Slashdot Mirror

← Back to Stories (view on slashdot.org)

Full Disk Encryption Hard For Law Enforcement To Crack

Posted by timothy on from the you-say-problem-I-say-potato dept.

If you'd rather keep your data private, take heart: disk encryption is a lot harder to break than techno-thriller movies and TV shows make it out to be, to the chagrin of some branches of law enforcement. MrSeb writes with word of a paper titled "The growing impact of full disk encryption on digital forensics" [abstract here to paywalled article] that illustrates just how difficult it is. According to the paper, co-authored by a member of US-CERT, "[T]here are three main problems with full disk encryption (FDE): First, evidence-gathering goons can turn off the computer (for transportation) without realizing it's encrypted, and thus can't get back at the data (unless the arrestee gives up his password, which he doesn't have to do); second, if the analysis team doesn't know that the disk is encrypted, it can waste hours trying to read something that's ultimately unreadable; and finally, in the case of hardware-level disk encryption, tampering with the device can trigger self-destruction of the data. The paper does go on to suggest some ways to ameliorate these issues, but ultimately the researchers aren't hopeful: 'Research is needed to develop new techniques and technology for breaking or bypassing full disk encryption.'"

50 of 575 comments (clear)

  1. I wish this was the case in the UK by Anonymous Coward · · Score: 5, Informative

    I wish this was the case in the UK, any encryption keys have to be handed over when asked by the police or .Gov

    1. Re:I wish this was the case in the UK by 0100010001010011 · · Score: 4, Informative

      So use TrueCrypt and a hidden volume. Give them the keys to your outer volume. It mounts and they can browse your collection of Lolcats. Let them prove that's not what they were looking for.

    2. Re:I wish this was the case in the UK by Anonymous Coward · · Score: 5, Insightful

      If they know it's a truecrypt drive, they probably would suspect that there's another partition so will try and charge you anyway for withholding.

      So basically they make your life hell for a year till charges are dropped and would use any little excuse to question & detain you.

    3. Re:I wish this was the case in the UK by durrr · · Score: 5, Insightful

      I haven't bothered with hidden partitions, yet. Does it mean I'm subject to legal punishment for not using this feature and thus lacking a password to give to law enforcement so they can take part of my extensive collection of crustacean pornography?

      And if that, then what happens when truecrypt suddenly accepts multiple hidden partitions or other more complex schemes? Everyone goes to jail because lawmakers somehow ascended beyond full retard?

    4. Re:I wish this was the case in the UK by fuzzyfuzzyfungus · · Score: 5, Insightful

      It may not help the poor bastard being asked for them; but, depending on the implementation, delivering the keys may simply not be possible.

      It takes a pretty exceptional human to actually remember a useful crypto key, so most systems store the key for you and depend on a password, passphrase, and/or some sort of hardware device to grant access to the key. If the system that actually stores the crypto key is designed to resist tampering, there are a reasonable number of initial attempts at forensics that might trip tamper detection and cause the key to be wiped, irrevocably.

      Your classier cryptographic coprocessor modules offer such tamper resistance, and the enthusiasm of DRM peddlers and corporate customers who have backups; but really, really, hate data-breach stories will likely continue to push it further down into cheaper and more common business desktops and laptops.

      (Even the TPMs of today may be pretty tricky to subvert without pissing them off, though I don't think that they are required to adhere to the same anti-tamper standards as the more serious hardware security modules).

    5. Re:I wish this was the case in the UK by sunderland56 · · Score: 5, Funny
      We need an encryption package that has *two* passwords:
      • One normal one that decrypts as usual;
      • A second one that formats the disk and installs a standard version of Windows

      You use password #1, but if arrested you give up password #2.

    6. Re:I wish this was the case in the UK by sco08y · · Score: 4, Insightful

      We need an encryption package that has *two* passwords:

      • One normal one that decrypts as usual;
      • A second one that formats the disk and installs a standard version of Windows

      You use password #1, but if arrested you give up password #2.

      That's brilliant, but how do you get the police to use this software? Especially after they've pulled the drive out and plugged it into their forensics kit?

