedom to decide based on who is on trial, what their motive was and who the victim is, not just the law or the evidence. If someone gets beat up for waving a Muhammad cartoon around, I don't want an Islamist on the jury to be able to say "serves him right for insulting the great prophet, I refuse to convict". Nor would I like a jury that can nullify rape charges because they feel the victim behaved slutty. Or as is one of historic reasons it's frowned on, when a bunch of white men refuse to convict a white man for killing a black man. Now there are some mostly victimless crimes where this may not be that important, but many crimes do have victims and it is important that justice is served. Also it would make convictions a matter of probabilistics, I don't think many would feel it is much like justice if people are convicted 70% of the time at random. Ideally you want all juries, given the same evidence, to reach the same conclusion. Nullification is anything but that.

obligatory

[dr.Flake]

http://imgs.xkcd.com/comics/security.png

Re:obligatory

[pla]

http://imgs.xkcd.com/comics/security.png

Fortunately, as bad as they've gotten, police in the US still try to maintain the facade that they count as the "good guys", at least to the extent that they don't (frequently) torture information out of people.

Trick, cajole, threaten, inconvenience, stress, discomfit, and a whole host of other verbs that come just shy of it, but not quite outright torture yet.

Re:obligatory

[fuzzyfuzzyfungus]

Why would we resort to torture when we have pain compliance?

Re:obligatory

[nerdonamotorcycle]

Came here for this, leaving satisfied.

Re:obligatory

[xaxa]

Trick, cajole, threaten, inconvenience, stress, discomfit, and a whole host of other verbs that come just shy of it, but not quite outright torture yet.

From the videos of what the US police have done this week I wouldn't be so sure.

http://boingboing.net/2011/11/18/police-pepper-spraying-arrest.html for instance.

(I would call pepper spraying someone so much they're coughing up blood 45 minutes later torture, but maybe Americans call it 'discomfort'.)

Re:obligatory

[shutdown+-p+now]

Keep in mind that there's this thing called "extraordinary rendition", where you can be a U.S. citizen detained on U.S. soil by U.S. agencies - and end up somewhere in Egypt, where the local goons are politely asked to obtain the keys from you without resorting to any illegal measures *wink wink*.

Mind you, this requires one to be designated a "suspected terrorist" today, but then all it takes is for executive to say that you're one. They likely won't bother for a pedo, but if, say, you worked on WikiLeaks, that might be a different matter.

Re:obligatory

It's not torture, it's a freedom tickle.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Giving up passwords

[earthloop]

(unless the arrestee gives up his password, which he doesn't have to do);

In the UK he does. And people have been punished for not handing it over.

Re:Giving up passwords

[bhtooefr]

Except he doesn't have to.

He can be punished for not doing it, but there's no law of physics that FORCES him to give up the password.

Hence why spies have cyanide pills and such - such that it then becomes impossible for them to even give up the password.

Re:Giving up passwords

[SuricouRaven]

Actually, we never had that one.

Re:Giving up passwords

[0123456]

Hence why spies have cyanide pills and such - such that it then becomes impossible for them to even give up the password.

My SSD is encrypted with AES in hardware. As I understand it, you only have to send one ATA command to the disk to tell it to generate a new key and thereby make the existing data unreadable to anyone.

Personally I'd prefer a 'wipe key' button on my laptop to a cyanide pill in my teeth.

Re:Giving up passwords

[fuzzyfuzzyfungus]

(unless the arrestee gives up his password, which he doesn't have to do);

In the UK he does. And people have been punished for not handing it over.

Unfortunately for everybody, really, the potential 5-year RIPA sentence for refusing to disclose a key is crazy draconian as a threat to induce Joe Public to open every Turing-complete device in his entire life to the cops(after what is, no doubt, a impeccable judicial review); but it is substantially less scary than the sentence you might get for various serious crimes that the key might be hiding, along with any incentive provided by your criminal colleagues in favor of loyalty to the organization...

Re:Giving up passwords

[s0litaire]

You can get up to 2 years i think under RIPA for not disclosing a password! the reason the kid only got 16 weeks was that he was still technically a minor.

Re:Giving up passwords

[Smallpond]

if you are 'innocent' why do you encrypt your data in the first place?

If you are innocent, why do you post as AC?

Re:Giving up passwords

[Xugumad]

Frequently intrigued how many people miss that much of the US constitution was written to provide rights people didn't have in the UK...

Re:Giving up passwords

isn't the UK part of the same EU ?

