HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Researchers Say Disk Encryption Foils Law Enforcement
- Thread starter HardOCP News
- Start date
Monkey God
Mangina Full of Sand
- Joined
- May 7, 2007
- Messages
- 6,723
If its a serious law enforcement operation, keyloggers > disk encryption. Not so SRS? Encrypt it.
We recently had an incident with one of our employees at work. A company laptop was confiscated by the sheriff department for the collection of evidence. All of our laptops have encryption installed on the system partition. Anyways, after about 6 months of having the laptop in their possession, the sheriff department contacted our company asking if we had the password because they were unable to retrieve ANY information from it. I laughed a little and gave them the password they needed. We had the laptop back in our possession a couple of weeks later.
Zangmonkey
Supreme [H]ardness
- Joined
- Jul 6, 2005
- Messages
- 5,058
The problem is where this is going: Governments mandate commercial encryption offer a backdoor for "national security"
oROEchimaru
Supreme [H]ardness
- Joined
- Jun 1, 2004
- Messages
- 4,662
I worked for a few companies that used encryption but since its a pain to reset tokens and passwords, then sync remotely on vpn they often have a "setup password" that everyone knows to skip the encryption lol. This defeats the purpose of encryption.
which is precisely why you never use a commercial product, only an open source one that has been thoroughly vetted.
Then we'll end up with a law like the UK that you have to provide keys to key escrow. And it'll take a trip to the supreme court to test the 5th amendment all over again.
Zangmonkey
Supreme [H]ardness
- Joined
- Jul 6, 2005
- Messages
- 5,058
According to Microsoft there is no backdoor to their commercial encryption solution.
Haha and according to the Chinese government, those girls were NOT 8 years old competing in the Olympics for gymnastics.
So they say. Why would they say otherwise?
octoberasian
2[H]4U
- Joined
- Oct 13, 2007
- Messages
- 4,082
I'll feign ignorance and say I forgot it when asked for the password to my TrueCrypt drive.
Better to use a hidden partition and say "what drive?"
oROEchimaru
Supreme [H]ardness
- Joined
- Jun 1, 2004
- Messages
- 4,662
Most local enforcement agencies do not have a cyber/computer division. Even Milwaukee's from what I have asked is near non-existent. This gave me the idea:
use simple encryption, but create a broken computer bootup interface to foil non-IT "detectives".
a. boot up pc
b. "ntdls boot error, please reboot:" here enter your username
c. "Hard drive is damaged." enter your password
This would probably fool 90% of the non-IT police force whom will resort to formatting, then auctioning your pc. Wait they probably won't format lol.
use simple encryption, but create a broken computer bootup interface to foil non-IT "detectives".
a. boot up pc
b. "ntdls boot error, please reboot:" here enter your username
c. "Hard drive is damaged." enter your password
This would probably fool 90% of the non-IT police force whom will resort to formatting, then auctioning your pc. Wait they probably won't format lol.
PynkFloydd
Gawd
- Joined
- Mar 20, 2008
- Messages
- 617
So...umm...."hypothetically", let's say I was law enforcement. Which would be the best...err, I mean, hardest software to get past?
Good.
Because if the government can't read encrypted disks of criminals this conversely means that criminals* can't read my disk, either, if I encrypt it properly.
*Note that in some cases the words 'criminal' and 'government' can be used interchangeably.
Because if the government can't read encrypted disks of criminals this conversely means that criminals* can't read my disk, either, if I encrypt it properly.
*Note that in some cases the words 'criminal' and 'government' can be used interchangeably.
DeathPrincess
Fully [H]
- Joined
- May 15, 2010
- Messages
- 18,205
I just write all my important documents in code!
auzjzjz zhzfit pifc!!!
Or really important documents in coded 1337 speak! That way the police/weirdos would be too annoyed to finish the whole thing! Maybe I should try rotationism...
iii)f!d fitzyz zfzfzne
Code:
abcdefghijklmnopqrstuvwxyz
zasecrtpwdbfghijklmnoquvxyauzjzjz zhzfit pifc!!!
Or really important documents in coded 1337 speak! That way the police/weirdos would be too annoyed to finish the whole thing! Maybe I should try rotationism...
iii)f!d fitzyz zfzfzne
Outside of profesional products which are not available to public, TrueCrypt is IMO very good option.
Yes, TrueCrypt is what we use. We also use it for our offsite backup drives that go offsite. Anything that leaves the office and might contain confidential information should be encrypted. It's sad; most businesses don't practice this...
You mean not even the gov.'t can crack the toughest encryption? You don't say!
It's only a matter of time before American law forces the accused of coughing up the password.
I wouldnt bet against NSA being able to decrypt such data, but they are not going to spend significant amount of time using all those supercomputers trying to decrypt your HDD with torrents.
Btw.: USA has 263 out of 500 most powerfull supercomputers.
you'd be surprised at how piss poor our technology is these days. the Chinese could kick the shiat out of us 10 times over and not break a sweat. We peaked in the late 70's.
Well, even if they use a bunch of supercomputers, I think it'd take a bunch of millennia to break 256-bit AES encryption.
USA no longer owns the top spot in Top 500. Our best is now only good for bronze.