    7. Re:I wish this was the case in the UK by Dogbertius · · Score: 5, Insightful

      Sadly, the notion of "plausible deniability" works both ways. If they (ie: the authorities) are aware it is a TrueCrypt volume, they can just demand you hand over the passwords for the inner and outer volumes. If you provide just one key (ie: the password for the outer volume that contains junk you don't care about), and you are in a country that demonstrates little to no respect for civil rights, they could very well jail you, even if you aren't using a hidden volume.

      Secondly, the authorities demanding you hand over the key (strangely enough) isn't covered under fifth amendment rights, so again, they can demand you hand over the keys, or you could be jailed almost indefinitely.

      Finally, there are some interesting articles by Bruce Schneier on alternate means of incrimination. www.schneier.com/paper-truecrypt-dfs.pdf

      In short, there are many ways to give a judge the idea that the use of a hidden volume is likely (ie: check path histories for previously opened files, check temp folders, etc). Not only would these indicate the possibility of a hidden volume, but some files that were meant to be encrypted may be 100% available (eg: Microsoft Word makes temporary backups of files in your %APPDATA% folders in case it crashes and you want to recover your work; as one example). Unless one is very diligent and knows what he/she is doing with respect to encrypting data, it would seem the only safe method is to encrypt the entire disk and boot off of it exclusively, all while keeping the machine itself disconnected from the internet to avoid hacking attempts, and locked in massive safe so the authorities don't install a keylogger (application or physical device) or start taking snapshots of your disk daily to aid in cracking the password.

      You may be able to secure your data, but with multiple means of data accidentally being leaked due to the OS or various applications used in day-to-day life, along with unscrupulous policing agencies allowed to overrule fundamental civil rights, it is likely that one will ultimately lose their data and/or freedom either way.

    8. Re:I wish this was the case in the UK by NotSanguine · · Score: 5, Interesting

      It takes a pretty exceptional human to actually remember a useful crypto key

      Not really. How hard is to remember a paragraph from your favorite novel or lyrics from a popular song. It's even better if you *mis-remember* the quote/lyrics so that you're the only one who would come up with the result even if someone tried to brute force the key by scanning all your books and listening to all your music.

      Perhaps something like:
      While the music played you worked by candle light, those San Francisco nights - you were the best in town, Just by chance you crossed the diamond with the pearl, you turned it on the world, that's when you turned the world around

      Or maybe:
      I was alone I took a ride, I didn't know what I would find there. Another road where maybe I could see another kind of mind there. ooh and I suddenly see you, ooh did I tell you I need you? Every single day of my life.

      Try and brute force those keys. Using punctuation makes it even harder. And these are the first verses to well known songs. Use the third verse of an obscure song (one you don't like would be even better). The music makes it much easier to remember and just about anyone can remember songs/lyrics.

      Some people just have zero imagination. Sigh!

      --
      No, no, you're not thinking; you're just being logical. --Niels Bohr
    9. Re:I wish this was the case in the UK by mSparks43 · · Score: 5, Informative

      From the actual paper (worth reading if you have academic access):

      Challenges can also arise when a defendant appears to be cooperative. For instance, the defendant may provide incorrect decryption details but the defense may claim that the encrypted container was damaged in some manner, which was why it would not open.

      They also list several court cases where truecrypt FDE rendered the machines inaccessible many years after the fact.

    10. Re:I wish this was the case in the UK by MaskedSlacker · · Score: 4, Insightful

      where they'll find some kinky and embarrassing (but not illegal) stuff to keep them busy. At worst they'll think you're a secret crossdressing BDSM fetishist or whatever

      I recommend BDSM furry granny porn. Just so they don't try to claim the 30-something girl in the porn is 17 and falsely charge you with child porn possession just for kicks (it's happened).

    11. Re:I wish this was the case in the UK by Anonymous Coward · · Score: 4, Insightful

      I have a great little program that produces random numbers out of the random.data file.
      Funny thing is, truecrypt thinks it's a partition...

    12. Re:I wish this was the case in the UK by mikael · · Score: 4, Insightful

      These days, the disk controller for the disk drive is logically tied to the hard disk drive platter itself, by an encryption key. If you tried swapping round the controllers to repair the disk drive, that wouldn't work as the encryption keys are different.
      You wouldn't even get the disk information sector back.

