Finally ...
... a bank that takes encryption seriously!
Cryptographic locks guarding the secret files of a Brazilian banker suspected of financial crimes have defeated law enforcement officials. Brazilian police seized five hard drives when they raided the Rio apartment of banker Daniel Dantas as part of Operation Satyagraha in July 2008. But subsequent efforts to decrypt files …
If I were that conscious about security, I would have a collection of seemingly-important files on a USB drive, one or more of which would be applied to generate a hash for encrypting valued data. Keep a backup somewhere safe and destroy the drive before a suspected apprehension.
Now that's a decent password:
http://www.gutenberg.org/catalog/world/readfile?pageno=205&fk_files=873078
Or, conversely, pick a memorable line / chapter heading from a book and use the URL as a password. (Depends how confident your are on the website maintaining it URL scheme.)
"Or, conversely, pick a memorable line / chapter heading from a book"
Did it ever occur to you that USGOV spends billions per year on SIGINT ? I would not be surprised to see that they have their own web index and their own huge electronic library of the world's books. NSA is THE authoritative source for Arabic (!) Dictionaries, for example. And certainly they have access to whatever Google has scanned in the last few years.
I suggest to invent your own really silly phrase like:
"A japanese chicken went on holiday vacation to see the tower of pisa and to meet a distant relative. There she met a dog and they decided to marry in the vatican. Unfortunately the pope declined this saying the bible would not allow this. A classical story of japanese-italian love".
I read somewhere that a single letter of such nonsense prose contributes about 0,3 bits of entropy. So the above sentence would yield in the order of 80 bits of effective key length. I assume this is out of reach even for USGOV at the moment. 2^80 operations is quite a feat. If you want more bits, just continue the story.
works completely covertly. All they need to do is to tap the wire before Google datacenters. Everybody else, including Google, will think it never happened.
Also, they could just use all their "taps" worldwide to build a huge index. Which certainly includes a ton of email messages, stupid Powerpoint presentations, an large pile of excel files which they intercepted from all those antennas and taps.
They have more money than Google and they have demostrated their competence with SE Linux, so it is reasonable to expect them to also have more servers and harddisks than Google.
If you use truly random words e.g. "Mt. whoa usurp mush naughty huge became" you get much more entropy per letter. That example should be worth 90 bits*. Certainly quicker to type, but which way is actually easier to remember is probably a matter of personal opinion.
*That is, assuming I generated it with the Diceware system (feel free to Google, Bing or Yahoo! it). But I admit I couldn't be bothered to get out my dice and just picked them "randomly" form a list.
"I read somewhere that a single letter of such nonsense prose contributes about 0,3 bits of entropy. So the above sentence would yield in the order of 80 bits of effective key length. I assume this is out of reach even for USGOV at the moment. 2^80 operations is quite a feat. If you want more bits, just continue the story."
I think that should be your phrase...=P
The best way to hide your secret sensitive data from police or others trying to get access to it is to get them fixed on a red herring.
A lot of random data bits encrypted using a known cryptography program and left out in the open should keep them occupied a very long time and keep them from looking for the true data.
Works for mail too. NSA would not be too happy, if we all started sending encrypted garbage to each other at random intervals. You can spend an infinite period trying to decrypt something that doesn't have any meaning in the first place. Meanwhile all the truly sensitive information is send using some other means (like maybe using the random crap in a previous file as a one time decryption key).
"I've noticed that nobody yet has taken a negative stance towards the (allegedly) criminal banker who has (allegedly) stolen money from us (as stealing money from companies inevitably results in ordinary people losing out)."
Possibly it's because people feel that allowing a minority of criminals to escape is an acceptable price for preventing state intrusion into the lives of the majority. It's similar to accepting that some criminals will go free if we have the presumption of innocence but fewer innocent people will be wrongfully convicted.
What happens when most of the criminals are knowledgeable enough to encrypt competently?
My guess is that the current state of affairs is not really all that different from laws that strongly limit the state's access to things like snail mail. Society functioned before with limited law enforcement access to personal correspondence, there is no reason it shouldn't in the future. The new tech just makes convenient for police to claim that things have changed and more access is needed.
Still... I wouldn't want to endlessly privilege privacy over criminal persecution capability _if_ there was a clear cut case for more snooping powers. Which there isn't, at this point.
The negative stance is implied by the fact that he is a banker. Any other misdeeds he has done are just added to the list.
For example, the fact that they lend up to 9 times the money that they actually started with, charging interest on it, which means that there is not actually enough money to pay off all the debt, because that much money does not exist.