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2006:0174:FIN:EN:HTML

2.4. Privilege against self-incrimination
The presumption of innocence includes the privilege against self-incrimination which is made up of the right of silence and not to be compelled to produce inculpating evidence. The maxim nemo tenetur prodere seipsum , (“no person is to be compelled to accuse himself”) applies. The accused may refuse to answer questions and to produce evidence. The ECtHR[24] held that, although not specifically mentioned in the ECHR, the privilege against self-incrimination is a generally recognised international standard which lies “at the heart of the notion of a fair procedure”. It protects the accused against improper compulsion by the authorities, thus reducing the risk of miscarriages of justice and embodying the equality of arms principle. The prosecution must prove its case without resort to evidence obtained through coercion or oppression. Security and public order cannot justify the suppression of these rights[25].They are linked rights, any compulsion to produce incriminating evidence being an infringement of the right of silence. The State infringed an accused’s right of silence when it sought to compel him to produce bank statements to customs investigators[26]. Coercion to co-operate with the authorities in the pre-trial process may infringe the privilege against self-incrimination and jeopardise the fairness of any subsequent hearing.

Re:Giving up passwords

[automandc]

First, the quote was from the Declaration of Independence, a document that preceded the U.S. Constitution by more than a decade, was purely symbolic in nature -- which is to say, it has almost zero application in the law of the United States of America.

What both of you are trying to recall from your ancient civics classes is the Fifth Amendment (part of the Bill of Rights, passed 2 years after the Constitution), which reads (in relevant part):

No person shall be . . . compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law. . . .

Whether or not coercing someone to unlock the chest where they put their confession is the same as forcing them to incriminate themselves is a tricky and unsettled question of law that we (the Yanks) are still working on. (Whether the coercion is beating them with a $5 wrench, or putting them in prison indefinitely for "contempt", the principle is the same.)

Your meta-point is quite true, however - the creation and protection of such individual rights in conflicts with the State was the fundamental schism that led North America to diverge from the previously (fairly homogenous) Anglo/European civilization about 200 years ago. Now build some Settler[early game]/Armor units[late game] and get out there and spread the word to the rest of the map.

Re:Giving up passwords

[icebike]

My SSD is encrypted with AES in hardware. As I understand it, you only have to send one ATA command to the disk to tell it to generate a new key and thereby make the existing data unreadable to anyone.

Personally I'd prefer a 'wipe key' button on my laptop to a cyanide pill in my teeth.

Getting the oppertunity to send that one key is tricky if you are in handcuffs.

Better to have a key you hand over after a suitable number of threats which does the new key generation. You can always blame the cops for being technological cavemen and damaging your computer. He who touches it last acquires all blame.

Re:Giving up passwords

Because my photography is mine, and a stolen hard drive means anybody can freely access years of copyrighted work that's only available online with watermarks, and I make my living from selling my current photography and back library. Because my writing is similarly mine. Because I have confidential information about well over fifteen hundred clients on my HD, none of which I'd like to fall into a competitor's hands. Because I have pornography of myself and my partner on there that neither of us want anyone else to have access to.

All of which is innocent, all of which nobody but those I wish to will get access to.

Re:Giving up passwords

[tqk]

if you are 'innocent' why do you encrypt your data in the first place?

WTF are you doing on /.?!? You're obviously not getting much out of the experience. Idiot!

Re:Giving up passwords

[MaskedSlacker]

Identity theft. Laptops are quite stealable, and I have a lot of financial/confidential client data on mine.

You could retort: Well, what's wrong with Law Enforcement seeing it then?

Answer: Not much, but anything they can crack the crooks can crack better.

Re:Giving up passwords

[fluffy99]

My SSD is encrypted with AES in hardware. .

Depending on the brand, only the key is stored using AES. In many cases the actual data on the disk is encrypted with a weak encryption or even not at all. Full AES encryption of all the data would make the drive horribly slow.

Re:Giving up passwords

[budgenator]

A Canadian Law Enforcement Officer once told me about how amusing it was to be lectured about civil rights, by another Canadian who learned about his rights by watching American TV; not everyone is American, and even if you are don't bet your life or liberty on what you learned watching CSI.

Re:Giving up passwords

[JesseMcDonald]

Full AES encryption of all the data would make the drive horribly slow.

Really? Considering that full 256-bit AES encryption of all the data in software, e.g. with LUKS, is not "horribly slow", even on relatively ancient CPUs, a drive with a dedicated AES chip should be able to do the same thing while remaining reasonably performant.

