Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

How Long to Crack an 'Encrypted' HD?

Cliff posted more than 8 years ago | from the incarcerated-without-indictment dept.

Privacy 733

brainburger asks: "In the UK, Tony Blair has recently lost a parliametary vote to allow the police to hold terrorist suspects for 90 days without trial. One of the justifications the police gave for the extension from 14 days to 90 days was that they need the extra 76 days to decrypt the computer hard-drives of suspects. This has been seen by some as the only compelling reason to allow 90 days. The time-limit has been extended to 28 days instead, but Tony Blair insists 90 days is required. Are there really any encryption systems that cannot be cracked in 28 days, but which can be cracked in 90? Aside from the not-much-discussed issue that the police can no longer interrogate a suspect after they are charged, I suspect the police meant unencrypted machines. What do you think?"

Sorry! There are no comments related to the filter you selected.

Before you answer (5, Funny)

denissmith (31123) | more than 8 years ago | (#14004553)

But remember the requirement - 90 days for the POLICE to crack the encryption- I don't know why they don't just make it 'indefinite detention'.

Re:Before you answer (2, Interesting)

Yehooti (816574) | more than 8 years ago | (#14004580)

Is he supposing that national assets be brought into play? I'd hope that they are much better at this than the local police.

Re:Before you answer (2, Insightful)

Ride Jib (879374) | more than 8 years ago | (#14004727)

Right, but being a terror threat, it would be more of a national matter than a local matter, and more intelligent authorities would be brought in.

I think the extended time frame is due to time delay in getting _started_ on the decryption. I assume the authorities are as backed up with work as any other company in the world. There is more that goes into the time-frame than _just_ the decryption (read:Analysis).

Dupe (-1, Troll)

ZaBu911 (520503) | more than 8 years ago | (#14004554)

Dupe.

Re:Dupe (3, Informative)

bennini (800479) | more than 8 years ago | (#14004571)

this is no dupe?!?!!? what are u talking about. the last article stated that blair wanted 90 days.
this article states that he didnt get what he wanted.

quite different if u ask me...and somewhat interesting

Re:Dupe (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14004572)

Poop rhymes with dupe. A nice coorelation to your post.

You idiot. (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14004577)

This is an "Ask Slahsdot" article. Not a YROL article.

Whatever it is... (2, Funny)

Slashdiddly (917720) | more than 8 years ago | (#14004563)

it's longer than the suspect's skull during interrogation

How about Safehouse? (4, Interesting)

kriston (7886) | more than 8 years ago | (#14004565)

I'd love to see how Safehouse from www.pcdynamics.com [pcdynamics.com] will do. Encrypt file-based real drive volumes with AES, Twofish, Blowfish, 3DES, and DES.

Kris

Re:How about Safehouse? (4, Insightful)

Dr Caleb (121505) | more than 8 years ago | (#14004740)

It's not how long it takes to crack, it's how long it takes to make a copy. Then cracking can be at your lesuire.

Re:How about Safehouse? (4, Insightful)

dougmc (70836) | more than 8 years ago | (#14004785)

It's not how long it takes to crack, it's how long it takes to make a copy. Then cracking can be at your lesuire.
Probably an insightful comment, and any single drive can be copied in a few hours. Though the police might have a hard time copying 100+ TB of drives ...

But really, the problem is that the police don't like to release their suspects before they're sure they're not guilty of something. Even if the drives couldn't be copied without decrypting them first, the police could just take the hardware and release it when they're ready, but release the suspect quickly. But they don't want to do that -- he could be a terrorist! (or he could be totally innocent, but of course police don't make that sort of mistake.)

Though personally I think the 90 days thing is just a crock. It's also obviously just those pesky civil rights that are keeping law enforcement from turning this world into a paradise without crime, terrorism or software piracy overnight -- or at least that's sometimes how they seem to act.

Re:How about Safehouse? (0)

Anonymous Coward | more than 8 years ago | (#14004853)

Shouldn't be an issue. As I posted to the last Slashdot story on this topic:

Holding suspects for any amount of time without probable cause is bullshit. A hard drive whose contents is not decipherable (as yet if ever) is not probable cause. It is an unknown. If the police do not have reason to hold an individual aside from a hard drive of unknown content, the police do not have reason to hold an individual.

What this means is that the relative strength or weakness of the encryption on a hard drive is orthogonal to whether a legitimate government interest is served in holding an individual based solely on a hard drive being encrypted and not a separate element which, on its own, reaches to the level of probable cause. It's not fun living in a police state. That, allegedly, is one of the reasons we fight: to insure others don't have to live in a police state. So, please, let's not cede our own governments to that which we claim to be fighting against.

No more AES (5, Funny)

Smarty2120 (776415) | more than 8 years ago | (#14004567)

I'd better not use AES to encrypt my hard drive or I'd guess they can hold me without charge until the sun burns out.

My take on the subject (4, Interesting)

ScrewMaster (602015) | more than 8 years ago | (#14004569)

is that if cracking encrypted hard disks is really that important, it would be better to simply give police enough computer power to crack the encryption in less time and avoid the civil liberties issues. Of course, giving the police that much computer power will eventually guarantee even more civil liberties issues.