Or the sociopathic ways that they treat everyone (customers, suppliers, staff...)
Most people seem to be concentrating on (and impressed by) the fact that the guy knew what he was doing (in any sphere of knowledge, let alone IT!).
I wasn't quite meaning we should be Daily Mail "string 'im up" types, but the comments before were either "Wahay!" or joking. Nobody had started to think that maybe there is somewhere between total state surveillance and just letting people go because they use difficult cyphers. Both are the extreme viewpoints; I don't know what the middle ground is, but maybe a group of people together can come up with a better idea.
It depends a lot on how much you can trust the legal system. The USA is a big country, with a lot going on, and we tend to hear of exceptional events, but those events include a lot of apparently dodgy issuing of search warrants.
On something such as this case, whichever country we're in, can we trust a judge to be more discerning than a plain rubber-stamped signature on a Police request?
And, if the NSA were unleashed on this problem, what could they say in court to prove that what they found was really on the drive? It's a kind of magic?
The UK system isn't all that good, but it's an attempt to get around that little problem. And in the USA one could invoke the Fifth Amendment, though that has pitfalls for the unwary.
In Brazil? Well, any country, this guy likely has enough money for lawyers that you'd have to be careful.
from a purely IT angle this is actually quite interesting in that it goes to prove the value of a good encryption technology and good password hygine (if that's the right phrase) ... so well done that Banker in using technology correctly for a chance (rather than to automate rip-off fees!)
on a more general level though I agree... if he's ripped off money from bank customers that hasn't been recovered then the folks in Brazil need a get a bit more creative in reovering the password... or at least the money.
Then again... don't we all assume banks aren't really in it because they love us...
You are right, of course.
And that's probably because most people here have a small truecrypt file somewhere. For dirty little secrets (ours or someone else's), a pr0n collection (if you happen to live in the UK) or just because we can.
We grew up reading cyberpunk novels. Techies are supposed to be able to use encryption software that the suits can't crack. We are ENTITLED.
Confirmation that a good encryption algorithm and a well chosen key can baffle the feds, pleases us. Thieving bankers, on the other hand, are the order of the day. Hardly newsworrthy.
Funny how the mind works.
Hear, hear. If you are going to steal/embezzle money, don't do something boring with it like properly invest it. You only live once, and money really isn't everything. If your regular life is so terrible that you feel the need for greed, go whole hog.
I have to admit to having less of a soft spot for people who embezzle in order to buy a sports car and a second house. I mean, really? If you are doing it, you will eventually be caught, so live it up while you can.
If you decide on a life of crime, then live fast, die young, and leave a bloated corpse.
Sound investing is for us stodgy types who obey the rules.
.. that slightly less legal methods of extraction will result if the people he ripped money from ever get hold of him.
However, you should see this in context of the greater principle here: citizens now so worried about government interference in their lives that it upvotes what appears to be a criminal.
I like the 180 degree twist here: this is technology that has been used for evil, but can also be used for good. Usually the considerations are the other way round..
in UK we:
a. 'have the right to remain silent' so we don't have to incriminate ourselves... or:
b. 'have to disclose encryption keys if required by law enforcement' or face jail.
it cannot be that both are true. it can olny be either one or the other.
what i need to know is: which one is it then?
DUH !!!
PS: agreed. truecrypt rocks !!
In the UK we lost the right to remain silent during Maggie's era due to the fact that we kept having to let IRA terrorists go because they would go silent as soon as they were arrested - including never saying their name. The first time they would speak would be to friends they met in the Maze prison. You now have a right to remain silent, so long as you understand that the silence can be used as evidence against you. In the case of an encryption key the law is more specific, but if you don't tell them the key, they are allowed to use that fact to deduce that you have naughty stuff in the files.
Now, despite the fact that I was a serving member of the Armed Forces during the troubles and every time I got in my car for about 10 years I had to get on the floor and search underneath it to check for bombs, I vehemently disagree with this policy, but it is the UK law.
Furthermore, in another area of self-incrimination, namely speed cameras, the European Court of Human Rights has ruled that you can be required to self incriminate with speed cameras, despite self-incrimination being ruled out in the ECHR, somewhat like the 5th amendment in the US. I suspect that the encryption law could be taken to the European Court of Human Rights, but I suspect just like speed cameras it would be ruled a permissible law. The ECHR is generally much more flexible than the US constitution.
Is there a brute force indexer somewhere? Something that shows how many possibilities per second per Ghz can be decrypted?