Note that this does not mean that I would be surprised to hear that the designers cut corners, perhaps for cost reasons. I just don't see how it could be justified on a performance basis.

Re:Giving up passwords

[fluffy99]

Seagate published a paper to justify why they went with 128-bit AES. The bottom line is that 256-bit encryption impacted disk throughput. That said, their Momentus 7200 FDE line is just as fast as their non-encrypting line.

http://www.seagate.com/staticfiles/docs/pdf/whitepaper/tp596_128-bit_versus_256_bit.pdf

Re:Giving up passwords

[cpghost]

Full AES encryption of all the data would make the drive horribly slow.

Not at all. Maybe you're confusing AES (symmetric cipher) with asymmetric encryption methods based on Diffie-Hellman, RSA etc..., which ARE horribly slow for anything more substantial than encrypting the key for the symmetric cipher. AES itself is pretty fast, actually.

I have my disk (at least partially) encrypted

[tiffany352]

My /home partition is encrypted with a 27 character password. I've felt like it's not enough for a while enough, but apparently the police are a lot clumsier than I give them credit for. (I'm not a criminal or anything, it's just that I'm paranoid.) (If anyone knows of a utility that will clear my RAM on shutdown, I'd appreciate it...)

Re:I have my disk (at least partially) encrypted

[sydneyfong]

I'd gladly sell you a $100000 placebo utility to clear your RAM on shutdown....

Re:I have my disk (at least partially) encrypted

[tiffany352]

I forgot where, but I had heard DDR3 RAM will last over an hour and still retain 99% of its data (although it'll be completely inverted after a certain time). I suspected something similar for DDR2 (which I have).

Re:I have my disk (at least partially) encrypted

[s0litaire]

RAM can hold a copy of the last data held for a good 5 seconds if warm and up to +20mins of frozen,
so it could be chilled/frozen using compressed air, removed and placed into a reader that dumps the ram memory to disk.

Re:I have my disk (at least partially) encrypted

[RoFLKOPTr]

I forgot where, but I had heard DDR3 RAM will last over an hour and still retain 99% of its data (although it'll be completely inverted after a certain time). I suspected something similar for DDR2 (which I have).

Whoever told you that was completely incorrect. DRAM capacitors discharge fully within one second of power loss.

Re:I have my disk (at least partially) encrypted

[tiffany352]

Oh, this seems interesting. Stuff your computer with semtex and booby trap the case. :D Although, upgrades would be a major pain. :P

Re:I have my disk (at least partially) encrypted

[MaskedSlacker]

Although, upgrades would be a major pain.

I don't think you'd feel anything at all, actually.

Anti-FUD

[spudnic]

So how are we to know that this isn't anti-FUD?

"Yes, Citizen, your full disk encryption is just too much for us to crack. I guess you're in the clear."

Re:Anti-FUD

[betterunixthanunix]

That is not how the police in America work. When they cannot crack a cryptosystem, they try to get it outlawed or prevent it from becoming mainstream, and then push for a system with a backdoor. When they manage to crack a system e.g. the Hushmail attack, they parade it around and declare that no matter what anyone does the police will be able to defeat it.

If this sounds like Doublethink to you, perhaps you should take a look around and reconsider your views on whether it was Orwell or Huxley who was correct.

So what? Even our goons can do it.

The encryption might be practically unbreakable but that doesn't help a lot. Around here police just break into homes to install hardware or software keyloggers. Sure, that may not be exactly legal for them to do, but they don't care because they know nothing will happen to them.

Re:So what? Even our goons can do it.

[SJ2000]

One of the most common methods LE use to bypass full disk encryption is social engineering a user/administrator to run malware on the system while it's running. Full Disk Encryption doesn't make your system magically invulnerable to malware.

Got a better idea

[Zandamesh]

Encrypt the ram as well :p

kind of the point

[Surt]

I mean ... what's the point of encryption that your foes, police or otherwise, can bypass?

Re:xkcd "comics" are never obligatory.

Wow. Did a stick figure run over your dog or something?

REFRIGERATED crustacean pix?

You are in violation of the laws forbidding the manufacture, sale and possession of chilled prawnography.

Re:REFRIGERATED crustacean pix?

[ColdWetDog]

You are in violation of the laws forbidding the manufacture, sale and possession of chilled prawnography.

A good strong shell ought to keep him out of trouble. Don't Bash it if you've not tried it.