Re:My take on the subject (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#14004610)

Paranoid faggot. Lets just try to exploit the slashbot mentaility by pretending to post somthing insightful.

Lets just assume that the police are a bunch of assclowns, just like ScrewMaster. As he's a know memeber of the sheeple clan and a known butthole lover, I hope to hell he dies a horrible death of hemmroid bleedout.

I really hate this guy. If he would only quit making statements as insightful as TripMasterMonkey, Imight learn to respect his terrorist loving ass.

Re:My take on the subject (0)

Anonymous Coward | more than 8 years ago | (#14004631)

I don't think you understand the underlying point; you can't brute force AES in 90 days, or in 90 years, or in the age of the universe for that matter, even if you gather all the computer power in the world in Scotland Yard offices. 256 bits is just too big a keyspace to do something like that. Of course, this assume there's no faster way of breaking the encryption (none are known for AES).

We must also consider the strong possibility that they simply pulled this number (90 days) out of their ass, which wouldn't surprise me one bit.

Re:My take on the subject (1, Insightful)

Anonymous Coward | more than 8 years ago | (#14004675)

You forget that it could take less time to brute force a passphrase.

Why MOD down? (1)

WindBourne (631190) | more than 8 years ago | (#14004739)

This is not a troll. Plain and Simple, if the decryption really is importantant, then throw some boxes at it. The decryption is done in parellel so it is quick. Rather than stealing a person's rights and having them in expensive prison, it is far cheaper to buy the computing power. Or they could do what we did : create the patriot act.

Re:Why MOD down? (0)

Anonymous Coward | more than 8 years ago | (#14004771)

How can this post be a troll?

Re:Why MOD down? (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14004844)

I think it's because Slashdot allows Darwin Award runners-up to moderate.

Re:Why MOD down? (1, Insightful)

Anonymous Coward | more than 8 years ago | (#14004850)

Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition (Paperback)

Please read and stop pretending you have an informed opinion concerning these matters. Preferably in reverse order.

Commisar Blair (0)

Anonymous Coward | more than 8 years ago | (#14004575)

I think that this was yet more control freakery from a government that feels free to execute (no pun intended) a shoot to kill policy against its citizens, lock them away for handing over encryption keys (and if the file is just noise rather than encrypted data, oh well) abolish trial by jury, remove double jeopardy and generally treat us like its property rather than its employers.

Re:Commisar Blair (0)

Anonymous Coward | more than 8 years ago | (#14004856)

Dear British Person,

Welcome to a new kind of tension!

Sincerely,
John Smith
American

Decrypt ~and~ analyze (4, Insightful)

jarich (733129) | more than 8 years ago | (#14004578)

Just cracking it isn't enough. They have to then sift through gigs of data to look for evidence. And that's ignoring stegnography.

Re:Decrypt ~and~ analyze (5, Funny)

needacoolnickname (716083) | more than 8 years ago | (#14004643)

If they didn't stop to look at all the naked pictures I am sure they could get through it much quicker.

Re:Decrypt ~and~ analyze (1)

Phanatic1a (413374) | more than 8 years ago | (#14004712)

Once you've copied the guy's drive, you don't really need to hold onto it for another several months to analyze the data. Give him the drive back, peruse at your leisure, subject to judicial oversight.

Re:Decrypt ~and~ analyze (1)

Genevish (93570) | more than 8 years ago | (#14004729)

And if he's a terrorist, you expect him to wait around while you check the drive?

Forget Decryption (1)

Propaganda13 (312548) | more than 8 years ago | (#14004769)

Windows Machine - No Encryption
What happens if I take a text file, rename it and change the extension to some .dll,.sdb,whatever and drop it deep down into the system possibly replacing a file that's never used.

Would they actually find it? Assuming only basic precautions - turning of recent documents, etc.

Re:Decrypt ~and~ analyze (5, Insightful)

BiggerIsBetter (682164) | more than 8 years ago | (#14004786)

So you're saying I should make the volume unencrypted so they don't hold me long, but use AES encrpyted data stored stenographically within my porn collection so they can't get at my secrets?

Why, that might almost work...

mostly analysis, I suspect (2, Interesting)

SuperBanana (662181) | more than 8 years ago | (#14004792)

Just cracking it isn't enough. They have to then sift through gigs of data to look for evidence.

Mmm...I suspect the issue isn't "cracking"; I think the story poster was hinting at this with the last sentence or two. Chances are "crack" is being used liberally to present it using "terms" something Joe Q Legislator and John Z Public can understand. I would bet it is mostly analysis (or as you put it, "sift through".) Chances are serious criminal investigation units already have custom (ie distributed to several systems, nicely wrapped with scripts and such, etc.) cracking solutions akin to L0phtcrack and John The Ripper, set up and ready to go, on some nice hardware- so that if they need to crack a password for someone's Windows account, they can do so, and quickly. Somehow I doubt that it takes them more than 30 days to do so. There is also a considerable amount they can access without any "cracking."

