How Long to Crack an 'Encrypted' HD? 733
brainburger asks: "In the UK, Tony Blair has recently lost a parliametary vote to allow the police to hold terrorist suspects for 90 days without trial. One of the justifications the police gave for the extension from 14 days to 90 days was that they need the extra 76 days to decrypt the computer hard-drives of suspects. This has been seen by some as the only compelling reason to allow 90 days. The time-limit has been extended to 28 days instead, but Tony Blair insists 90 days is required. Are there really any encryption systems that cannot be cracked in 28 days, but which can be cracked in 90? Aside from the not-much-discussed issue that the police can no longer interrogate a suspect after they are charged, I suspect the police meant unencrypted machines. What do you think?"
How about Safehouse? (Score:4, Interesting)
Kris
My take on the subject (Score:5, Interesting)
Re:Before you answer (Score:2, Interesting)
I'm amazed at how the UK is handling this (Score:5, Interesting)
The United Kingon approaches counter-terrorism as part of a criminal investigation and has to deal with due process of law. Hence the debate over extending detention from 14 days to 90 days.
The United States approaches counter-terrorism as military action and the President signs an executive order that allows for indefinite detainment of suspects.
Fascinating. The UK has much more experience dealing with domestic terrorism -- did they originally overreact as well or are the two circumstances different from the get-go?
mostly analysis, I suspect (Score:3, Interesting)
Mmm...I suspect the issue isn't "cracking"; I think the story poster was hinting at this with the last sentence or two. Chances are "crack" is being used liberally to present it using "terms" something Joe Q Legislator and John Z Public can understand. I would bet it is mostly analysis (or as you put it, "sift through".) Chances are serious criminal investigation units already have custom (ie distributed to several systems, nicely wrapped with scripts and such, etc.) cracking solutions akin to L0phtcrack and John The Ripper, set up and ready to go, on some nice hardware- so that if they need to crack a password for someone's Windows account, they can do so, and quickly. Somehow I doubt that it takes them more than 30 days to do so. There is also a considerable amount they can access without any "cracking."
However, nothing trumps the human rights of the suspect. Here in the US, you have to be released within 24 hours of arrest if you are not charged (well, excepting Patriot Act crap.) Often times the police don't have the evidence yet to hold you on a crime. Unfortunately- that's just too bad! Case/workload isn't the burden of the suspect- it's YOUR burden. If YOU can't analyze the hard drive in the time period someone can be legally held...hire more people to do the analysis, or just suck it up.
In which case, maybe it is deliberately misleading. Ie, "We need 90 days to crack encryption" sounds a lot more unavoidable than "we have such a high workload we can't get through looking at the contents of the disk before 90 days." Not to mention, the latter can also imply quite a bit of incompetence (ie, management hasn't scaled hiring/budget to the problem, or management isn't being effective, or they're all taking 2 hour lunches to watch soccer, etc.)
Re:I'm amazed at how the UK is handling this (Score:2, Interesting)
Maybe you should ask Gerry Conlon [wikipedia.org] about "due process" in the UK?
Not to say the US policies are sane, but many of the strident critics around here seem to have selective amnesia when it comes to other countries doing the same or worse in fighting terrorism.
This is stupid (Score:5, Interesting)
Re:Are they insane?! (Score:2, Interesting)
Re:Why MOD down? (Score:3, Interesting)
Plain and Simple, anything that is not going to be handled in under 2 weeks, will not be handled in the next 90 days, or 90 year years. So arguing that you need 90 days to try and decrypt is false. The only thing that could be argued is that the cops do not have the time to process what they have so they need a longer time. Well, if that is the case, than more CPU power is what is needed.
My suggestion to you (most likely IFWM), is that you get a clue and some manners.
Re:Cracking passphrase-based keys (Score:2, Interesting)
Anyway, I think PGP uses SHA-1 to convert your passphrase into a 160-bit hash key (i.e. any passphrase you use is converted into a 160-bit value). Ideally, no two passphrases generate the same key, but in practice it's possible to find a collision in an average case time of 2^80 iterations... difficult, but computationally feasible.
I'm not sure how related to the current discussion this is, but I suppose that 2^80 random attempts should produce a matching passphrase, even if it isn't the original passphrase.
William Stallings' "Cryptography and Networking Security" has a good treatment of the vulnerabilities in MD5 and SHA-1, although it doesn't mention the relatively recent MD5 collision vulnerability (search
Re:The answer is.... (Score:3, Interesting)
Re:Are they insane?! (Score:3, Interesting)
Did The UK Overreact In The Past? (Score:3, Interesting)
If we reach out beyond the UK proper, and look at how the British dealt with insurgents in Kenya, Malaysia, and southern Yemen, they largely went the military route. Worked in the first two, not so much in Yemen.