      --
      Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
    13. Re:I wish this was the case in the UK by fluffy99 · · Score: 4, Interesting

      Unfortunately, it's not difficult to look at the OS for evidence that the hidden partition exists. Even if they don't realize its a truecrypt hidden volume, they might start asking for usb drives that you haven't turned over.

      www.schneier.com/paper-truecrypt-dfs.pdf

    14. Re:I wish this was the case in the UK by theedgeofoblivious · · Score: 5, Insightful

      Or what?

      They'll prosecute you for not giving them your password?

      If they had enough evidence that they were able to get a search warrant to get the data on your computer, you were probably already about to be prosecuted for something pretty substantial.

      If you had a choice between being prosecuted for not giving them your password or being prosecuted for whatever else you were about to be prosecuted for, I expect that in most cases you'd want to be prosecuted for not giving them your password.

      The government can threaten you with an alternative prosecution, but they can never actually compel you to give up your password.

    15. Re:I wish this was the case in the UK by MagicM · · Score: 5, Informative

      You sound like someone who hasn't seen this yet, but would enjoy it.

    16. Re:I wish this was the case in the UK by DamnStupidElf · · Score: 5, Informative

      It's obviously foolish to use public text verbatim as a key. Common Crawl has a 40 TB dataset that costs approximately $150 to MapReduce on EC2. Any key that happens to be a (reasonably short, say under 1KB) substring of that data costs $150 to break. Any key within a short hamming distance of a substring in that database costs roughly 2^hamming_distance more to break; two changed bytes is only worth $600. I imagine that large organizations who care have much larger databases including the text of most published books. It's such an obvious idea and until you realize that attackers have access to all the public source data that you do it sounds like a good idea to just pick a random string from a book to use as a passphrase. Don't kid yourself; no matter how obscure or unpopular a song is there will be lyrics for it somewhere on the Internet, not to mention in published books.

      You can take a published string and make it a reasonably secure passphrase by adding enough entropy to it, but you still have to remember the entropy that you've added. Why not just start with a diceware passphrase and memorize the entropy directly?

  2. "more research?" by TheCouchPotatoFamine · · Score: 4, Funny

    well we [the industry] will be just happy selling encryption with the tagline: so secure - no one can break it - except your average McForensic dude with a software package you can torrent. See, secure!

    --
    CS majors know the time/space tradeoff, but they never get taught the 3rd, crucial, tradeoff of the set: comprehension!
    1. Re:"more research?" by MightyMartian · · Score: 4, Funny

      Clearly these police departments are not familiar with using VisualBasic to make a GUI.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    2. Re:"more research?" by TheGratefulNet · · Score: 5, Informative

      want to see a lawyer's head explode?

      (we all do. read on...)

      tell them you support jury nullification.

      its almost like telling an electrical repairman that there ARE user-repairable parts inside and that that label is pure hogwash.

      lawyers and judges are so smug sure that 'judging guilt' is a hard job, to be left only to those 'qualified'.

      the thing is, the so-called pros have done such a bad job over the last few decades, I can't believe that even a random roll of dice would be worse for carrying out justice. perhaps that would even be an upgrade. getting 50/50 would probably BE an upgrade over what we have now.

      the fact that regular people are taken out of the loop is actually a safeguard that they are bypassing.

      but dare talk to a friendly lawyer about this and they'll likely bite your head off. and if you are in voire dire and dare tell anyone that you are even aware of what JN means, you are immediately dismissed as a juror. worse: if you don't let on during VD and then vote your concience, you can be jailed for contempt!

      all for following a legally allowed american principle; but one that has an unspoken 'do not admit to its existence' rule about nullification.

      see fija.org for more info. people should all know about this. its one of the best parts of our system, in fact!

      --

      --
      "It is now safe to switch off your computer."
  3. obligatory by dr.Flake · · Score: 4, Funny

    http://imgs.xkcd.com/comics/security.png

    --
    Why are other peoples sig's always more witty ???
    1. Re:obligatory by fuzzyfuzzyfungus · · Score: 4, Insightful

      Why would we resort to torture when we have pain compliance?