However, nothing trumps the human rights of the suspect. Here in the US, you have to be released within 24 hours of arrest if you are not charged (well, excepting Patriot Act crap.) Often times the police don't have the evidence yet to hold you on a crime. Unfortunately- that's just too bad! Case/workload isn't the burden of the suspect- it's YOUR burden. If YOU can't analyze the hard drive in the time period someone can be legally held...hire more people to do the analysis, or just suck it up.

In which case, maybe it is deliberately misleading. Ie, "We need 90 days to crack encryption" sounds a lot more unavoidable than "we have such a high workload we can't get through looking at the contents of the disk before 90 days." Not to mention, the latter can also imply quite a bit of incompetence (ie, management hasn't scaled hiring/budget to the problem, or management isn't being effective, or they're all taking 2 hour lunches to watch soccer, etc.)

Is the UK really that backwards? (0)

Anonymous Coward | more than 8 years ago | (#14004581)

Aside from the not-much-discussed issue that the police can no longer interrogate a suspect after they are charged,

Is this true? WTF? Why shouldn't police be able to talk to a suspect after they're charged? Of course, the suspect should have access to legal counsel and have the right to remain silent.

Are they insane?! (5, Insightful)

Blymie (231220) | more than 8 years ago | (#14004582)

1: Today's terrorism is different because attacks do not have political aims and are designed to cause mass casualties, with no warning, involving suicide bombers

Retired senior judge Gerald Butler states: "The mere fact a threat is "completely different" is, of itself, no justification for an extension in the detention laws. But it is true we face a new and terrifying threat in this country."


Not politically motivated?!

What on earth are these people talking about? Good gried, "GET OUT THE MIDDLE EAST, WEST!" sounds _very_ political to me! "STOP MESSING IN OUR AFFAIRS", sounds political to me!

These attacks are completely and totally politically motivated.

The militants in the Middle East, right or wrong, is ABSOLUTELY, COMPLETELY, and TOTALLY in the middle of a political struggle with the West.

Re:Are they insane?! (3, Insightful)

Anonymous Coward | more than 8 years ago | (#14004651)

I'm not sure that such is the case when you consider that the general flow of Islam is into Western Europe and those who are migrating are demanding cultural concessions for their "special" way of life. Behold France which is currently in upheaval because unsatisfied Muslims are striking out at the national culture which has been keeping them down, nevermind the fact that the Muslims themselves segregate themselves from the rest of society by refusing to conform to the culture into which they immigrated.

Now you can say that it's important that they keep their own culture, but when that culture promotes the beating and repression of women, the removing of educational opportunities for all children (boy and girl), and the constant denigration and denunciation of "Western culture" as "whorish", then you begin to wonder what made those good folks decide to migrate in the first place.

So yes, it is a political struggle, in some sense. The Muslims are demanding a political change in Europe from Western-style democracy to Sharia Law. They want the benefits of Western civilization without becoming involved in it. It is a culture war, not a political war. It has very little to do with the Middle East, but rather the expansion of Islam and Wahabi law across the whole of Europe.

I don't think you'll find any reasonable person saying to kick them back to Africa and the Mideast. But you will find that there is a strong resentment among reasonable people towards these freeloaders and complainers who have infiltrated the country and are suddenly trying to turn it into something that it has never been. Concessions should not be forthcoming only from the existing populace. The immigrants should also be prepared to adopt some cultural changes if they wish to migrate.

Re:Are they insane?! (2, Insightful)

Anonymous Coward | more than 8 years ago | (#14004744)

Just in case someone sane is reading that and agreeing, the problem he's talking about is due to inadequate public services being given to areas the French government doesn't like, like immigrant "ghettos", and has nothing to do with the crap he's spouting.

Re:Are they insane?! (1, Informative)

Anonymous Coward | more than 8 years ago | (#14004828)

Behold France which is currently in upheaval because unsatisfied Muslims are striking out at the national culture which has been keeping them down, nevermind the fact that the Muslims themselves segregate themselves from the rest of society by refusing to conform to the culture into which they immigrated.

Many of them became French citizens not through their own choice, but through France's annexation of Algeria. Rather than "migrating", many just moved from one part of "France" to a different part. After independence, moving to Algeria may not have been an option for those who were born and raised in France proper. Even if it was an option, no-one has an obligation to emigrate because of their ethnicity.

Re:Are they insane?! (5, Funny)

iamdrscience (541136) | more than 8 years ago | (#14004666)

No, no, terrorists are just trying to kill us because they're evil, there's no reason they do it, it's just their evil muslim way. Didn't you get the memo?

Re:Are they insane?! (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14004701)

I heard that they hate freedom.

Re:Are they insane?! (1, Insightful)

Anonymous Coward | more than 8 years ago | (#14004810)

I heard that they hate freedom.

That would be funny, if it wern't true.

We are talking about Muslims who blow up other Muslims because they "arn't Muslim (and repressive) enough" (as if they don't already have their work cut out with their holy crusade against all the Chirstians, Jews, Pagans and Heathens in the world).

