FBI Failed To Break Encryption of Hard Drives

benoliver writes to let us know that the FBI has failed to decrypt files of a Brazilian banker accused of financial crimes by Brazilian law enforcement, after a year of attempts. Five hard drives were seized by federal police at the apartment of banker Daniel Dantas, in Rio de Janeiro, during Operation Satyagraha in July 2008. (The link is to a Google translation of the original article in Portuguese.) The article in English mentions two encryption programs, one Truecrypt and the other unnamed. 256-bit AES was used, and apparently both the Brazilian police and the FBI tried dictionary attacks against it. No Brazilian law exists to force Dantas to produce the password(s).

That's what they *want* you to believe

[Anonymous Coward]

Just because you're paranoid does NOT mean that no one's out to get you.

And you KNOW the government is out to get you.

Re:Wrong Agency

[DarkDespair5]

No, AES has been independently vetted and attacked by multiple security organizations. The only flaws that have been discovered in the algorithm are minor and inconsequential. The NSA is a double-edged sword - they help with useful security tools such as SELinux as well as their traditional spook espionage. The NSA can't crack AES even with a supercomputer (right now, and only if the user has a decent password and/or 2-factor authentication).

Re:The universe would suffer thermal death

[Anonymous Coward]

Stop citing things inaccurately enough to be a myth.

The universe would suffer heat death. Before someone cracked the encryption. Using brute force. Via exhaustive search of keyspace. Utilizing techniques currently understood by science and the present beliefs of the laws of thermodynamics. FULL STOP. Hi, Quantum Computing....you ready yet?

You'll note many other possibilities now exist--including algorithmic weaknesses, birthday attacks, and such. I use a *good* password for a few things. But even based off of standard ASCII (too american to remember unicode), and assuming a space of the full upper/lower alphas and numerics, plus {-_+= [] }

with NO reasonable assumptions about distribution and entropy--gives me an entropy of 4.24bits per character. In practice it's probably only about 3 for me instead of the standard assumed 2.8.

Well in excess of the average (written english) language. Utilizing a password of approximately 30 characters, that's ONLY 132 bits of entropy. Well shy of 256.

There's all types of cryptographic techniques to expand a password into a suitable key--but that's just scattering the space and diffusing the entropy around some. 128 is crackable using current technology.

Sure, I can get a key with 256 bits of entropy--but it'll either come from a passage I've memorized in a book (not a very good one), or get stored on physical media. Weakness.

Re:US Laws?

[hedwards]

Not without violating the 5th amendment. If you can get the key via keylogger or malware it's fair game, otherwise they have to willingly provide it or you've got to crack it. But the constitution as it stands, does not allow the authorities to compel a suspect to produce the files.

Re:is waterboarding next to get the info?

[keeboo]

That's not offtopic. If they want the info bad enough, that is what they will do. And nobody will be able to prove a damn thing.

In Brazil, proofs produced by illegal means cannot be used (Federal Constitution, Art. 5, Inc. LVI).

Also, commiting a crime in order to produce proofs is aggravated up to a 1/3 (Decree-Law 2.848, Art. 342, Par. 1).

Re:The universe would suffer thermal death

[simcop2387]

If we can crack 128 bit encryption then AES 256 should be easily breakable, http://www.schneier.com/blog/archives/2009/07/new_attack_on_a.html [schneier.com] there's several attacks on the flawed key schedule in that reduce the search space to something like 2^110.5 instead of the 256bits that AES 256 implies. (this means that AES 128 is actually more secure in this regard, at least as currently understood).

Plausible Deniability

[fractalspace]

RTFM for TrueCrypt:

It may happen that you are forced by somebody to reveal the password to an encrypted volume. There are many situations where you cannot refuse to reveal the password (for example, due to extortion). Using a so-called hidden volume allows you to solve such situations without revealing the password to your volume.

Re:is waterboarding next to get the info?

[keeboo]

Someone modded the parent "flamebait" but that's an interesting point IMO.

The "problem" in Brazil is that, even if you're willing to do thing in a not-quite-right way, that's seldom viable in practice - specially in high profile cases with lots of expensive lawyers.

