Man imprisoned for not giving police password.
- Thread starter Energize
- Start date
How on earth do the BBC know it was a 50 character password if the police couldn't crack it? How do the police know it was 50 characters?
imagine their anoyance that in a trillion years the crack the password only to find you put all the suspect files in a password protected / encrypted zip file... containing a password protected word file... possibly encrypted stored in an encrypted folder
agreed, however one of my mates at uni for his dissertation developed a program that you could input a personality or hobbies rarther of that person, their favourite places, football team etc and would then generate random passwords based on this input. Which was pretty cool!
so you can encrypt encrypted files?
surely you would spend half your life just entering passwords!!
Man of Honour
- Joined
- 17 Nov 2003
- Posts
- 36,747
- Location
- Southampton, UK
Remember, it may take a 100billion years to crack with today's technology, but advances in tech are exponential. Quantum computing may even prove to be a deal breaker in this respect.
check this site out:
http://strongpasswordgenerator.com/
What length should your password be?
Include symbols in password?
Your new strong password is:
f78?T25K6R#{7pVV7j7/M
Remember it as:
firefox 7 8 ? TARGET 2 5 KMART 6 RADIO # { 7 paris VIRGIN VIRGIN 7 jessica 7 / MICROSOFT
good luck remember this one and it is only 20 characters!!!
http://strongpasswordgenerator.com/
What length should your password be?
Include symbols in password?
Your new strong password is:
f78?T25K6R#{7pVV7j7/M
Remember it as:
firefox 7 8 ? TARGET 2 5 KMART 6 RADIO # { 7 paris VIRGIN VIRGIN 7 jessica 7 / MICROSOFT
good luck remember this one and it is only 20 characters!!!
That won't help. Not even slightly.
Aye, was planning to come back and post something about this, as I've now read the relevant bits of RIPA.
It's like if they took a locked box from you under a warrant, then asked for the key, except even if you don't give the key they could still break the box open. With a properly encrypted drive it's hard to prove the encrypted data is there at all, hard to prove you know a key and essentially impossible to break in without the key.
If you use truecrypt then it's difficult, though not impossible, to even be sure that there is anything there but empty hard disk space. And from there you're into major league forensics to show it's there before you can even begin to worry about decrypting anything.
Consider false key encryption too.... It's an interesting idea. You have an encrypted image inside and encrypted image.
Scenario for example is that you create a 500Gb encrypted image but place say 20Mb of actual data in it. The encrypted image is still 500Gb. No way of telling how much data is in it.
Now, key A opens the encrypted store but gives you storage scenario A - no real files of interest.
Key B opens the real encrypted store and gives you access to your files.
The trick is with the above is being able to hide the false-storage.
Scenario for example is that you create a 500Gb encrypted image but place say 20Mb of actual data in it. The encrypted image is still 500Gb. No way of telling how much data is in it.
Now, key A opens the encrypted store but gives you storage scenario A - no real files of interest.
Key B opens the real encrypted store and gives you access to your files.
The trick is with the above is being able to hide the false-storage.
Narrowing it down sure but you still have to hope they created a password based on any of it. And even if they did you have to then hope they didn't simply add a few letters/numbers/punctuation to it. I mean unless someone did something so blatantly obvious as being a huge fan of the pharaohs and Ramesis II and used that as there password you wouldn't get in even narrowing it down in a realistic time frame.
Deleted member 651465
Deleted member 651465
You don't have to remember a 50 character password, if you use a password management program like Roboform (Windows) or 1Password (Mac).
All of my passwords are 16 characters, with a mixture of captials and symbols e.g. "IB=3bzma4te%HXZa" which for all intents and purposes is not rememberable. However, buried under a master password in the browser on my mac is the option to log in to each of my bookmarked sites with 1 click.
All of my passwords are 16 characters, with a mixture of captials and symbols e.g. "IB=3bzma4te%HXZa" which for all intents and purposes is not rememberable. However, buried under a master password in the browser on my mac is the option to log in to each of my bookmarked sites with 1 click.
Associate
- Joined
- 30 Nov 2003
- Posts
- 2,211
The police don't need a warrant to search premises and seize items and belongings, just the authority of an inspector.
Man of Honour
- Joined
- 17 Nov 2003
- Posts
- 36,747
- Location
- Southampton, UK
That is dependant on the circumstances.
I operate on a similar proviso. My passwords are all actually 63 full ASCII characters long in sites that accept them, and as long as possible for ones that don't. Random example:
Code:
AeIg((e,+|Kr:!A#=8Z*_)_sHub)pm*'s-qZ/}-d[Z.BazprMM9m*r;hNyn*bkyI store all these in an encrypted text file, which is opened by a master password (itself almost 20 nonsensical characters long) that I keep in my own memory and is never written down. The weak link though, as with any 'master password' is the master password itself. While having 63 digit passwords as above helps keep it infeasible to brute force your web mail, a determined hacker (or the police) only need to crack your master password and they're set.
So, keep your master password decent and change it regularly.
Most high up departments do not use these kind of public ciphers especially for classified stuff, they use in house stuff.
Also when your password hits above say 20+ mixed case alpha-numeric characters and high entropy, it is outside the range of standard password brute forcing and it becomes more feasible to attack the algorithm directly. Especially when the software forces delays between attempts. With AES-256 for example you would start brute forcing 256-bit encryption keys, with 2^255 operations till you succeed and you could progress each attempt much faster than with passwords but obviously you will still be worm food before success happens.
Last edited:
There are quantum algorithms that make factorization an easy (relatively) task, but not all crypto systems rely on the hardness of factorization for their security. McEliece and Lattice based crypto for example aren't currently vulnerable to quantum based attacks, that doesn't mean they won't ever be, but quantum computing also doesn't mean the end of cryptography.
The entropy of the "empty space" gives you a pretty good idea if there's something encrypted hidden there.
PGP encryption can't be broken by any government either, similar cases both here and in america.
http://en.wikipedia.org/wiki/Pretty_Good_Privacy
http://en.wikipedia.org/wiki/Pretty_Good_Privacy