Political, social and religious freedom is pretty low on their "What I want from Santa" list.

Re:Are they insane?! (2, Interesting)

minus_273 (174041) | more than 8 years ago | (#14004862)

actually they do. One of the things they talk about is the decadence of the west and non muslims in general. That would include bars, clubs, tank-tops, bikinis, beer, wine etc etc. all thing we are free to enjoy.

Re:Are they insane?! (0)

Anonymous Coward | more than 8 years ago | (#14004674)

I wouldn't call it political it is more religious and cultural... "western" secularism and loose/free cultural aspect are seen as the main threat to more radical / extreme right in the middle east.

I will agree that the political aspect does exist internally in many middle eastern countries and redirection of "unrest" against external influence (aka the "west") is used to continue existence of the powers that be in those countries.

Re:Are they insane?! (5, Insightful)

defile (1059) | more than 8 years ago | (#14004716)

Not politically motivated?!

The politician that acknowledges that terrorists are politically motivated would be accepting responsibility for provoking violent retaliation. Much better for their careers if terrorists are portrayed as driven by some kind of insane freedom-hating bloodlust. This way they're more like earthquakes, and who can stop earthquakes? No one.

Re:Are they insane?! (3, Funny)

UserGoogol (623581) | more than 8 years ago | (#14004737)

You assume that politics and insanity are distinct. :)

Re:Are they insane?! (1)

minus_273 (174041) | more than 8 years ago | (#14004846)

"GET OUT THE MIDDLE EAST, WEST!" sounds _very_ political to me! "STOP MESSING IN OUR AFFAIRS", sounds political to me!"

Ah, now it all makes sense. So this is why Hindus in Bali are repeatedly bombed? I'm not sure how Hindu ndoneseans are messing with anyone's affairs aside from being a non muslim in the world's biggest muslim nation. I also don't know how Bali is related or anywhere near the Mid east or any way associated with the west.

Re:Are they insane?! (1)

cfulmer (3166) | more than 8 years ago | (#14004858)

There's a kernel of truth in what you say, but the problem is that it turns into a 'Blame the U.S.' game.

To the extent that the attacks have the political aims you claim, they have been a complete failure, helping to bring about just the opposite of their aims: had 9/11 not happened, Afghanistan would probably still be run by the Taliban, and it's possible that we never would have invaded Iraq (since it would have had much less domestic support). The "I want to be left alone, so I'm going to punch the biggest kid in the schoolyard in the face" approach just doesn't seem to be working.

If you're correct about the motivation, then we should respond to new terrorist attacks by attacking another middle-eastern country. Eventually, the terrorists should clue in. In reality, the best way to get the US out of Iraq would be to stop setting roadside bombs, stop killing innocent Iraqis, &c -- quartering troops in a foreign country is expensive, so as soon as the gov't thinks it's safe to pull most of the troops out, it will.

In any case, going along with your view would be equivalent to allowing our foreign policy with say Germany to be dictated by what some small minority German policital party wants. The terrorists have no right to speak for the people of the Middle East.

What do I think? (5, Insightful)

rezza (677520) | more than 8 years ago | (#14004587)

I think it's a bullshit excuse, that's what I think. With encryption algorithms, we're talking orders of magnitude, and most algorithms that can't be bruteforced in 28 days will take longer than 90. This is just a shitty excuse to get joe public on Tony's side.

Right (1)

Kythe (4779) | more than 8 years ago | (#14004781)

I agree, for the most part.

Assuming there's no data leakage, and assuming the encryption is properly implemented, and assuming a good passphrase is used, I think it's extremely unlikely that anyone will be getting through modern strong encryption within 30 years, much less 3 months.

Of course, that's a fair number of "assumings". 3 months is about the time frame I'd expect it to take to do a full image of a hard drive using a technique like Magnetic Force Microscopy and analyze the results for leaked, overwritten information.

Dupe!!!! (1, Informative)

OxygenPenguin (785248) | more than 8 years ago | (#14004588)

Dupe! Dupe, I say. Seriously, though. This was one of the more commented on stories of the past week. I and other slashdotters are sensing subterfuge.

Re:Dupe!!!! (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14004680)

And I smell penguin anus. Flashy name, asshat. Quit posting here, and school children might quit killing themselves over your flaming insight.

You are and will always be known as the reject sperm donor of society. You may get your $15 for pulling one off, but the staff at the clinic always laughs at you when they throw you retarded chromosones into the toilet.

Do the world a favor and shut the fuck up. Noone wants to hear what you have to say. Noone wants to understand you.

The personality of a toilet turd has more appeal to the general populace than the butt kissing attempts you give towards acceptance. Everyone hates you, your ideas, your words and anything that happens to manifest from these. The smell of cow flatuance is more appealing than your so called wisdom.

Please check into a Motel 6, plug in your vibator, and jump into a full bathtub with your pocket rocket in hand. It may cost us taxpayers to clean up the mess, but it will be a lesser cost to society when you are gone.