I know I'm safe, my password is insane, but what's the minimum to keep a password safe from a supercomputer for a year or 2... Don't suppose theres a scale for them somewhere?
As while things scale linearly for key space bruteforcing for most people, all bets would be off if the NSA get involved. They aren't just the world's largest employer of mathematicians and user of traditional computer equipment, they have some other tricks up their sleeve.
That's all I would feel confident saying.
There are 2 ways to crack encryption if the algorithm itself has no flaw that permits a key reduction attack (beyond the scope of this post by the way). The first is a brute force attack, the second is a lookup attack.
Starting with the lookup attack. This involves storing a set of possible phrases encrypted with every possible key in a big database that is indexed using a hash. The possible phrases include things like zip file headers, as well as common words and phrases in many languages. All you do then is take every sequential set of bits in the message and look it up in the database. If you get a hit that gives you a possible candidate key, then you decrypt with all candidate keys and you get the message back. It allows you to crack encryption in realtime, and was widely rumoured to be the way that the NSA was reading DES (40 bit and 56 bit). If you have a 256 bit key, and you can store a Gb of data on a drive weighing a gram, then a lookup attack requires a drive so heavy that it will collapse into a black hole.
Now, with a brute-force attack. You can figure out with basic thermodynamics, the minimum energy needed to flip a bit in a state computer. Therefore you can figure out the energy requirements to count through all the keys in a given key length. If you put a Dyson sphere around the sun and trap all its energy for the rest of the Sun's life, you cannot get a state machine to count up to 2^256.
Therefore, to all intents and purposes a 256 bit symmetric key is safe.
As the article points out though, you usually lose out because of an implementation flaw - for example, your encryption key could get left in a swap file, or something similar. Making an algorithm that is perfectly safe is actually kind of tricky. If I was going to try I would have a dedicated machine that ran a cut-down OS where file writes were intercepted and only permitted if certified encrypted; and swap files would be disabled. Then whenever you shut the machine down it would write through memory multiple times with all zeros, all ones and random data. The only thing on the disk would be the OS and encrypted files.
Just my 2p.
is to use something like IronKey or SafeStick which does the key handling and encryption in a hardware layer on the USB and uses a hardware implemented counter to monitor the number of attempts before wiping the device. That doesn't give you the plausible deniability in regimes where it's needed though. Maybe there'll be a truecrypt hardware device at some point.
"is hackable. But I'm not telling you more."
Link or it didn't happen. Schneier found issues with deniable file systems in Truecrypt a couple of years back but I find no record of an IronKey being hacked and I'd guess that someone would like to boast of their achievement unless it were the NSA in which case nobody would openly know.
I only like it for the fact that it works with Linux but others such as the SafeStick seem better with 256 rather than 128-bit encryption. Don't have one though (any design) - bit pricey. MXI (http://www.mxisecurity.com/) seem to do a good variety of kit.
I wouldn't mind seeing a "Bruce Schneier tests drive encryption" group test some time.
"Therefore, to all intents and purposes a 256 bit symmetric key is safe."
No, it's not. What all these posts are assuming is that you have to go through the entire list in order to get to the correct password. You don't. You may actually get lucky first time. It's unlikely given a randomly generated brute force attack, but perfectly possible.
If you have the data then you can come up with a model that would tell you just how long on average you might expect it to take to be able to crack a p/w. Given that the attacks are cleverer than just randomly generating data, then you might (or might not) expect this average time to be less than a random brute force attack.
You can never really KNOW that you've decrypted something. With the right (wrong) key it's possible to decrypt the ciphertext into a brand new plaintext that has nothing to do with the original. The odds of this being possible the closer the key length is to the plaintext length.
"Even if you possibly could run through all the combinations before the sun cooled you'd have to KNOW that you had cracked the encrypted info. Either a human search ! or some smart search algorithm.
So to be really safe double encrypt with 2 different keys"
Bad idea. Really bad idea. With many encryption algorithms this can cause unexpected problems, often weakening the supposed strength.
For example, two rounds of DES encryption (with 2 x 56 bit keys) can be decrypted with a third, unknown, single 56 bit key. You won't know what this is, but finding it will only involve searching 2^56 keys, trivial compared to the intended 2^112 keyspace (~72 quadrillion times larger). This is why 2DES was skipped, and everyone used 3DES instead (one round of DES encryption, one of DES decryption and one more of DES encryption, each with different keys). The resulting strength of 3DES is considered equivalent to 2 x 56 = 112 bits.
Of course, remember you extremely rarely have to search the whole keyspace, as you have an even chance of finding it in the first half...