Re:REFRIGERATED crustacean pix?

[neokushan]

How long have you been waiting to use that one?

Re:REFRIGERATED crustacean pix?

[MarkRose]

That was a bad pun... tsch tsch.

Re:REFRIGERATED crustacean pix?

[chromas]

Judging by his name, I'd say he's been out there a while.

Re:REFRIGERATED crustacean pix?

[einhverfr]

Indeed, a c shell might be more available in this case.

Re:REFRIGERATED crustacean pix?

[Nethead]

Surely you meant: tcsh tcsh.

Deniable encryption only works in theory

[betterunixthanunix]

In practice, the headaches that would ensue from widespread use of deniable encryption would cause one of two outcomes:

1. Police would stop asking for secret keys, or only ask for a short period of time, because they would have no way of knowing whether or not they have the true secret.
2. The system would be outlawed.

Countries that respect and protect a right to free speech would not outlaw such a system, but unfortunately such countries are few and far between. Deniable encryption encryption works in theory, but in practice the existence of non-deniable encryption makes it hard for people to claim that they are innocent users of a deniable encryption system. While there are innocent uses of such a system (perhaps your business secrets are so valuable that being tortured for them is not beyond the realm of possibility) they are few and far between; deniable encryption is tool for protecting your data from a government, and for all their talk about China and Iran, most western governments are not interested in having citizens who can secure their communications and data from police investigations.

Re:Deniable encryption only works in theory

[izomiac]

I figured that plausible deniability applies both ways. You deny that you have any more hidden volumes, they deny that you've given them all relevant passwords. In the UK that means running afoul of that law. In less kind parts of the world (or society) that means you will be tortured until you give up the "real" password, repeated ad infinitum as there's no way to determine the number of hidden volumes. Sucks to be you if what they're looking for doesn't exist, there's no way for you to prove that and break the cycle.

IMHO, plausibly deniability is for reasonable and less motivated opponents (e.g. some family members). If you're worried about a less savory type, you need to visibly destroy the data. E.g., put it on RAM disks that will shut down if someone opens your closet door and doesn't type the correct code in 30 seconds. You'll be charged with destruction of evidence in a courtroom, and presumed guilty elsewhere, but it's a calculated risk. Wiping the header that is used to convert your password into the actual crypto key is another possibility that potentially allows for later recovery, but your opponent may assume that as well.

Re:Deniable encryption only works in theory

[betterunixthanunix]

Except that like deniable encryption, steganography may simply be outlawed and the existence of steganography software on your computer could become a crime in itself. As with deniable encryption, when the police see that you have steganography software on your computer, they may simply question / torture you until you tell them where the data is hidden. Steganography is somewhat better than deniable encryption because the cover traffic can be designed to not arouse any suspicions, but if you are already at the point of being questioned by the police it does not help much.

Re:Deniable encryption only works in theory

[Hentes]

Steganography software does not need to be on your computer, it can be on a web service. Also, encryption itself is not outlawed in most places (this would make everyone a criminal who visits a https site for example), you just have to hand over the password if asked. Now hidden drives can be found by scanning the hard drive, but steganography can't.

Re:Deniable encryption only works in theory

[betterunixthanunix]

Steganography software does not need to be on your computer, it can be on a web service

...which fails for disc encryption for obvious reasons.

That aside, if the web service is illegal, you have the same problem as before: you need to somehow connect to an illegal website without getting caught by the police. Tor does a reasonable job at this, but a country that makes steganography illegal would certainly make Tor illegal as well. Tor does a good job of disguising itself as a typical TLS connection, but it is nowhere near good enough -- on several occasions nations have been able to block all Tor traffic by distinguishing that traffic from a standard TLS connection. The existence of Tor on your computer may also be incriminating in some places.

Now hidden drives can be found by scanning the hard drive, but steganography can't.

Actually, a strong deniable encryption system will not reveal whether or not the ciphertext can be decrypted to additional messages. The problem is not that the police can scan a drive and detect a hidden partition, it is that they can simply see that your bootloader supports a deniable WDE system. Steganography does not help here either: the police will turn on your computer and see that you have a bootloader that supports steganography.

Re:Deniable encryption only works in theory

[Chris+Mattern]

there's no way to determine the number of hidden volumes.

Am I missing something here? The physical disk has a known, fixed size. When the size of all the volumes you have discovered (including their free space) add up to the size of the physical disk, you've found everything.