As a side note, you mother was a man. You were adopted. And your "parents" love you much less than their real child. The only reason they took you was becuase they thought they were infertile.

Simple answer (4, Funny)

CompuSwerve (792986) | more than 8 years ago | (#14004589)

If you want an unreadable hard drive, you can forget about blowfish, twofish, MD5, SHA, and every other cryptographic solution. There is only one way to do it and one number to remember: 1.21 gigawatts.

Re:Simple answer (4, Funny)

numbski (515011) | more than 8 years ago | (#14004607)

But the only way you could get that kind of power is with a bolt of lightning! Unfortunately, one never knows where or when a bolt of lightning might strike. :\

Re:Simple answer (1)

pdbogen (596723) | more than 8 years ago | (#14004668)

I dunno... Doc Brown could barely build a working super-guitar-amplifier, I don't know if I'd trust him to implement a rigorous mass data encryption scheme.

Re:Simple answer (1)

iamdrscience (541136) | more than 8 years ago | (#14004714)

There is only one way to do it and one number to remember: 1.21 gigawatts.
That's a big power supply, mine's only like 350W. Also, ATA drives use 5V so that's what, 242,000,000 amps, right?

omg (0)

Anonymous Coward | more than 8 years ago | (#14004591)

but ALL my pr0n and warezors are just sitting in the root of my C drive... will i be released early for "good behavior" or "assisting the investigation" of myself?

Cracking passphrase-based keys (5, Insightful)

Rikus (765448) | more than 8 years ago | (#14004596)

Are there really any encryption systems that cannot be cracked in 28 days, but which can be cracked in 90?

Probably, but since encrypted hard drives usually involve a passphrase being converted into a key of suitable length by one-way hash algorithms, why not crack the passphrase instead of the actual key? Even with 256-bit AES (or something like it), a weak passphrase-based key is probably one of the easier ways to go after the data. Of course, if the suspect carries their completely random key around on a USB drive of some sort, that's a different matter.

Re:Cracking passphrase-based keys (5, Insightful)

mhore (582354) | more than 8 years ago | (#14004728)

Probably, but since encrypted hard drives usually involve a passphrase being converted into a key of suitable length by one-way hash algorithms, why not crack the passphrase instead of the actual key? Even with 256-bit AES (or something like it), a weak passphrase-based key is probably one of the easier ways to go after the data. Of course, if the suspect carries their completely random key around on a USB drive of some sort, that's a different matter.

I wish I could mod you up. Very true. This is something I've thought about. Let's say I'm using GPG or something like that. If the Feds come after my files and I've got my secret key lying around on my computer, or even somewhere easy to find, I think it'd be much easier just to crack the passphrase -- because really, there are common things a lot of people do for passwords. Replacing letters by numbers, adding #, !, @, alternating upper-lower case, etc. In the end, for most people, the password is something that is easy to remember, because if it's not, you're either going to have to have a great memory, or write it down somewhere. With this in mind, wouldn't cracking the passphrase be feasible in a smaller amount of time than if it were just brute forced? I honestly don't know -- I'm largely ignorant in that area, but it intrigues me nonetheless.

(I am aware, for the record, that brute forcing a password of any real length... e.g. even 6 or 7 chars long... requires an extraordinary amount of combinations of letters, numbers, and symbols... but if we can group those combinations into smaller units, don't we reduce the number?)

Mike.

Re:Cracking passphrase-based keys (0)

Anonymous Coward | more than 8 years ago | (#14004742)

255 bits is only 32 characters. That's not a very long phrase.

Re:Cracking passphrase-based keys (1)

Rikus (765448) | more than 8 years ago | (#14004816)

I don't think anyone said anything about using a passphrase as the key--only using it to generate the key (a key that shouldn't be thought of as a string characters). Go ahead and use a 4-page essay as your passphrase. It'll still get crammed into the 256-bit (or other fixed-length) key, but it will be harder to find anyway. At some point, I would imagine, it becomes easier to crack the key itself than the text it is generated from, especially taking the message digest overhead of passphrased-based keys into account.

Re:Cracking passphrase-based keys (1)

Courageous (228506) | more than 8 years ago | (#14004765)

That's essentially what they do:

1: they datamine your os, doing things like pulling up favorites, finding "remembered" forms from your favorite browser, and what not.

2: they use that in an intelligent brute force attack against your machine.

It's quite effective.

People are creatures of habit.

C//

Re:Cracking passphrase-based keys (1)

jeepeagle (682756) | more than 8 years ago | (#14004859)

Passphrases may be predictable for regular encrypted documents, but if you had evidence implicating you in a [murder | bombing | evil act of the week] on your machine, I bet you'd have a very strong passphrase.

A better question would be ... (1)

ScrewMaster (602015) | more than 8 years ago | (#14004597)

how long will it take to crack an encrypted HD-DVD or Blu-Ray disc?

The answer is.... (3, Funny)

The Ape With No Name (213531) | more than 8 years ago | (#14004603)

f439f4af0cd24d0d07144ec2f6853d2f

Better question? (5, Funny)

dcapel (913969) | more than 8 years ago | (#14004611)

How long does it take the police to figure out that my drive is not corrupted, it just isn't running Windows.