    2. Re:obligatory by xaxa · · Score: 5, Insightful

      Trick, cajole, threaten, inconvenience, stress, discomfit, and a whole host of other verbs that come just shy of it, but not quite outright torture yet.

      From the videos of what the US police have done this week I wouldn't be so sure.

      http://boingboing.net/2011/11/18/police-pepper-spraying-arrest.html for instance.

      (I would call pepper spraying someone so much they're coughing up blood 45 minutes later torture, but maybe Americans call it 'discomfort'.)

    3. Re:obligatory by shutdown+-p+now · · Score: 4, Insightful

      Keep in mind that there's this thing called "extraordinary rendition", where you can be a U.S. citizen detained on U.S. soil by U.S. agencies - and end up somewhere in Egypt, where the local goons are politely asked to obtain the keys from you without resorting to any illegal measures *wink wink*.

      Mind you, this requires one to be designated a "suspected terrorist" today, but then all it takes is for executive to say that you're one. They likely won't bother for a pedo, but if, say, you worked on WikiLeaks, that might be a different matter.

  4. Comment removed by account_deleted · · Score: 5, Insightful

    Comment removed based on user account deletion

  5. Giving up passwords by earthloop · · Score: 5, Informative

    (unless the arrestee gives up his password, which he doesn't have to do);

    In the UK he does. And people have been punished for not handing it over.

    1. Re:Giving up passwords by fuzzyfuzzyfungus · · Score: 5, Interesting

      (unless the arrestee gives up his password, which he doesn't have to do);

      In the UK he does. And people have been punished for not handing it over.

      Unfortunately for everybody, really, the potential 5-year RIPA sentence for refusing to disclose a key is crazy draconian as a threat to induce Joe Public to open every Turing-complete device in his entire life to the cops(after what is, no doubt, a impeccable judicial review); but it is substantially less scary than the sentence you might get for various serious crimes that the key might be hiding, along with any incentive provided by your criminal colleagues in favor of loyalty to the organization...

    2. Re:Giving up passwords by Xugumad · · Score: 4, Insightful

      Frequently intrigued how many people miss that much of the US constitution was written to provide rights people didn't have in the UK...

    3. Re:Giving up passwords by Anonymous Coward · · Score: 5, Interesting

      isn't the UK part of the same EU ?

      http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2006:0174:FIN:EN:HTML

      2.4. Privilege against self-incrimination
      The presumption of innocence includes the privilege against self-incrimination which is made up of the right of silence and not to be compelled to produce inculpating evidence. The maxim nemo tenetur prodere seipsum , (“no person is to be compelled to accuse himself”) applies. The accused may refuse to answer questions and to produce evidence. The ECtHR[24] held that, although not specifically mentioned in the ECHR, the privilege against self-incrimination is a generally recognised international standard which lies “at the heart of the notion of a fair procedure”. It protects the accused against improper compulsion by the authorities, thus reducing the risk of miscarriages of justice and embodying the equality of arms principle. The prosecution must prove its case without resort to evidence obtained through coercion or oppression. Security and public order cannot justify the suppression of these rights[25].They are linked rights, any compulsion to produce incriminating evidence being an infringement of the right of silence. The State infringed an accused’s right of silence when it sought to compel him to produce bank statements to customs investigators[26]. Coercion to co-operate with the authorities in the pre-trial process may infringe the privilege against self-incrimination and jeopardise the fairness of any subsequent hearing.

    4. Re:Giving up passwords by automandc · · Score: 4, Informative

      First, the quote was from the Declaration of Independence, a document that preceded the U.S. Constitution by more than a decade, was purely symbolic in nature -- which is to say, it has almost zero application in the law of the United States of America.

      What both of you are trying to recall from your ancient civics classes is the Fifth Amendment (part of the Bill of Rights, passed 2 years after the Constitution), which reads (in relevant part):

      No person shall be . . . compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law. . . .

      Whether or not coercing someone to unlock the chest where they put their confession is the same as forcing them to incriminate themselves is a tricky and unsettled question of law that we (the Yanks) are still working on. (Whether the coercion is beating them with a $5 wrench, or putting them in prison indefinitely for "contempt", the principle is the same.)

