... a bank that takes encryption seriously!
Cryptographic locks guarding the secret files of a Brazilian banker suspected of financial crimes have defeated law enforcement officials. Brazilian police seized five hard drives when they raided the Rio apartment of banker Daniel Dantas as part of Operation Satyagraha in July 2008. But subsequent efforts to decrypt files …
If I were that conscious about security, I would have a collection of seemingly-important files on a USB drive, one or more of which would be applied to generate a hash for encrypting valued data. Keep a backup somewhere safe and destroy the drive before a suspected apprehension.
Now that's a decent password:
Or, conversely, pick a memorable line / chapter heading from a book and use the URL as a password. (Depends how confident your are on the website maintaining it URL scheme.)
"Or, conversely, pick a memorable line / chapter heading from a book"
Did it ever occur to you that USGOV spends billions per year on SIGINT ? I would not be surprised to see that they have their own web index and their own huge electronic library of the world's books. NSA is THE authoritative source for Arabic (!) Dictionaries, for example. And certainly they have access to whatever Google has scanned in the last few years.
I suggest to invent your own really silly phrase like:
"A japanese chicken went on holiday vacation to see the tower of pisa and to meet a distant relative. There she met a dog and they decided to marry in the vatican. Unfortunately the pope declined this saying the bible would not allow this. A classical story of japanese-italian love".
I read somewhere that a single letter of such nonsense prose contributes about 0,3 bits of entropy. So the above sentence would yield in the order of 80 bits of effective key length. I assume this is out of reach even for USGOV at the moment. 2^80 operations is quite a feat. If you want more bits, just continue the story.
works completely covertly. All they need to do is to tap the wire before Google datacenters. Everybody else, including Google, will think it never happened.
Also, they could just use all their "taps" worldwide to build a huge index. Which certainly includes a ton of email messages, stupid Powerpoint presentations, an large pile of excel files which they intercepted from all those antennas and taps.
They have more money than Google and they have demostrated their competence with SE Linux, so it is reasonable to expect them to also have more servers and harddisks than Google.
If you use truly random words e.g. "Mt. whoa usurp mush naughty huge became" you get much more entropy per letter. That example should be worth 90 bits*. Certainly quicker to type, but which way is actually easier to remember is probably a matter of personal opinion.
*That is, assuming I generated it with the Diceware system (feel free to Google, Bing or Yahoo! it). But I admit I couldn't be bothered to get out my dice and just picked them "randomly" form a list.
"I read somewhere that a single letter of such nonsense prose contributes about 0,3 bits of entropy. So the above sentence would yield in the order of 80 bits of effective key length. I assume this is out of reach even for USGOV at the moment. 2^80 operations is quite a feat. If you want more bits, just continue the story."
I think that should be your phrase...=P
The best way to hide your secret sensitive data from police or others trying to get access to it is to get them fixed on a red herring.
A lot of random data bits encrypted using a known cryptography program and left out in the open should keep them occupied a very long time and keep them from looking for the true data.
Works for mail too. NSA would not be too happy, if we all started sending encrypted garbage to each other at random intervals. You can spend an infinite period trying to decrypt something that doesn't have any meaning in the first place. Meanwhile all the truly sensitive information is send using some other means (like maybe using the random crap in a previous file as a one time decryption key).
"I've noticed that nobody yet has taken a negative stance towards the (allegedly) criminal banker who has (allegedly) stolen money from us (as stealing money from companies inevitably results in ordinary people losing out)."
Possibly it's because people feel that allowing a minority of criminals to escape is an acceptable price for preventing state intrusion into the lives of the majority. It's similar to accepting that some criminals will go free if we have the presumption of innocence but fewer innocent people will be wrongfully convicted.
What happens when most of the criminals are knowledgeable enough to encrypt competently?
My guess is that the current state of affairs is not really all that different from laws that strongly limit the state's access to things like snail mail. Society functioned before with limited law enforcement access to personal correspondence, there is no reason it shouldn't in the future. The new tech just makes convenient for police to claim that things have changed and more access is needed.
Still... I wouldn't want to endlessly privilege privacy over criminal persecution capability _if_ there was a clear cut case for more snooping powers. Which there isn't, at this point.
The negative stance is implied by the fact that he is a banker. Any other misdeeds he has done are just added to the list.
For example, the fact that they lend up to 9 times the money that they actually started with, charging interest on it, which means that there is not actually enough money to pay off all the debt, because that much money does not exist.
Or the sociopathic ways that they treat everyone (customers, suppliers, staff...)
Most people seem to be concentrating on (and impressed by) the fact that the guy knew what he was doing (in any sphere of knowledge, let alone IT!).
from a purely IT angle this is actually quite interesting in that it goes to prove the value of a good encryption technology and good password hygine (if that's the right phrase) ... so well done that Banker in using technology correctly for a chance (rather than to automate rip-off fees!)
on a more general level though I agree... if he's ripped off money from bank customers that hasn't been recovered then the folks in Brazil need a get a bit more creative in reovering the password... or at least the money.