Re:Deniable encryption only works in theory

[networkBoy]

the outer volume, when mounted in "unsafe" mode uses the entire disk partition, thus there are three ways to log into a TC volume with a hidden partition:

Into hidden volume, with hidden password: see hidden volume, outer volume as unavailable.
into outer volume, with both outer and hidden password: outer volume mounts, hidden volume shows as unavailable.
into outer volume, with outer password only: outer volume mounts entire space as one volume, all space available, contents of hidden volume may be overwritten, but all space appears consumed.

in practice to make the outer volume look valid you should place sensitive info there:
tax returns for clients if you are a CPA (while the cooked books are on the hidden volume).
"normal" porn if you are a married person (while the CP is on the hidden volume).
company confidential design docs if you are an engineer (while the hidden volume contains competitor trade secret info).
etc.
The point being that you should make the outer volume both useful and not small so that it will have data churn.

Also, to defeat casual perusal of your filesystem by random people who may access your computer I am fond of storing my truecrypt volumes as alternate data streams/metadata to normal files. I have a 500 gig drive with a single mp3 on it that is only 3 min long, yet the disk is full :)
-nB

Re:Deniable encryption only works in theory

[plover]

That only shows you a particular file probably contains a truecrypt volume. The magic of truecrypt is that the unused bytes of the partition are either random data or not.

Say you have a 10GB truecrypt file. If you use the right password, you mount a new partition, and it shows 6GB of files on a 10GB volume. What's in the other 4GB? Is it another encrypted truecrypt filesystem? Is it random data? Don't know, can't tell.

Let's say you have a second truecrypt volume in the random data, with a second super-secret password. Type in the right password, and your 4GB volume appears with 3GB of super secret data. What's in the last 1GB? Don't know, can't tell.

As a suspect being investigated, even if they beat you with rubber hoses, you can tell them there's no more data hidden in the 1GB of free space, that there's not a third volume. But you can't prove it to them.

Of course, this comes with a price. If you are working in the 6GB volume and add more data, it overwrites some of the random data in the remaining 4GB. Did it overwrite your super secret 3GB volume? Well, where else is it going to go? You only find out after entering the super secret password and seeing if your 3GB volume is intact. Truecrypt itself doesn't know if you're using the random data.

That's what's meant by deniable encryption.

Re:Deniable encryption only works in theory

[Linsaran]

Essentially the way true crypt handles hidden volumes is thus. It creates a container volume, of a size you specify. Using a key you specify. When you input that key you open that container volume, and you can fill it up with whatever you want, lolcats, prawnography whatever. You set the size of your container volume, let's say for example at 20gb

Now you also create a 'hidden volume' inside that container. The hidden volume is designed to occupy the free space in the volume and it is obviously created to be smaller than the container volume. For our example, we'll say the hidden volume is 15gb.

The hidden volume uses a different encryption key. There's no way since the container is already encrypted (causing all the free space to essentially look like random garbage) to tell that there's a hidden volume contained within the free space of the volume, unless you know the key to decrypt it.

I'm over simplifying it a bit but that's the jist of how a hidden container works. And since we know that the hidden volume is 15gb, that leaves us 5 gb on the container volume to fill up with stuff you want people to think you care about keeping secret but don't really. The container file will report that it has 20gb total storage space to the system and anyone looking at it, but you'll actually only have 5gb of space to work with because if you put more than that in you'll corrupt your hidden volume by overwriting the 'free space' at the end of the container.

Re:Deniable encryption only works in theory

[jbolden]

I get that. The whole point plausibly deniable encryption is that you can deny having encrypted data. The encrypted data is hidden in something else or hidden in some way. There will be no evidence of using deniable encryption.

Re:Deniable encryption only works in theory

[Lennie]

I've seen a demonstration on TV, where the authorities attach a device to the computer which keeps the screensaver/login from appearing (and locking the console with a password) and attaching a UPS and moving the power for the machine from the wall socket to the UPS without powering it down.

Depending on loss-of-power to wipe your data is probably not such a great idea.

Maybe 30 seconds is enough.

Although I've also heared it is sometimes possible to recover parts of the memory after a cold restart.

Not so simple

[betterunixthanunix]

As I understand the case law (IANAL), the following has been held by the courts:

1. A defendant who consented to a search of his computer can be compelled to give up his password later even if he does not consent to another search. This is In re Boucher, and it is worth noting that in this situation a deniable encryption system like Truecrypt would not have helped at all.
2. In cases where a defendant's knowledge of a passphrase can be used as evidence that the defendant was in control of a computer that was used to commit crimes, the 5th amendment does apply.
3. In cases where a defendant did not consent to any searches, the defendant cannot be forced to disclose a secret key. This is considered to be equivalent to compelling a defendant to produce incriminating documents, which the Supreme Court found was a violation of 5th amendment rights.