Re:They're welcome to try it (Score:3, Interesting)
cat Recording1.mp3 + echo "Password One" + cat Recording2.mp3 + echo "Password Two" + cat Recording3.mp3 | sha1sum | decrypt_my_hard_drive
That's very much like a book cipher [wikipedia.org]. A book cipher can be *very* strong (almost like a one-time cipher) *if* the source text is sufficiently rare (or obscure).
Now, imagine that the police seize my notebook. They see that my hard drive is encrypted and needs a 256-bit key. Where are they going to get the key? Is it simply a password? Is there some sort of key file? Is the key on the notebook? Is it on the SD in my phone? Or the SD in my camera? Or the half-dozen floppies I have in my notebook bag? Or one of the dozen or more CD's that are in my notebook bag? In this case, it's the combination of 3 different MP3's and two passwords. It could have just as easily have come from any number of different pieces of media: a file on a floppy, CD and SD card, plus an arbitrary number of passwords kept *only* in my head.
Or how about selecting three graphics from popular websites? Imagine selecting three common topic icons on Slashdot such as the "Borg Bill", Broken Windows and the privacy binoculars. If you view Slashdot regularly, those files would appear in your cache: no big deal. But use *those* as keys! Just hope someone doesn't update the graphics! :) Even better: you're the webmaster for some website. Of course, you browse that website. Use graphics in your browser's cache from *there*: you know if the graphics will change! And the fact that these graphics are in your cache is perfectly natural. No one has the resources to hash every possible combination of three graphics in your browser's cache, especially with passwords between them.
At that point, I'm not worried about them getting my key without help from somewhere: they're sure not brute-forcing it like a simple passphrase. I'm not worried about them brute-forcing a full-strength modern encryption algorithm. However, there are at least two things about which I *do* need to be worried: 1) Was the encryption algorithm implemented properly, without unintentional weaknesses or even intentional back-doors? 2) Was my key somehow cached somewhere to be found? This area could be the biggest issue: the command line I used is in the history, pieces of the data used to make up my key (or the key itself!!) were swapped to disk at some point and could be used to help reconstruct the key, etc. Even if investigators only knew which files made up my key, that would be *devistating* to my security. Now I'm back to something only slightly more complex than a straightforward password!
Security is not simple. If large and powerful governments can't keep data secure from motivated enemies (and the entire history of the Cold War bears this out), I think that there is near zero chance for individuals to do the same.
Re:How about Safehouse? (Score:2, Interesting)
Re:My take on the subject (Score:3, Interesting)
Re:My take on the subject (Score:3, Interesting)
Every hoop that the police must jump though will save us all from harrassment.
LK
Re:Cracking passphrase-based keys (Score:3, Interesting)
Started trying some obvious phrases that didn't work, then pulled his IE cache and used some of those. Then went "Holy Sh*t".
Criminals are, pretty much by definition, people that want more than they're making legally and lack either the imagination or the patience required to achieve the goal. This is not a personality type particularly conducive to not getting caught.
Pug
Re:Pardon the obvious... (Score:2, Interesting)
Probably more like: (Score:4, Interesting)
90 days won't give them enough time to crack the key, but it will make you think really hard about giving them the passphrase so they let you go.
Re:Before you answer (Score:5, Interesting)
The police in the UK have far too much power as it is. Of all the democratic countries in the world we're the closest to a police state. Tony Bliar even had police chiefs lobbying on his behalf for this 90 day detention (see many of today's UK newspapers)! Police are not supposed to be involved with politics!
To give you an idea of the power they already have. I was walking home a couple of months ago. Two policeman pulled over and arrested me. The reason? I was wearing similar clothes to a burglar. Apparently fawn is a very unusual colour for a suit (it was bought from Marks & Spencer so yeah really rare). I was locked up. Because I had been arrested, the police are allowed to search my home WITHOUT A WARRANT! My wife was in the bath, heard a noise and discovered 3 policeman in our hallway. This was the first she'd heard of my arrest.
I was finally released (and my trousers returned!) when a detective sergeant decided I couldn't possibly have done it. I was, as I had told all the officers I encountered, in a meeting in another town with 10 other people and all of us have security clearance!
The police have far too many powers already! They should be cut back, not extended.
Re:How about Safehouse? (Score:2, Interesting)
I forgot the password Your Honour!
Now prove I haven't. Also you have to remember that real terrorists probably have quite strong convictions and wouldn't easily give up a password that would damage their cause.
Re:Cracking passphrase-based keys (Score:1, Interesting)
Actually, the 2^80 iterations are the so called birthday attack which has the following objective: Find 2 random strings that have the same hash.
This does not match the objective here, which is a pre-image objective: Given a hash, find a string that produces that hash. Even worse, the pre-image is unknown.
Re:Before you answer (Score:3, Interesting)
Re:Whatever it is... (Score:2, Interesting)
It's one of the relatively few applications where torture actually works, because you can immediately and objectively verify the answers you get. Not so with questions like "who are your accomplices?" where you tend to eventually get the answers you want to hear, whether they're true or not.