Re:Better question? (0)

Anonymous Coward | more than 8 years ago | (#14004681)

more like what happens when they find out windows cant read the partitions natively?

Re:Better question? (0)

Anonymous Coward | more than 8 years ago | (#14004724)

I think they would know, don't terrorists use linux anyways? (joke)

They don't need much time at CTU! (5, Funny)

weharc (852974) | more than 8 years ago | (#14004619)

Come on, I've seen them decrypt files and hard drives in a matter of minutes on 24. What are the pommy police up to, maybe they need to start watching it for tips.

Re:They don't need much time at CTU! (4, Funny)

iamdrscience (541136) | more than 8 years ago | (#14004730)

Come on, I've seen them decrypt files and hard drives in a matter of minutes on 24. What are the pommy police up to, maybe they need to start watching it for tips
Yeah, that technology is only available in America. They don't have that type of tech in the UK, obviously.

Re:They don't need much time at CTU! (0)

Anonymous Coward | more than 8 years ago | (#14004847)

They need Chloe to come work for them. Not edgar tho. Cuz he's fucking annoying.

Fabrication (1)

labal (804733) | more than 8 years ago | (#14004629)

Yeah, I guess it takes time to fabricate all the evidence after they've unencrypted the hard drive, sifted through all the Porn, Illegal mp3's, etc.

Other options? (1)

DeadPrez (129998) | more than 8 years ago | (#14004634)

For argument's sake, lets compare this 90 days in confinement to crack the HD to XX amount of time of extraordinary rendition [wikipedia.org] (ie. government condoned torture).

Confinement:
* Lengthy process
* Hardware and Keeping-Up-With-the-Jones investments in (cryptology) technology
* Various specialists and bureaucrats
* Confinement costs
* Innovative technology shift could make policy failure-prone

Extraordinary Rendition:
* Quite probably illegal under international law (which undermines our credibility to enforce international law)
* Moderate costs (flight, personel, etc)
* Creates dependency on undemocratic regimes
* False-positives don't risk mission success
* Likelihood of faster than 90 day turn around much higher (perhaps reduced to hours or days)
* Possible torture of someone who truly doesn't know passphrase

Any other options besides these two?

Because it looks like status quo is the winning choice. That would be choosing both. You can even publically say you are for confinement only, and then secretly use extraordinary rendition when it suits your national-defense purposes. This also may avoid sticky international objections.

Disk Imaging? (0, Redundant)

Anonymous Coward | more than 8 years ago | (#14004637)

Wow. Why not just take out the hard disk, stick it in another computer, copy the disk to an image, put the suspect's hard drive back, and let him out as early as day 1, taking your sweet time to decrypt the hard drive?

Isn't this a lot safer than just turning on a computer that might be rigged to start shredding data after, say, 3 invalid password guesses?

Re: Disk Imaging? (0, Redundant)

Black Parrot (19622) | more than 8 years ago | (#14004708)

> Wow. Why not just take out the hard disk, stick it in another computer, copy the disk to an image, put the suspect's hard drive back, and let him out as early as day 1, taking your sweet time to decrypt the hard drive?

I think the point is that they want to be free keep the suspect in custody until they have some actual evidence that he's a criminal.

IMO, if the only evidence they have is "maybe there's something on his disk drive", they shouldn't be arresting him in the first place.

Re:Disk Imaging? (1)

Kythe (4779) | more than 8 years ago | (#14004825)

It depends upon the imaging.

Assuming they're not worried about whoever it is taking off, your point is a valid one. But if the type of imaging we're talking about is more than simply copying the data (e.g. analyzing the disk using a microscope, in order to look for overwritten data), then you're likely talking several months to run the process.

Irrelevant (1)

John Hasler (414242) | more than 8 years ago | (#14004638)

> Are there really any encryption systems that cannot be cracked in
> 28 days, but which can be cracked in 90?

Doesn't matter. They are always going to come up with some reason why they need just a bit more time.

What hell business do they have arresting people to begin with if they don't have evidence? (Yes, that's a rhetorical question.)

They're welcome to try it (0)

Anonymous Coward | more than 8 years ago | (#14004640)

Ive got a 300GB external hard drive encrypted with dm-crypt, using the serpent algorithm.

Cracking that would take more time/resources than any prosecution against me would be worth.

On the other hand, my encryption is passphrase-based ATM, so they could run a dictionary/bruteforce attack on the passphrase.

But that will soon change.

My next step is to use an SD card for my crypto key. A key of, oh, 2-5MB should be sufficiently hard to bruteforce ;)

Then I shall have teh uncrackable drive!! buahahah

The only downside to having an encrypted external drive - stupid family members. Im worried that someone will plug it into a windows box and go "hmmm..its not formatted. Id better format it."

Re:They're welcome to try it (1)

amliebsch (724858) | more than 8 years ago | (#14004743)

Doesn't putting your key on a tangible medium introduce a weak link? To have security, you now need to have sufficient time to completely and utterly destroy your key. At least with a memorized phrase, they need to go through the trouble of the attack.