Perhaps a real lawyer should chime in here.

Here's a clue LEO guys...

[bmo]

While I currently do not run full disk encryption on my laptop and I have never done anything to warrant arrest, I have thought about full disk encryption. Especially in these days of a growing police state, it is not my job to make your job easier. If the news stories keep going the way they are, I suspect that within the year, I will simply migrate over with strong encryption and that will be that.

Because I do not like the increasingly adversarial and militarized role the police have been taking. I'm sure I'm not alone. While I do not wear tinfoil, the news events of late give me pause.

--
BMO - shiny side out.

Re:Here's a clue LEO guys...

[einhverfr]

In a real police state, a right against self-incrimination can be claimed through the use of cyanide capsules.

Re:Here's a clue LEO guys...

[CodeBuster]

Indeed. Always remember what Cardinal Richelieu said,

"Give me six lines written by the most honorable of men, and I will find an excuse in them to hang him."

The powerful have always arranged the laws so that troublesome people can be easily suppressed at will. It's basic government 101; control the population through fear of arbitrary arrest and proscription. Don't fool yourself into thinking that this practice doesn't continue into the present day in "free" nations.

I've got a solution!

[PopeRatzo]

Use biometrics instead of a password.

Your system unlocks via your foreign friend's iris, which you get via his smartphone's camera.

Now, when the police want to get access to your computer, they have to try to extradite your friend. You can't give them a password because there is no password. The only way to unlock your system is if your friend puts his eye up to his smartphone's camera and you put your smartphone up to your computer's iris scanner. They'd have to figure out a way to compel your friend, who lives in a country that may not have extradition treaty with your particular tyrannical hellhole.

Yeah, I know it's inconvenient, but it would be worth it to frustrate the monsters who have seized power.

Of course, by that point they'd probably just use rendition to send you someplace where you'll be tortured, just for making them have to work for a living. US or UK, I don't think there's any line they won't cross. Not any more. There's no longer a pretense to anything like personal rights. Unless your name ends in "Inc." you just don't have rights any more.

Re:I've got a solution!

[odd42]

Use biometrics instead of a password.

The only way to unlock your system is if your friend puts his eye up to his smartphone's camera and you put your smartphone up to your computer's iris scanner.

Then they would only need a picture of his eye themselves. 20 ways to get that outside of extradition.

Well, there is something to be said for key escrow

[davidwr]

But only when the keyholders are on the same team as you are AND where neither you anyone you care about will never be hurt by them having access to your data.

A common example:

Corporate data encrypted on company-owned computers used by honest employees.

Key escrow protects the company in case the employee gets hit by a car.

Key escrow in this case may be nothing more than the user's passwords written down on a piece of paper locked in a safe in the HR office.

When it comes to governments, which may by definition turn evil in the future if they are not currently evil, the "AND where neither you anyone you care about will never be hurt by them having access to your data" part of the test always fails. Therefore, this argument supporting key escrow in certain situations does not apply when the government may gain access to the keys.

It also doesn't apply when it comes to dishonest employees or employers either.

Full report is available

[cohomology]

For the full report, Google
filetype:pdf "The growing impact of full disk encryption on digital forensics"

Re:Well, there is something to be said for key esc

[0123456]

Key escrow protects the company in case the employee gets hit by a car.

If your company is reliant on files on a random employee's computer rather than hosted on a fault-tolerant server that's regularly backed up, you're probably fscked anyway.

The Fifth works here?

[140Mandak262Jamuna]

I wonder if the defendant can legally refuse to give the password. On one hand, there is a law against self-incrimination. But on the other hand during discovery the plaintiff subpoenas documents, even if they are inside a safe to be revealed. Are there any precedences for this in US courts?

Re:It depends on who your adversary is

[couchslug]

"If you attract the interest of a sophisticated enough adversary, the FBI or NSA for instance, you're probably toast."

The FBI and NSA are our friends, so consider the following instructions to be for use in Syria and Iran.

The only reason to hide stuff from the government is if you are "doing something they don't like" which they will incarcerate or kill you for.

If you are a serious person, you are willing to use violence because anything less is being a poser. After you take out the arresting Baathists/Jihadists with a worn IED, ensure your data is also a nice gift.