Re:Before you answer (Score:3, Interesting)
Very good point :-)). But surely the terrorist are not stupid and if they know that the detention period would be now 90 days, then they'll use longer keys, encrypt things a few times, etc. hence bringing the time to decrypt the hard drive to something more like 1 year.
Would we then be prepared to support detention for one year without a charge?!? I know I won't. The police simply has to work around the hard drive encryption, when collecting evidence.
Re:Before you answer (Score:3, Interesting)
"CNSSP-15 correctly states that 192-bit AES keys are sufficient for protecting even TOPSECRET information. However, Suite B uses only 256-bit keys to enhance interoperability." -- http://www.nsa.gov/ia/industry/crypto_suite_b.cfm
Re:Are they insane?! (Score:3, Interesting)
Re:Before you answer (Score:3, Interesting)
There is a BIG difference between being questioned and being arrested and having your house searched unexpectedly without a warrant with your wife, presumably naked, in the bath by three strange men.
Also take into account that this was only burglary. A crime against property, not against people. There is not immediacy in arresting such a person. Shake them down, ask them for an alibi. This guy seems to be a professional/business type, and not a burglar. Aside from the high end burglar that knows what they are looking for, burglars are typically just a parasite. Someone short on cash for some reason or another who is looking for a quick buck. (Correct me if I'm wrong between the distinction between burglars in the US and England).
In this case, here are my problems.
1) immediate arrest with the only evidence being that he dressed like the guy in question
2) immediate search of the home without a warrant.
I don't dress that uniquely. I don't want to get arrested for it. I've had my car ransacked by the police twice, both times were within their rights (kinda), and its still not cool because they are not very concerned with your property during or after the search. They just turn stuff inside out. I've had to police come to my house a few times for suspecting things of me or neighbor complaints or whatever. They never arrested me, nor was my property searched.
Contrary to how it sounds, I really try to stay away from the police, but they seem to like me for some reason, but they have not gotten too out of hand with me yet. Lied to me, hassled me, tried to intimidate me, arrest me. Yeah, thats part of their job and personal adrenaline requirements. Fine.
But the two above mentioned things are wrong. In the US things are a little different because many of the citizens are armed. Especially at their home. Also we are lawsuit happy. Both of these things help keep things in check. Most people are pussies, but if the police state thing keeps increasing, its going to get messy.
90 days gets past many, many things. (Score:3, Interesting)
Well... yes, and no. 90 days gives sufficient time for an dedicated attack that should break anything that will be breakable: the human-factors attacks.
- There'll be multiple encrypted files, particularly if they are encrypting their communications (guilty or not guilty). Each one would need 90 days.
Very few of even the most paranoid cypherpunks I know use multiple keys; I don't know any who use more than five. If you crack one file, you've probably figured out the key the suspect uses for at least 20% of the data.
- They'll not know the encryption algorithm in all cases, so would need to try every one. Each one would need 90 days.
Not necessarily. There would be a few leading suspects; generally starting with any crypto software with signs of ever being installed on the hard drive, along with a couple really widely used ones. (GPG/PGP, OS X's FileVault, a couple others). Unless you're dealing with the hacker equivalent of the Unibomber-- a lone genius working in isolation-- you're probably dealing with a widely shared algorithm. Furthermore, while many of the messages can't be decrypted, many standard encryption methods put enough metadata in to allow identifying the algorithm.
- There are HUNDREDS of encryption algorithms that use such large keys that you can't realistically expect to crack the password in 90 years, let alone 90 days.
True. But most people don't use raw keys; memorizing a pair of 600 hexit prime numbers is a bit of a challenge. Most people use a password. Clever ones use a passphrase. And 90 days gives you time for a seriousdictionary attack. Of course, 90 days isn't enough time for breaking the password of a professional paranoid; but the cops are looking for something the suspect could have memorized... which may limit the scope. In 90 days, a high-end single-CPU ought to be able to crack any 8 character password. A phrase dictionary could tie up a few more machines trying for something longer. A search of every piece of paper in the suspects entire apartment might also be fruitful... but I don't think either US or UK powers allow that without SOME other evidence.
And it's still possible to take one and write your own with an even longer key. (The details of which would be secret so they couldn't crack it in the first place anyway).
Actually, this might be what the police are hoping for. Most crypto systems developed by amateurs are "easily" broken by professionals. Of course, by "easily', I mean "in a month or so".
Myself, when I'm feeling paranoid, I use GPG from a bootable CD on a non-networked PC, a 4096 bit keypair with the private key stored on a USB flash drive I carry (two backup copies exist, located... er, hither and yonder), with the passphrase to access the private key being a simple number.
Of course, by "simple", I mean "a prime number 25 base-sixteen hexits long". I estimate a dedicated planet-wide effort might crack it in 100 years... most of which time should be devoted to developing a quantum computer for a direct assault on the RSA algorithm.