      Your meta-point is quite true, however - the creation and protection of such individual rights in conflicts with the State was the fundamental schism that led North America to diverge from the previously (fairly homogenous) Anglo/European civilization about 200 years ago. Now build some Settler[early game]/Armor units[late game] and get out there and spread the word to the rest of the map.

      --
      I'm a lawyer with excellent karma. Something's gotta be wrong.
  6. Anti-FUD by spudnic · · Score: 4, Insightful

    So how are we to know that this isn't anti-FUD?

    "Yes, Citizen, your full disk encryption is just too much for us to crack. I guess you're in the clear."

    --
    load "linux",8,1
    1. Re:Anti-FUD by betterunixthanunix · · Score: 4, Insightful

      That is not how the police in America work. When they cannot crack a cryptosystem, they try to get it outlawed or prevent it from becoming mainstream, and then push for a system with a backdoor. When they manage to crack a system e.g. the Hushmail attack, they parade it around and declare that no matter what anyone does the police will be able to defeat it.

      If this sounds like Doublethink to you, perhaps you should take a look around and reconsider your views on whether it was Orwell or Huxley who was correct.

      --
      Palm trees and 8
  7. Re:I have my disk (at least partially) encrypted by s0litaire · · Score: 5, Interesting

    RAM can hold a copy of the last data held for a good 5 seconds if warm and up to +20mins of frozen,
    so it could be chilled/frozen using compressed air, removed and placed into a reader that dumps the ram memory to disk.

    --
    Laters Sol "Have you found the secrets of the universe? Asked Zebade "I'm sure I left them here somewhere"
  8. kind of the point by Surt · · Score: 4, Insightful

    I mean ... what's the point of encryption that your foes, police or otherwise, can bypass?

    --
    "Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
  9. Re:xkcd "comics" are never obligatory. by Anonymous Coward · · Score: 5, Funny

    Wow. Did a stick figure run over your dog or something?

  10. REFRIGERATED crustacean pix? by Anonymous Coward · · Score: 5, Funny

    You are in violation of the laws forbidding the manufacture, sale and possession of chilled prawnography.

    1. Re:REFRIGERATED crustacean pix? by ColdWetDog · · Score: 4, Funny

      You are in violation of the laws forbidding the manufacture, sale and possession of chilled prawnography.

      A good strong shell ought to keep him out of trouble. Don't Bash it if you've not tried it.

      --
      Faster! Faster! Faster would be better!
    2. Re:REFRIGERATED crustacean pix? by chromas · · Score: 5, Funny

      Judging by his name, I'd say he's been out there a while.

    3. Re:REFRIGERATED crustacean pix? by Nethead · · Score: 4, Funny

      Surely you meant: tcsh tcsh.

      --
      -- I have a private email server in my basement.
  11. Deniable encryption only works in theory by betterunixthanunix · · Score: 5, Interesting
    In practice, the headaches that would ensue from widespread use of deniable encryption would cause one of two outcomes:
    1. Police would stop asking for secret keys, or only ask for a short period of time, because they would have no way of knowing whether or not they have the true secret.
    2. The system would be outlawed.

    Countries that respect and protect a right to free speech would not outlaw such a system, but unfortunately such countries are few and far between. Deniable encryption encryption works in theory, but in practice the existence of non-deniable encryption makes it hard for people to claim that they are innocent users of a deniable encryption system. While there are innocent uses of such a system (perhaps your business secrets are so valuable that being tortured for them is not beyond the realm of possibility) they are few and far between; deniable encryption is tool for protecting your data from a government, and for all their talk about China and Iran, most western governments are not interested in having citizens who can secure their communications and data from police investigations.

    --
    Palm trees and 8
    1. Re:Deniable encryption only works in theory by izomiac · · Score: 5, Insightful

      I figured that plausible deniability applies both ways. You deny that you have any more hidden volumes, they deny that you've given them all relevant passwords. In the UK that means running afoul of that law. In less kind parts of the world (or society) that means you will be tortured until you give up the "real" password, repeated ad infinitum as there's no way to determine the number of hidden volumes. Sucks to be you if what they're looking for doesn't exist, there's no way for you to prove that and break the cycle.