Want your data destroyed along with the asshole trying to take it?
A 3.5" drive case has enough room for a reasonable amount of gunpowder or other explosive along with an e-match (easy to make) or other initiator. Put a flash drive inside the 3.5" case to store your encrypted info, and use the rest of the space appropriately. I'll leave any interface connectors up to you, but save the power Molex for the e-match/detonator. With any luck your Secret Police tech will dead, blind and/or be typing with stubs, and since you were doomed anyway you at least damaged their ability to mess with the next guy.

Re:xkcd "comics" are never obligatory.

Wow. Did a stick figure run over your dog or something?

No, his girlfriend left him for a stick figure. She wanted to try a bigger penis.

I always thought you could do one better

[DavidTC]

Encrypted drives do not, obviously, use the password to decode the files. They use the password to decode a key and use that to encode the files.

So I always thought it would be interested to have a computer that, on startup, wipes that part of the disk with 0s, sticking a copy somewhere else on the drive. (Which is not a security risk, because the other parts of the drives are, obviously, encrypted with that key, and you can't open box with a box cutter inside it.)

And during safe shutdown, it puts it back. Or have a program you have to run to put it back, then shutdown.

For safety purposes, you give a copy of the key to someone else for safekeeping. Bonus points if they're out of the country.

Then you leave your computer on, and the screen locked, at all times. Bonus points if you rig it to an alarm where if someone breaks in, it cuts the power. (Also have it do the same if someone inserts firewire or USB while the screen is locked.)

Now it doesn't matter how much you're ordered to comply with the police. They come in, cut the power to your computer, make a disk image...and you'll tell them the damn password all they want, but you are rather at a loss as to how they think that will work, considering the part of the drive with the key stored is has apparently been filled with 0s. (You'll need a lawyer able to explain that what they are asking cannot work.)

Now, like I said, you can lie and pretend you don't know what's going on...or you can wait until they get a court order to have you decrypt, and then tell them what's going on. By which point your friend has hopefully already destroyed the key.

And the joke is, even if you explain everything that happened, this is entirely legal. You have not destroyed any evidence, because the key was already missing from the unencrypted part of the drive when the warrant showed up. (Unlike some of the automated 'destroy data' traps that people try to come up with.) And you have cooperated fully, you literally cannot get to the data. And your friend didn't destroy evidence, because the search warrant was for your stuff, he can delete of his own files he wants until he is told otherwise.

Re:I always thought you could do one better

[blueg3]

If your computer crashes, then your disk is ruined. You'd need to supply the backup key. If the backup key is even vaguely easy to access, then that's how they'll crack your disk regardless, because obtaining the copy of the backup key is almost certainly easier than cracking your password.

Re:I always thought you could do one better

[David+Jao]

Now it doesn't matter how much you're ordered to comply with the police. They come in, cut the power to your computer...

When law enforcement officers confiscate a computer, they usually (in the US at least) try to transport the computer without powering it down. Standard procedure is to plug a portable generator into the wall outlet powering the computer, unscrew the outlet, and take the whole apparatus (including wall outlet, generator, and computer) to the forensics lab, without interrupting power to the computer. If all the jacks in an outlet are in use, they will unscrew the wall outlet and splice the generator's power cables into the outlet.

The article and summary do mention situations where computers are powered down for transportation. These are exceptions. They are not the norm.

Ultimate in planted evidence...

[barfy]

You want to do someone in, and have access to their computer, a USB program that creates an encrypted partition would be enough to do one in. Proving one's innocence would probably be near impossible.

Minor issues

[currently_awake]

what about: power failure, UPS failure, hardware failure. Losing all your data sucks. This method would block keyloggers though, if they didn't know. Except modern drive recovery can restore the blanked out sector.

Re:Minor issues

[DavidTC]

Except modern drive recovery can restore the blanked out sector.

Uh, no.

It has never, despite it being 'common wisdom', been possible to recover overwritten sectors on a hard drive.

No one has ever demonstrated it in the entire history of hard drives.

It was a theoretical attack a long time ago, on pre-IDE 'MFM' hard drives.But we moved off that sort of drive in 1986.

And even then, it didn't work. It was a theory that said with a very poorly build hard drive, it might be possible to recover some data. Like I said, no one's ever actually shown this.

And with IDE, we moved to RLL encoding which means, statistically, you couldn't get anything. With an MFM encoded drives, if you got 50% of the data with 50% accuracy, you had 25% of the data and might possibly come up with something, although, like I said, no one ever has managed this.