Then again... don't we all assume banks aren't really in it because they love us...
I wasn't quite meaning we should be Daily Mail "string 'im up" types, but the comments before were either "Wahay!" or joking. Nobody had started to think that maybe there is somewhere between total state surveillance and just letting people go because they use difficult cyphers. Both are the extreme viewpoints; I don't know what the middle ground is, but maybe a group of people together can come up with a better idea.
It depends a lot on how much you can trust the legal system. The USA is a big country, with a lot going on, and we tend to hear of exceptional events, but those events include a lot of apparently dodgy issuing of search warrants.
On something such as this case, whichever country we're in, can we trust a judge to be more discerning than a plain rubber-stamped signature on a Police request?
And, if the NSA were unleashed on this problem, what could they say in court to prove that what they found was really on the drive? It's a kind of magic?
The UK system isn't all that good, but it's an attempt to get around that little problem. And in the USA one could invoke the Fifth Amendment, though that has pitfalls for the unwary.
In Brazil? Well, any country, this guy likely has enough money for lawyers that you'd have to be careful.
You are right, of course.
And that's probably because most people here have a small truecrypt file somewhere. For dirty little secrets (ours or someone else's), a pr0n collection (if you happen to live in the UK) or just because we can.
We grew up reading cyberpunk novels. Techies are supposed to be able to use encryption software that the suits can't crack. We are ENTITLED.
Confirmation that a good encryption algorithm and a well chosen key can baffle the feds, pleases us. Thieving bankers, on the other hand, are the order of the day. Hardly newsworrthy.
Funny how the mind works.
Hear, hear. If you are going to steal/embezzle money, don't do something boring with it like properly invest it. You only live once, and money really isn't everything. If your regular life is so terrible that you feel the need for greed, go whole hog.
I have to admit to having less of a soft spot for people who embezzle in order to buy a sports car and a second house. I mean, really? If you are doing it, you will eventually be caught, so live it up while you can.
If you decide on a life of crime, then live fast, die young, and leave a bloated corpse.
Sound investing is for us stodgy types who obey the rules.
.. that slightly less legal methods of extraction will result if the people he ripped money from ever get hold of him.
However, you should see this in context of the greater principle here: citizens now so worried about government interference in their lives that it upvotes what appears to be a criminal.
I like the 180 degree twist here: this is technology that has been used for evil, but can also be used for good. Usually the considerations are the other way round..
in UK we:
a. 'have the right to remain silent' so we don't have to incriminate ourselves... or:
b. 'have to disclose encryption keys if required by law enforcement' or face jail.
it cannot be that both are true. it can olny be either one or the other.
what i need to know is: which one is it then?
PS: agreed. truecrypt rocks !!
In the UK we lost the right to remain silent during Maggie's era due to the fact that we kept having to let IRA terrorists go because they would go silent as soon as they were arrested - including never saying their name. The first time they would speak would be to friends they met in the Maze prison. You now have a right to remain silent, so long as you understand that the silence can be used as evidence against you. In the case of an encryption key the law is more specific, but if you don't tell them the key, they are allowed to use that fact to deduce that you have naughty stuff in the files.
Now, despite the fact that I was a serving member of the Armed Forces during the troubles and every time I got in my car for about 10 years I had to get on the floor and search underneath it to check for bombs, I vehemently disagree with this policy, but it is the UK law.
Furthermore, in another area of self-incrimination, namely speed cameras, the European Court of Human Rights has ruled that you can be required to self incriminate with speed cameras, despite self-incrimination being ruled out in the ECHR, somewhat like the 5th amendment in the US. I suspect that the encryption law could be taken to the European Court of Human Rights, but I suspect just like speed cameras it would be ruled a permissible law. The ECHR is generally much more flexible than the US constitution.
Is there a brute force indexer somewhere? Something that shows how many possibilities per second per Ghz can be decrypted?
I know I'm safe, my password is insane, but what's the minimum to keep a password safe from a supercomputer for a year or 2... Don't suppose theres a scale for them somewhere?
As while things scale linearly for key space bruteforcing for most people, all bets would be off if the NSA get involved. They aren't just the world's largest employer of mathematicians and user of traditional computer equipment, they have some other tricks up their sleeve.
That's all I would feel confident saying.
There are 2 ways to crack encryption if the algorithm itself has no flaw that permits a key reduction attack (beyond the scope of this post by the way). The first is a brute force attack, the second is a lookup attack.
Starting with the lookup attack. This involves storing a set of possible phrases encrypted with every possible key in a big database that is indexed using a hash. The possible phrases include things like zip file headers, as well as common words and phrases in many languages. All you do then is take every sequential set of bits in the message and look it up in the database. If you get a hit that gives you a possible candidate key, then you decrypt with all candidate keys and you get the message back. It allows you to crack encryption in realtime, and was widely rumoured to be the way that the NSA was reading DES (40 bit and 56 bit). If you have a 256 bit key, and you can store a Gb of data on a drive weighing a gram, then a lookup attack requires a drive so heavy that it will collapse into a black hole.