Re:They're welcome to try it (4, Informative)

meowsqueak (599208) | more than 8 years ago | (#14004764)

Beware if you come to New Zealand and are arrested over your HDD. The defense of Not Incriminating Yourself no longer applies to electronic encryption and passwords and you will be charged with something like obstructing justice or worse. My understanding is you could end up in prison for twelve months simply by refusing to decrypt your data.

90 days? (0)

Anonymous Coward | more than 8 years ago | (#14004641)

I am sure this 90 days is only to figure out how to crack it from detainees. If its the police doing it all themselves, I am sure it will take forever -:)

Shame on you! (1)

ElNerdoJorge (923041) | more than 8 years ago | (#14004642)

"[B]ut Tony Blair insists 90 days is required."
At least conjugate your verbs right.
Yo-soy
Tu-eres
El/Ella/Usted-es
Ustedes-son
Nosotros-SoMoS

Pwnt in Spanish.

Re:Shame on you! (1)

meowsqueak (599208) | more than 8 years ago | (#14004755)

The "90 days" in this context might be singular if he was insisting the words "ninety days" be part of the legislation. However if he is actually asking for ninety days then it's plural.

I'm amazed at how the UK is handling this (5, Interesting)

defile (1059) | more than 8 years ago | (#14004649)

The United Kingon approaches counter-terrorism as part of a criminal investigation and has to deal with due process of law. Hence the debate over extending detention from 14 days to 90 days.

The United States approaches counter-terrorism as military action and the President signs an executive order that allows for indefinite detainment of suspects.

Fascinating. The UK has much more experience dealing with domestic terrorism -- did they originally overreact as well or are the two circumstances different from the get-go?

Re: I'm amazed at how the UK is handling this (3, Insightful)

Black Parrot (19622) | more than 8 years ago | (#14004691)

> The United States approaches counter-terrorism as military action ...against a country unrelated to the problem.

> and the President signs an executive order that allows for indefinite detainment of suspects.

It's a sad day when executive orders trump the constitution.

Re:I'm amazed at how the UK is handling this (1)

John Hasler (414242) | more than 8 years ago | (#14004749)

> ...the President signs an executive order that allows for
> indefinite detainment of suspects.

Such detention is not allowed in the US.

Re:I'm amazed at how the UK is handling this (5, Informative)

defile (1059) | more than 8 years ago | (#14004758)

Such detention is not allowed in the US.

In case you're not being sarcastic, you might be shocked to read about Jose Padilla [chargepadilla.org] .

you almost said... (0)

Anonymous Coward | more than 8 years ago | (#14004799)

United Klingon

Re:I'm amazed at how the UK is handling this (2, Interesting)

Anonymous Coward | more than 8 years ago | (#14004811)

The United Kingon approaches counter-terrorism as part of a criminal investigation and has to deal with due process of law.

Maybe you should ask Gerry Conlon [wikipedia.org] about "due process" in the UK?

Not to say the US policies are sane, but many of the strident critics around here seem to have selective amnesia when it comes to other countries doing the same or worse in fighting terrorism.

It's BS (0)

Anonymous Coward | more than 8 years ago | (#14004650)

Old policy: Arrest the suspect, interview, release if no evidence.

New policy: Arrest the suspect, interview, if no evidence, hope something turns up in the next 89/27 days to charge them with.

And the reason you know it's BS... the guy who fled abroad after being interviewed by police regarding 7/7 bombings -- he was held for 2 days (even though they could have held him for 14) before being released.

Also don't kid yourself about how the places people will be held are like... it was in the paper's yesterday, basically GITMO-lite, despite a massive investment in rebuilding the station for terrorist suspects. After 28 days in there, I suspect virtually anybody will confess to virtually anything.

Anybody remember the Guildford 4? Birmingham 6?

Real Reason (1)

rabel (531545) | more than 8 years ago | (#14004671)

Is it takes about 90 days for a full-on facial beating and ass raping to heal up.

A good way to bankrupt someone? (1)

mikael (484) | more than 8 years ago | (#14004688)

The danger is what happens if an innocent person is caught by accident. Say some business person is visiting the UK from abroad. All a competitor has to do is suggest that there is something dodgy on his laptop. Naturally, this "tip" will be kept confidential, but the person will be locked up for 90 days. In this amount of time, he may have lost his job and home.

Britain has already shot dead one innocent man, and arrested a peaceful protestor using anti-terrorism legislation.

Likely (1)

Sir_Sri (199544) | more than 8 years ago | (#14004690)

Possibly there are. Its pretty dubious to assume the police could start cracking any given computer the moment they get it. if they have a computer that is speed X and can crack a machine in 90 days from the moment they get it, it would (assuming the problem is roughly linear, which brute force it is) need one 3.21 x as fast to crack it in 28 days. There may be other legal issues I'm not aware of, not being British. I could well see that the police can confiscate your computer, but may have various proceedures they need to follow about investigating it. For example, if you arrest someone for murder, and confiscate their computer, then find they have been looking at illegal pornography, which does not appear to be related to murder, can you then use that information separately? Can you just look at any old thing on the computer? What about material which may be private, not pertinent, are you even allowed to look at it (say naked pictures of you and your wife), what happens if that gets disclosed to the public? There may not be anything illegal on the computer, but that doesn't mean you want its contents on the public record.