But with RLL encoded drives, if you got 50% of the data with 50% accuracy, you have nothing. It is not really possible to get a partial byte.

No that anyone has ever demonstrated reading anything from a ' The idea that you need to do anything more than overwrite a sector to make it unreadable is one of those zombie lies that simply cannot die.

The only way to recover a lost sector is if it was going bad at some point, so the hard drive made a copy of it and remapped that sector to the copy. Which means the original might still be there. (OTOH, the original was going bad, so who knows if it's still readable.) The odds of this happening are astronomical.

Re:Not impossible, not even hard

[0123456]

Within 10-20 years after that any conventional (e.g. what most PCs today are capable of) encryption other than one-time-pads or the like will be breakable.

Uh, no. Quantum computers can brute-force conventional encryption in about the square root of the time taken by a conventional computer. Doubling the key size is much easier than building a quantum computer of a usable capability.

This is precisely why AES has a 256-bit key option when conventional computers could never break a 128-bit key anyway. AES256 is about as difficult to brute-force with a quantum computer as AES128 is with a conventional computer.

More research?

[cheekyjohnson]

"Research is needed to develop new techniques and technology for breaking or bypassing full disk encryption."

And, if they somehow manage that, research will be needed to develop new techniques and technology for creating even stronger encryption.

Re:More research?

FDE actually is more of a benefit for police and LEOs than it causes them problems.

Lets view two realistic worse-case scenarios (with FDE being breakable versus not), removing the ticking time-bomb scenario from the equation for now:

1: A prosecutor has to let a hardened child molestor go free, because of how good FDE is.

2: A list of police informant contacts on a stolen machine gets stolen, the fence who finds the laptop is able to decrypt it. Next thing the local police know, all their good contacts now have extra sunlights in their craniums forcibly installed, as well as a good chunk of their family members.

If given a balance, LEOs, companies, and government benefit far more from FDE than they would lose. They have *far* more to lose in secrets than to gain in prosecuting the one diaper sniper they get with a backdoor.

Oh... putting in backdoors in FDE algorithms is expert footshooting -- just like Clipper/Skipjack, the bad guys WILL find them, and will use those to wreak large amounts of havoc.

Of course, when the bad guys know that FDE is backdoored, there is one other method they can go to -- storing data remotely and just using their machine as a client, say with a Citrix terminal server. Come a bust, the laptop is clean, the virtual desktop is clean, and there is no evidence of where anything is.

In fact, I worked at a company this paranoid ages ago. All their PCs booted from CD-ROMs, and they remoted into a terminal server via their VPN in another country for all their work.

So, the bad guys can easily just move their data to countries hostile to the US, add some type of system with a duress capability so if they type in a slighly different password, the remote site deletes data, or just blocks access, and there is nothing that can be done.

and what if it's not all allocated?

[Chirs]

I have a disk with unpartitioned free space on it. It could very easily hold encrypted data and there's no way for me to prove that it doesn't.

Biometrics is for identification, not for auth...

[gr8dude]

This won't work. Each time a scanner reads the biometric data of a person (fingerprint, iris, etc) - you always get different data. This is caused by varying factors such as lighting, temperature, angle at which the eye or finger faces the scanner, and so on.

If you use the raw biometric data as an AES key - you will simply not be able to generate the same key again.

The data obtained from a biometric scanner are processed and compared with a known template (obtained when the person was enrolled into the system), the result is a number - the probability that the templates are identical. This is good enough for some purposes, but this is not suitable for data encryption: in the case of AES-256, you need 256 bits for the key and 256 bits for the IV (initialization vector). Flip a bit and kiss your data goodbye!

Biometrics can be an additional security factor - scan the iris, if there's a 95% match, go to the next phase. Typically, the next phase is to enter a password, which is used to decrypt the actual* encryption key. One can reverse engineer the system and make it bypass biometrics (jump directly to "next phase") - but no one can obtain the decryption key. No one, because that requires information not contained within the system itself.

If you rely exclusively on biometrics, it means that as soon as you perform the scan, if the templates match - you read the actual key from a database or some other location. In this case, the police can simply get access to the database and extract the key.

The thing to remember - biometrics: good for identification, not good for authentication.

* this key is randomly generated, to ensure it will be secure. A reasonable system will not encrypt the data directly with a person's password, because such passwords don't contain enough entropy. So, there is a distinction between "password" and "encryption key".