Depends on the data encrypted, whats more beneficial, 6 months in an open prison (for example) for not disclosing the key, or 10 years (for example) for child porn or plotting a terrorist attack? you work it out.
In any case well done that man for using encryption tech properly, screw the govt suits.
Let's say the Feds did manage to crack the data. Would they want to tell everyone that they did or would it be more in their interest to slide out a deceptive story saying 'Oh no, we can't crack Truecrypt' to discourage others from using something stronger?
Maybe they now have a lot of information that they can use to uncover other evidence which mysteriously seems to have come to light anyhow, nothing to do with that encrypted data, honest.
This post has been deleted by its author
I wonder what the police would like if I made a USB stick with 10 000 differen files, all with different 1000 letter passwords, and a book with those passwords, printed in non computer scanning font.
They may force me to give the passwords, and the usb stick. But they can't force me to show which files contain some incriminating evidence, or if any. And to make it a bit more intresting lets add some nontrivial math problems as part of the passwords. And trivia questions!
That should give a few hundred police officers some very boring months of work. Especially if there's nothing incrimanting in the USB stick.
Another way to make the task bothersome is to use a heavy crypto where crypting is easy but opening is hard. 100 000 files where each one takes 24 hours to open should keep a few supercomputers something else but weather to do for a few years.
My favorite is the hand typing tho. Would at least get a few policemen to learn to type with more than 2 fingers.
"The case is an illustration of how care in choosing secure (hard-to-guess) passwords and applying encryption techniques to avoid leaving file fragments that could aid code breakers are more important in maintaining security than the algorithm a code maker chooses."
True so long as the algorithm is strong enough. AES256 probably is (assuming the NSA don't know something about it which very many expert cryptographers who would earn a very big prize and reputation if they could crack it don't). DES certainly isn't strong enough against an attacker with the resources as described: http://en.wikipedia.org/wiki/Deep_crack
DES is not really "broken". Rather, NSA made sure it has a crippled key length. If you use 168 bits of key and concatenate three DES crypto steps (actually a bit different), you get 112 bits of effective key. Which is out of reach of ANYGOVONEARTH.
I trust 3DES much more than the AES stuff.
Just as Churchill couldn't let it be known that Enigma was compromised, security agencies aren't in a position to let people know they've been cracked. Far better to use the intelligence gained from the crack to lead enforcement agencies to an arrest through more normal means. The benefit is the your clever criminal doesn't just clam up and you should be able to work out a considerable amount about their dealings, leading you to other criminals too. John le Carre's book The Night Manager is essentially an interesting debate on the balancing point of pure intelligence vs enforcement in the illegal arms trade. (It's got a wonderfully written baddie in it too).
Also - so what if people are able to withhold evidence through encryption. At some point they'll want to be paid for their nefarious activities and have to explain where their sudden injection of money comes from. I wonder if that explains the absurd amounts of money people are paying for works of art these days. The parts of the world that don't have some sort of international money laundering detection and extradition treaties are getting smaller.
Finally, in Bruce Schneier's excellent book (Applied Cryptography - I think) he details 7 levels of cryptography from the very silent stuff where the person being investigated has no idea and could have no idea, up to the bluntly titled 'Rubber-hose cryptography' where you beat them with rubber hose until they tell you their password (though I imagine they'd waterboard you these days). I can only imagine that not only is his password hygiene excellent but also every other form of covering his tracks.
Did anyone bother to consider that they can routinely crack Truecrypt, but aren't about to tell anyone and have weighed up the advantages (you get a potential theif) vs the disadvantages (every crim in the world knows not to use Truecrypt.) and decided that the advantages were far outweighed by the disadvantages?
Bear in mind that: Enigma was routinely crackable during the war as was Lorenz, but troops were sent on suicide missions rather than allow the enemy to know that their encryption was cracked. Then there is the Zimmerman telegram...
I don't believe it, I think it's a trick to make us think AES 256 is good enough.
Look back in history, look at all the work was done with encryption, then they cracked down using ITAR, since then, nothing has even compared to the same amount of development we did back then.
It's high time to upgrade our encryption to AES 16384 bit! or better.
...I've got the string.
I could go on, but the point is that given proper conditions, one can make an unbreakable code. It isn't easy, but it can be done. Of course by "unbreakable" one means in something close to historical time.
Also note that the existence of an event (maybe a casual phone call) might be the actual piece of "encrypted" information. Its particular time could be the "bit" (even hours for zero, odd hours for one, just one example).