      IMHO, plausibly deniability is for reasonable and less motivated opponents (e.g. some family members). If you're worried about a less savory type, you need to visibly destroy the data. E.g., put it on RAM disks that will shut down if someone opens your closet door and doesn't type the correct code in 30 seconds. You'll be charged with destruction of evidence in a courtroom, and presumed guilty elsewhere, but it's a calculated risk. Wiping the header that is used to convert your password into the actual crypto key is another possibility that potentially allows for later recovery, but your opponent may assume that as well.

    2. Re:Deniable encryption only works in theory by networkBoy · · Score: 4, Informative

      the outer volume, when mounted in "unsafe" mode uses the entire disk partition, thus there are three ways to log into a TC volume with a hidden partition:

      Into hidden volume, with hidden password: see hidden volume, outer volume as unavailable.
      into outer volume, with both outer and hidden password: outer volume mounts, hidden volume shows as unavailable.
      into outer volume, with outer password only: outer volume mounts entire space as one volume, all space available, contents of hidden volume may be overwritten, but all space appears consumed.

      in practice to make the outer volume look valid you should place sensitive info there:
      tax returns for clients if you are a CPA (while the cooked books are on the hidden volume).
      "normal" porn if you are a married person (while the CP is on the hidden volume).
      company confidential design docs if you are an engineer (while the hidden volume contains competitor trade secret info).
      etc.
      The point being that you should make the outer volume both useful and not small so that it will have data churn.

      Also, to defeat casual perusal of your filesystem by random people who may access your computer I am fond of storing my truecrypt volumes as alternate data streams/metadata to normal files. I have a 500 gig drive with a single mp3 on it that is only 3 min long, yet the disk is full :)
      -nB

      --
      whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
  12. Here's a clue LEO guys... by bmo · · Score: 5, Insightful

    While I currently do not run full disk encryption on my laptop and I have never done anything to warrant arrest, I have thought about full disk encryption. Especially in these days of a growing police state, it is not my job to make your job easier. If the news stories keep going the way they are, I suspect that within the year, I will simply migrate over with strong encryption and that will be that.

    Because I do not like the increasingly adversarial and militarized role the police have been taking. I'm sure I'm not alone. While I do not wear tinfoil, the news events of late give me pause.

    --
    BMO - shiny side out.

  13. I've got a solution! by PopeRatzo · · Score: 4, Insightful

    Use biometrics instead of a password.

    Your system unlocks via your foreign friend's iris, which you get via his smartphone's camera.

    Now, when the police want to get access to your computer, they have to try to extradite your friend. You can't give them a password because there is no password. The only way to unlock your system is if your friend puts his eye up to his smartphone's camera and you put your smartphone up to your computer's iris scanner. They'd have to figure out a way to compel your friend, who lives in a country that may not have extradition treaty with your particular tyrannical hellhole.

    Yeah, I know it's inconvenient, but it would be worth it to frustrate the monsters who have seized power.

    Of course, by that point they'd probably just use rendition to send you someplace where you'll be tortured, just for making them have to work for a living. US or UK, I don't think there's any line they won't cross. Not any more. There's no longer a pretense to anything like personal rights. Unless your name ends in "Inc." you just don't have rights any more.

    --
    You are welcome on my lawn.
  14. I always thought you could do one better by DavidTC · · Score: 4, Interesting

    Encrypted drives do not, obviously, use the password to decode the files. They use the password to decode a key and use that to encode the files.

    So I always thought it would be interested to have a computer that, on startup, wipes that part of the disk with 0s, sticking a copy somewhere else on the drive. (Which is not a security risk, because the other parts of the drives are, obviously, encrypted with that key, and you can't open box with a box cutter inside it.)

    And during safe shutdown, it puts it back. Or have a program you have to run to put it back, then shutdown.

    For safety purposes, you give a copy of the key to someone else for safekeeping. Bonus points if they're out of the country.

    Then you leave your computer on, and the screen locked, at all times. Bonus points if you rig it to an alarm where if someone breaks in, it cuts the power. (Also have it do the same if someone inserts firewire or USB while the screen is locked.)