Why is that? The current Brazilian Constitution (created in 1988) and several key laws give lots of rights to the accused ones.
That's all nice and stuff, but many people (myself included) believe that they went too far and, basically, criminals are being treated like defenceless babies.
One thing you can hear about the Federal Constitution is that it was created "under the (left-wing) political prisoner syndrome". That is, back in 1988 the politicians wanted to avoid human rights abuses like the ones from the 1960s and 1970s (during the militar government), but (though well intended) they went too far.

The result is that it made criminal prosecution very hard in Brazil.

Re:is waterboarding next to get the info?

[ipX]

No, they just need to send it to Wikileaks and tell them it's a video of waterboarding.

In all fairness I don't think parent is a troll, I think it's a weak attempt at a joke about wikileaks breaking encryption [nytimes.com]:

Somehow -- it will not say how -- WikiLeaks found the necessary computer time to decrypt a graphic video, released Monday, of a United States Army assault in Baghdad in 2007 that left 12 people dead, including two employees of the news agency Reuters.

Re:Wrong Agency

[fuzzyfuzzyfungus]

I don't see what gives you that impression. I'm merely pointing out that, with truecrypt(or any conceptually similar system), there are two things needed to obtain the actual decryption key and decrypt the volume: the password, and the keyfile.

The most secure configuration involves storing the keyfile separately from the encrypted volume(on a smartcard, USB drive, etc.). For reasons of convenience, though, Truecrypt(and, again, most of the conceptually similar systems) support storing the keyfile in the same location as the encrypted material, which is much less of a pain because you only need a password for access, don't have to carry a separate device, and so forth.

If this guy used the system properly, his volumes will be secure. Guessing a 1MB(in the case of truecrypt) random keyfile, or breaking the encryption will be functionally impossible.

If he went with the convenient setup, then the feds have both his encrypted volumes and his keyfiles. They only lack his password. Guessing passwords is, barring extraordinarily good ones, many orders of magnitude easier than guessing encryption keys, and is frequently within easy reach of brute force attack.

Re:Wrong Agency

[Kjella]

It's fairly easy to create a good, strong password for the really important stuff. I usually suggest the following:

1. Pick a phrase, any phrase "maryhadalittlelamb"
2. Add three "typos" with digit, capital and special character "marXyhadali6ttlel!amb"
3. Remember the typos as part of the words: "marXy" "li6ttle" "l!amb"

It'll never match a dictionary attack. It's too long with too large a character set to be brute forced, close to 128 bits. A hybrid attack possibly might but even if you know the phrase in 1. and exectly the method I told you guessing both the position and character will take about (21*20*19 * 10 (0-9) * 26 (A-Z) * 30 (the easy special chars) = 60 million permutations per phrase and in reality you won't know the phrase or if I did something slightly different, like adding two digits.

The most general fault people make is too short passwords, because they get annoyed by typos and because many systems don't handle more than 8 characters. That's too little if the attacker can run the password cracker locally, it's only good as network passwords where first off the network slows you down and second you can have slowdowns and lock-outs in place.

Re:Wrong Agency

[Shadow of Eternity]

Which is, again, why we'll probably just keep someone awake for 3 days while we scream at them and hit them under the arms with a phonebook until they talk.

Encryption Software

[Anonymous Coward]

Over 2 years ago i had the feds raid my house, i used DriveCrypt Plus Pack (www.securstar.com) to encrypt my drive, they returned the drive a year later saying the drive was corrupted.
keep in mind the feds have thousands of cases and usually hire outside companies to crack it, they are limited by time and budget.

just goes to show the myth of any gov agency can crack commercial encryption software.

You know what immunity means, right?

[Sycraft-fu]

Immunity means "Immunity against prosecution." So this is not the sort of thing they can use against someone. They can't say "You are immune from prosecution, now testify about your crimes. Ok, you testified, now we are going to charge you with those crimes." The person was given immunity from prosecution, can't prosecute them for those crimes.