Lets say from the day it arrives it takes a week to get looked at, 3 more to 'crack' it somehow, after that they need to still analyse the data they have, which they may or may not need permission to look at etc... So I can see it taking more than 14 days certainly, and possibly more than 28 days, and even there up to 90 days. That does not however, mean I can see why you would need to keep a suspect in custody for that many days without charge. If the person is suspected of a computer crime, well, you have their computer (and perhaps I can see being allowed to keep the computer 90 days), if its something not specifically computer related, you should have some other evidence.

Didn't they read the download agreement? (1)

caller9 (764851) | more than 8 years ago | (#14004746)

These algorithms aren't supposed to be exported. It says so right on the strong encryption agreement info. "If you are darker than this flesh colored crayon, you may not download the software. You are not made of flesh and therfore surrender all rights to privacy." Aren't encryption algorithms exponentially harder to break once you add one letter, or even a new subset to the password brute-forcing system? Oh crap, they must've used capitals it's going to take longer than 30 days Mr. Prime Minister. There are OSS tools to cascade several algorithms making it huge number * huge number * huge number * X^infinity possibilities that you'll ever know what was planned 6,000,000,000 years ago by some dumbass...or his porn collection contents.

DMCA? (2, Funny)

killtherat (177924) | more than 8 years ago | (#14004747)

So they are attempting to crack encryption of a device that contain copyright'ed material (if this guy saved his email, then anything he wrote should be automatically copyrighted). Isn't this a violation of the DMCA?
I know I'm probably missing some technicality, but it's a fun thought argument.

How long? (2, Funny)

kramthegram (918152) | more than 8 years ago | (#14004751)

Hell, with a good hammer it only takes one swing! ... What's everybody looking at me for?

How long? (1)

StikyPad (445176) | more than 8 years ago | (#14004774)

Uhh.. off the top of my head, worst case would be

(A / B) x 86400 = C

where A is the keyspace, B is keys per second, and C is the answer in days. I'd assume the average time would be half that if the keys follow a normal distribution.

Of course B is dependant on the computer(s) used, and A is dependant on whomever encrypted the data. Since B is classified, and A is unknown, you can just pick an arbitrary value for C.

90 days (1)

techrunner (897148) | more than 8 years ago | (#14004779)

There is no way that some computer programmer is going to spend 90 days trying to crack each hard drive that comes through. That means each computer scientist could only look at 4 hard drives a year. That would cost a fortune!

I think they will detain somebody. Wait 89 days, send the hard drive to someone, and then look at the result.

Rubber Hose attack.... (2, Insightful)

trurl7 (663880) | more than 8 years ago | (#14004806)

Seriously, they have the guy for 90 days! It takes alot less to just beat his password out of him.

What's that I hear you say? You can't do that in a free country? Holding a person for 90 days without charging him with anything is a new and interesting definition of the word "free".

"Freedom. You keep using that word. I do not think it means what you think it means"

Ever wonder why Orwell set 1984 in GB? Now you know.

The legal issue of obstructing justice (1)

Neo-Rio-101 (700494) | more than 8 years ago | (#14004832)

Considering encryption exists that cannot be broken during one's lifetime, it makes more sense to keep suspects detained indefinitely until they provide police the means to decrypt data required for an investigation.

That's assuming that there is enough evidence present to suggest that encrypted information exists on the media in question.... which you can't check until you decrypt it in the first place.

*sigh*

I mean, it would kind of suck if the police thought you had encrypted information on a hard disk - when in fact you just finished shredding the data with a DoD wipe and all they could see was random data... confusing it for encrypted information.

just put $sys in front of your terror documents (0)

Anonymous Coward | more than 8 years ago | (#14004842)

how are you gonna decrypt something you don't see :D

This sounds like a bogus excuse (5, Informative)

Kaemaril (266849) | more than 8 years ago | (#14004849)

Hold on. Anyone remember the Regulation of Investigatory Powers 2000 [wikipedia.org] Act? Isn't it an offence - punishable by a prison sentence - to not hand over encryption keys? If they need to crack it, they can just tell the suspect to hand over his key(s). If he/she doesn't, he goes down for more than 90 days anyway ...

This is stupid (4, Interesting)

damiam (409504) | more than 8 years ago | (#14004854)

IIRC it's a crime in Britain to refuse to hand over encryption keys when required by the police. So why don't they just seize the hard drives and ask for the key? If the suspect gives it up, all is well. If he refuses, then the police don't need to hold him without charge for even one day, much less 90, because they now have a charge to pin on him.

Hello!! (0)

Anonymous Coward | more than 8 years ago | (#14004861)

Why is it necessary to detain someone while their hardrive is being decrypted?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?