    Now it doesn't matter how much you're ordered to comply with the police. They come in, cut the power to your computer, make a disk image...and you'll tell them the damn password all they want, but you are rather at a loss as to how they think that will work, considering the part of the drive with the key stored is has apparently been filled with 0s. (You'll need a lawyer able to explain that what they are asking cannot work.)

    Now, like I said, you can lie and pretend you don't know what's going on...or you can wait until they get a court order to have you decrypt, and then tell them what's going on. By which point your friend has hopefully already destroyed the key.

    And the joke is, even if you explain everything that happened, this is entirely legal. You have not destroyed any evidence, because the key was already missing from the unencrypted part of the drive when the warrant showed up. (Unlike some of the automated 'destroy data' traps that people try to come up with.) And you have cooperated fully, you literally cannot get to the data. And your friend didn't destroy evidence, because the search warrant was for your stuff, he can delete of his own files he wants until he is told otherwise.

    --
    If corporations are people, aren't stockholders guilty of slavery?
    1. Re:I always thought you could do one better by David+Jao · · Score: 4, Interesting

      Now it doesn't matter how much you're ordered to comply with the police. They come in, cut the power to your computer...

      When law enforcement officers confiscate a computer, they usually (in the US at least) try to transport the computer without powering it down. Standard procedure is to plug a portable generator into the wall outlet powering the computer, unscrew the outlet, and take the whole apparatus (including wall outlet, generator, and computer) to the forensics lab, without interrupting power to the computer. If all the jacks in an outlet are in use, they will unscrew the wall outlet and splice the generator's power cables into the outlet.

      The article and summary do mention situations where computers are powered down for transportation. These are exceptions. They are not the norm.

  15. Ultimate in planted evidence... by barfy · · Score: 4, Interesting

    You want to do someone in, and have access to their computer, a USB program that creates an encrypted partition would be enough to do one in. Proving one's innocence would probably be near impossible.

  16. Re:Not impossible, not even hard by 0123456 · · Score: 4, Informative

    Within 10-20 years after that any conventional (e.g. what most PCs today are capable of) encryption other than one-time-pads or the like will be breakable.

    Uh, no. Quantum computers can brute-force conventional encryption in about the square root of the time taken by a conventional computer. Doubling the key size is much easier than building a quantum computer of a usable capability.

    This is precisely why AES has a 256-bit key option when conventional computers could never break a 128-bit key anyway. AES256 is about as difficult to brute-force with a quantum computer as AES128 is with a conventional computer.

  17. More research? by cheekyjohnson · · Score: 4, Insightful

    "Research is needed to develop new techniques and technology for breaking or bypassing full disk encryption."

    And, if they somehow manage that, research will be needed to develop new techniques and technology for creating even stronger encryption.

    --
    Filthy, filthy copyrapists!
  18. Re:Minor issues by DavidTC · · Score: 5, Informative

    Except modern drive recovery can restore the blanked out sector.

    Uh, no.

    It has never, despite it being 'common wisdom', been possible to recover overwritten sectors on a hard drive.

    No one has ever demonstrated it in the entire history of hard drives.

    It was a theoretical attack a long time ago, on pre-IDE 'MFM' hard drives.But we moved off that sort of drive in 1986.

    And even then, it didn't work. It was a theory that said with a very poorly build hard drive, it might be possible to recover some data. Like I said, no one's ever actually shown this.

    And with IDE, we moved to RLL encoding which means, statistically, you couldn't get anything. With an MFM encoded drives, if you got 50% of the data with 50% accuracy, you had 25% of the data and might possibly come up with something, although, like I said, no one ever has managed this.

    But with RLL encoded drives, if you got 50% of the data with 50% accuracy, you have nothing. It is not really possible to get a partial byte.

    No that anyone has ever demonstrated reading anything from a ' The idea that you need to do anything more than overwrite a sector to make it unreadable is one of those zombie lies that simply cannot die.

    The only way to recover a lost sector is if it was going bad at some point, so the hard drive made a copy of it and remapped that sector to the copy. Which means the original might still be there. (OTOH, the original was going bad, so who knows if it's still readable.) The odds of this happening are astronomical.

    --
    If corporations are people, aren't stockholders guilty of slavery?