The point of immunity is securing someone's testimony against another party. So lets say you and I had committed some crimes together. However your part was pretty minor, you'd done little things and you weren't the guy planning things. The prosecutors decide I'm the one they really want, you are just a petty crook they don't care about. However, you won't testify against me, not because you are scared of me but because in doing so you'd admit to your own crimes. They say "Ok we'll grant you immunity. Any crimes you testify about committing, you can't be prosecuted for." You then go and testify to all the stuff I've done. I go to jail, you do not.

Immunity isn't some magic way to make the 5th amendment disappear. What it does is protect someone's 5th amendment rights, while allowing them to testify. The 5th amendment says you can't be made to testify against yourself. So, if you are immune from being prosecuted there is no violation of your rights. Your testimony is not being used against you.

For the same reason they can't say "Ahhh! We had our fingers crossed! Deal doesn't count!" In that case your lawyer would argue to have your testimony, and any evidence as a result of it, suppressed. You only testified because you believed it could not be used against you, and there is a written deal to that effect. If they revoke the deal, then that violates your rights. A judge would then suppress the testimony, and all evidence that comes from it (US courts use a "poisoned fruit" idea that evidence that comes from a violation of rights itself cannot be used). Your lawyer then has the court dismiss the case due to lack of evidence.

Re:Wrong Agency

[rotide]

Or the obvious, if it was known to be easily breakable, the US Government standard for encryption of Top Secret information would be something other than AES. But no, AES _is_ the standard for Top Secret information encryption.

Re:Why not?

[fluffy99]

If waterboarding is not torture, then you are willing, I presume, to undergo it for two or three days? If not, fuck you.

It has no lasting physical damage. And we already do waterboard our own military personnel to instruct them on what they might face if they were captured. Also the people that use it as a technique are required to also have it done to themselves in order to understand the physical and psychological effects is has.

So yeah, I'd be willing to be waterboarded. And like all techniques meant to momentarily weaken your resolve rather than actually hurt you, no I don't consider it torture.

Physical torture no, but it does qualify as psychological torture with potentially long lasting effects. Just check the citations in the wikipedia article http://en.wikipedia.org/wiki/Waterboarding [wikipedia.org]. As such, it's a violation of the Geneva Convention (which the US govt claimed didn't apply). Go get a video of you being waterboarded and we might take you seriously.

Re:You know what immunity means, right?

[Sycraft-fu]

No, not so much. For one, any competent defense attorney will ensure that any immunity offer extends to all related crimes. So suppose you rob a convenience store. In the process of the robbery you hold a gun to the clerk, force them to the floor, and tie them up. There are multiple other crimes there, like assault with a deadly weapon. For any immunity offer, your lawyer would demand it for everything. They aren't going to say "Sure immunity on the robbery charge is fine, never mind that testifying about it will get you convicted of other things." Again if they tried to force it, that would be a 5th amendment violation.

Then there's the fact that related crimes must be tried together because of double jeopardy. The state can't get around that by repeatedly charging you with new crimes for the same event. For example suppose you break in to someone's house, kill them, and burn it down. The state cannot charge you with murder 2, then when you are found not guilty, bring you back with a charge of manslaughter 1, then when that fails charge you with arson, and so on. They can charge you with all those things, but they have to bring it all to trial at the same time if ti was all part of the same crime.

Again: Immunity is NOT some end run around the 5th amendment. If it was, judges would just not allow it. On the prosecution side of the isle, it is not about trying to find tricks or technicalities that allow you to violate someone's rights. The courts don't go for that. They very much require that the spirit of the law be obeyed. You can't come up with a convoluted scheme and then try and say well technically we didn't FORCE him to testify against himself. The judge will say "Nope, you violated his 5th amendment rights, it's all out."

What you may be thinking of is deals, which are different. Trials are expensive, so when possible the state would rather not have one. They'd rather get someone to plead guilty. Often what they'll do in that case is drop various charges. So if you agree to plead to robbery, they drop the assault charges and so on. That is perfectly legal. There is no rights violations, you are pleading guilty, and the agreed upon charges are being dropped.