Man imprisoned for not giving police password.

[bam0]

What if it's made so it will only work if theres write privileges and must be run from exactly the same hardware?

Forensic analysis doesn't involve just turning on the computer and looking around the hard drive with windows explorer. All the things you're thinking of are software based, but if I know the encryption method I don't need to use your specially boobytrapped software to decrypt the data.

 

[Amnesia]

Aye.. Because it's stuffed full of child pon or something else illegal.

what if its full of home videos with him and his g.f/wife/sister ? ...how many would take the 16 weeks than have a load of cops enjoying your partners dirtiest moments

 

[Hamish]

We have to send the encrypted data to a specialist centre who have to confirm it's not breakable before we can go down the route of charging for not giving up passwords. We can't do so simply on the belief that there's information in there somewhere.

I don't understand though. If you use decent software e.g. Truecrypt, an encrypted volume is indistinguishable from a volume of random data.
Could someone get sent down for "witholding an encryption key" if they truthfully said a volume was formatted with random data?

 

[bam0]

I don't understand though. If you use decent software e.g. Truecrypt, an encrypted volume is indistinguishable from a volume of random data.
Could someone get sent down for "witholding an encryption key" if they truthfully said a volume was formatted with random data?

You don't tend to get volumes that just happen to be filled with almost perfectly random data. If you find that along with encryption software and indications data/drives being accessed that you can' find, that's a lot of evidence that someone is hiding something.

 

[tntcoder]

You don't tend to get volumes that just happen to be filled with almost perfectly random data. If you find that along with encryption software and indications data/drives being accessed that you can' find, that's a lot of evidence that someone is hiding something.

dd if=/dev/random of=secretPron.dat bs=1024 count=5000

= jail/pwned

 

[elbulus]

You wouldn't want to enter a letter wrong in that password and have to enter it all over agian in a hurry

 

[cymatty]

I really need to read more into this truecrypt thing, seems interesting.

 

[Sin_Chase]

I wonder what evidence they had.

Assuming he has something illegal I find it hard to believe he would encrypt the local storage but not download from secured areas or over encryption itself. There would be no evidence to garner.

 

[markweatherill]

what ever happened to 'you have the right to remain silent?'

Nothing. But 'it may harm your defence if you... etc'

 

[Russinating]

Going back to what von said about a 50-char password being quite easy to remember, I concur.

Personally if I were to do it I'd use codes I already know of, such as car registrations and postcodes, separated by special characters. I know ~6 postcodes off by heart and a few car registrations. Stringing them all together would be easy and would get you something like:

bs69op/s121tgh/b962hg/f90pol/bs14re/ne553xv/so559le [..] etc

 

[SiriusB]

lol, I don't think you understand the amount of effort it takes to break encryption.
Assuming he is using something like AES (probably) and the password is 50 characters as it says.
If you dedicated 100% of the CPU of every computer in the whole world including supercomputers to brute forcing it, I guarentee you that he would have died of old age before the password was broken.

Isn't that the time it takes to test every possible combination? If so, it could be cracked in 10 minutes if you got lucky!

 

[bam0]

dd if=/dev/random of=secretPron.dat bs=1024 count=5000

= jail/pwned

Heh, I'm not saying you can't make it look that way, but why would you really want to.

 

[SiriusB]

Going back to what von said about a 50-char password being quite easy to remember, I concur.

Personally if I were to do it I'd use codes I already know of, such as car registrations and postcodes, separated by special characters. I know ~6 postcodes off by heart and a few car registrations. Stringing them all together would be easy and would get you something like:

bs69op/s121tgh/b962hg/f90pol/bs14re/ne553xv/so559le [..] etc

Most of my passwords are complete gibberish as I use LastPass to remember them. However, there are of course situations where I need to remember a password [such as my master password or encryption password]. For these I use passphrases, that I meddle with to make it harder.

For example:

thisisapassphrase
ThisIsAPassPhrase
Th1sI5AP4ssPhras3
\This`I5AP4ss.Phras3;

Not only do you need to know the phrase, you also need to know what criteria was used to generate the numbers/uppercase/symbols.

 

[tntcoder]

Isn't that the time it takes to test every possible combination? If so, it could be cracked in 10 minutes if you got lucky!

Tis true It could be the first combination you attempt.

All comes down to probability, with a 256-bit key space lets say you can test 100000000 passwords per second. That's 144000000000 per day.

144000000000 is a minuscule % of the entire keys pace: 1.24360827 × 10^-64 %. The odds of it being in that small pinch of passwords are astronomical. Really need your lucky hat on

 

[Hamish]

Isn't that the time it takes to test every possible combination? If so, it could be cracked in 10 minutes if you got lucky!

true, but on average you will need to try half the combinations to guess correctly. That's a mere 200 million trillion trillion trillion trillion trillion trillion trillion trillion trillion attempts

edit// sorry miscalculated, its
200 thousand trillion trillion trillion trillion trillion trillion trillion

 

[sniffy]

Assuming he has something illegal I find it hard to believe he would encrypt the local storage but not download from secured areas or over encryption itself. There would be no evidence to garner.

I imagine he did. Perhaps a tip-off.

Well, what then?

Statistical analysis can help eliminate possible permutations but it's still essentially a brute force.

All encryption can be broken.

One-time pads are unconditionally secure; they cannot be cracked. Not very practical though

 

[Delvis]

Explain? There are no practical better than brute force attacks against AES? Or tbh any other mainstream ciphers.

Unless you mean external techniques like torture, keyboard radiation monitoring, surveillance etc?

No practical better value yes, depends if you have a million years though really

Like I said gaining 'access' to a system can be done in different ways other than guessing a password.

Oh ignore him, he's talking out of his bunghole.

Obviously yes.

I forgot that on this forum if you say something and don't back it up without 100% evidence its deemed bs because someone doesn't understand it

should try his luck cracking the euro millions this week instead.

Ask darren brown, he did a good show on how to guess that once....Sadly 'code breaking' doesn't fall into that category.

 

[apeZ]

Interesting thread, good read

What are the ramifications for the user if you encrypt your hard drive? Do you have to enter the password every time you wish to access it?

 

[RDM]

I forgot that on this forum if you say something and don't back it up without 100% evidence its deemed bs because someone doesn't understand it

I think it could be more to do with the fact that you aren't actually saying anything. Just giving vague "Oh it can be done" sort of statements with no backup at all.

 

[bam0]

No practical better value yes, depends if you have a million years though really

Like I said gaining 'access' to a system can be done in different ways other than guessing a password.

Gaining 'access'? What are you talking about, the data is encrypted, without the key to decrypt it you aren't going to be 'accessing' that data. I'm with the others, I don't think you really know what you're talking about.