While we're on the subject, I didn't find out specifically the software encryption that they are referring too, or are they just be general? Also, what sort of encryption software do you guys recommend, when it comes to security I'm mostly illiterate in this area.
It's only a matter of time before American law forces the accused of coughing up the password.
What if you don't know the password.
As a hypothetical scenario:
You have a third party that knows the password and only types it in via a gotomypc or similar session when they see, for example, a certain household item in the background oriented in a certain way in a webcam chat with you.
You cannot disclose what you don't have.
Personally I use truecrypt. It operates transparently in the background (you type in your password at boot). I don't use hidden volumes or anything like that, it's more to protect my financials and personal information in the event somebody stole my PC / External hard drives from my home. They wouldn't be able to get anything off of them when they went to boot the system up or access the external hard drive.
Red Squirrel
[H]F Junkie
- Joined
- Nov 29, 2009
- Messages
- 9,211
I'm sure some of the more hardcore law enforcements like the FBI could easily crack typical standard encryption like AES 256 and such. These agencies probably have technology we wont even see for another 10 years, if ever.
PynkFloydd
Gawd
- Joined
- Mar 20, 2008
- Messages
- 617
Thanks! I'll check it out. ...not that I have a lot of sensitive information to hide, but it's just nice to know that even a thief couldn't get access to my archived personal info.
Think again! Check out the NSA and their facility. In addition, keep in mind what FPGAs are capable of in mass supercomputing arrays and clusters.Well, even if they use a bunch of supercomputers, I think it'd take a bunch of millennia to break 256-bit AES encryption.
USA no longer owns the top spot in Top 500. Our best is now only good for bronze.
256-bit AES is nothing.sfsuphysics
[H]F Junkie
- Joined
- Jan 14, 2007
- Messages
- 15,992
Have to remember though super computers are often hardwired to do a specific task, unless brute force password busting is that task it might not be as useful as you might think.
NSA has had a backdoor in windows since windows 95. The code does not lie.
http://news.bbc.co.uk/2/hi/sci/tech/437967.stm
http://news.bbc.co.uk/2/hi/sci/tech/437967.stm
Not like it matters, they'll just get a motion to compel the password from you. Not doing so can lead to contempt of court. The 5th amendment covers you for not testifying against yourself, last I checked it didn't allow you to hide or destroy evidence. This is all of course up to debate and will need a scotus judgement to clear it up.
The key is to get a serious head injury so you have cause to forget said password.
http://m.cnet.com/Article.rbml?nid=20078312&cid=null&bcid=&bid=-281
The key is to get a serious head injury so you have cause to forget said password.
http://m.cnet.com/Article.rbml?nid=20078312&cid=null&bcid=&bid=-281
You can get your hands on a "supercomputer" for pretty cheap these days.
http://www.i-programmer.info/news/91-hardware/3362-rentasupercomputer-from-amazon.html
Heck, for $2,553.60/hr you can have the 42nd most power supercomputer in the world.
http://www.i-programmer.info/news/91-hardware/3362-rentasupercomputer-from-amazon.html
Heck, for $2,553.60/hr you can have the 42nd most power supercomputer in the world.
DeathPrincess
Fully [H]
- Joined
- May 15, 2010
- Messages
- 18,205
Or pretend it's not yours. Theres "nor shall be compelled in any criminal case to be a witness against himself". Which should cover you from incriminating youself or giving evidence which proves youself guilty.
Isn't there also something about "nor shall private property be taken for public use, without just compensation"? Then you could just claim the data is worth $1b. Then just pay some guys to spring you free?
There is the bit about "unless on a presentment or indictment of a Grand Jury", unless you are in the millitary. So maybe keep claims under $200m.
Germans were also convinced that breaking Enigna encryption is impossible..... oooops
kcmastrpc
[H]ard|Gawd
- Joined
- May 26, 2011
- Messages
- 1,300
yes. judges can order defendents to reveal their encryption key. if you do not comply a contempt charge will likely be added on top of whatever else you're being accused of.
you can fool with hidden volumes, or make is so long/complex that it is impossible to memorize. store your key on some random box in the world that auto-nukes via script if you don't login within 24 hours.
when you comply with the order and give them a key that accesses a volume of poop-porn and weird fetishes or tell them, "really, I don't know... it's a random string of 90 characters and the key self-destructed."
i imagine though if one were to be charged with a crime and some evidence was on an encrypted container the prosecution wouldn't rely on that being their only asset.
AbsintheGuy
Limp Gawd
- Joined
- Nov 6, 2008
- Messages
- 154
Think again! Check out the NSA and their facility. In addition, keep in mind what FPGAs are capable of in mass supercomputing arrays and clusters.
AES-256 encryption is unbreakable if the media has been encrypted with a good password. There is no known hardware or techniques that can be used successfully to break it--government or otherwise.
Also, Truecrypt has an option to put a custom message up on bootup that can essentially say "missing operating system" or whatever.
The power of encryption benefits everybody, since we live in an age of information. If you value privacy and freedom, encryption is the way to go.
Truecrypt and the likes is great against all the regular joe schmoe's and standard local law enforcement. I certainly wouldn't bet my life on any of them with the Government though. They want everyone to think they can't get around such encryptions, that's just funny.
- Joined
- Jan 12, 2004
- Messages
- 21,888
Encryption? I guess I don't know what that is.