Now, with a brute-force attack. You can figure out with basic thermodynamics, the minimum energy needed to flip a bit in a state computer. Therefore you can figure out the energy requirements to count through all the keys in a given key length. If you put a Dyson sphere around the sun and trap all its energy for the rest of the Sun's life, you cannot get a state machine to count up to 2^256.
Therefore, to all intents and purposes a 256 bit symmetric key is safe.
As the article points out though, you usually lose out because of an implementation flaw - for example, your encryption key could get left in a swap file, or something similar. Making an algorithm that is perfectly safe is actually kind of tricky. If I was going to try I would have a dedicated machine that ran a cut-down OS where file writes were intercepted and only permitted if certified encrypted; and swap files would be disabled. Then whenever you shut the machine down it would write through memory multiple times with all zeros, all ones and random data. The only thing on the disk would be the OS and encrypted files.
Just my 2p.
is to use something like IronKey or SafeStick which does the key handling and encryption in a hardware layer on the USB and uses a hardware implemented counter to monitor the number of attempts before wiping the device. That doesn't give you the plausible deniability in regimes where it's needed though. Maybe there'll be a truecrypt hardware device at some point.
"is hackable. But I'm not telling you more."
Link or it didn't happen. Schneier found issues with deniable file systems in Truecrypt a couple of years back but I find no record of an IronKey being hacked and I'd guess that someone would like to boast of their achievement unless it were the NSA in which case nobody would openly know.
I only like it for the fact that it works with Linux but others such as the SafeStick seem better with 256 rather than 128-bit encryption. Don't have one though (any design) - bit pricey. MXI (http://www.mxisecurity.com/) seem to do a good variety of kit.
I wouldn't mind seeing a "Bruce Schneier tests drive encryption" group test some time.
"Therefore, to all intents and purposes a 256 bit symmetric key is safe."
No, it's not. What all these posts are assuming is that you have to go through the entire list in order to get to the correct password. You don't. You may actually get lucky first time. It's unlikely given a randomly generated brute force attack, but perfectly possible.
If you have the data then you can come up with a model that would tell you just how long on average you might expect it to take to be able to crack a p/w. Given that the attacks are cleverer than just randomly generating data, then you might (or might not) expect this average time to be less than a random brute force attack.
You can never really KNOW that you've decrypted something. With the right (wrong) key it's possible to decrypt the ciphertext into a brand new plaintext that has nothing to do with the original. The odds of this being possible the closer the key length is to the plaintext length.
"Even if you possibly could run through all the combinations before the sun cooled you'd have to KNOW that you had cracked the encrypted info. Either a human search ! or some smart search algorithm.
So to be really safe double encrypt with 2 different keys"
Bad idea. Really bad idea. With many encryption algorithms this can cause unexpected problems, often weakening the supposed strength.
For example, two rounds of DES encryption (with 2 x 56 bit keys) can be decrypted with a third, unknown, single 56 bit key. You won't know what this is, but finding it will only involve searching 2^56 keys, trivial compared to the intended 2^112 keyspace (~72 quadrillion times larger). This is why 2DES was skipped, and everyone used 3DES instead (one round of DES encryption, one of DES decryption and one more of DES encryption, each with different keys). The resulting strength of 3DES is considered equivalent to 2 x 56 = 112 bits.
Of course, remember you extremely rarely have to search the whole keyspace, as you have an even chance of finding it in the first half...
Depends on the data encrypted, whats more beneficial, 6 months in an open prison (for example) for not disclosing the key, or 10 years (for example) for child porn or plotting a terrorist attack? you work it out.
In any case well done that man for using encryption tech properly, screw the govt suits.
Let's say the Feds did manage to crack the data. Would they want to tell everyone that they did or would it be more in their interest to slide out a deceptive story saying 'Oh no, we can't crack Truecrypt' to discourage others from using something stronger?
Maybe they now have a lot of information that they can use to uncover other evidence which mysteriously seems to have come to light anyhow, nothing to do with that encrypted data, honest.
This post has been deleted by its author
I wonder what the police would like if I made a USB stick with 10 000 differen files, all with different 1000 letter passwords, and a book with those passwords, printed in non computer scanning font.
They may force me to give the passwords, and the usb stick. But they can't force me to show which files contain some incriminating evidence, or if any. And to make it a bit more intresting lets add some nontrivial math problems as part of the passwords. And trivia questions!
That should give a few hundred police officers some very boring months of work. Especially if there's nothing incrimanting in the USB stick.
Another way to make the task bothersome is to use a heavy crypto where crypting is easy but opening is hard. 100 000 files where each one takes 24 hours to open should keep a few supercomputers something else but weather to do for a few years.
My favorite is the hand typing tho. Would at least get a few policemen to learn to type with more than 2 fingers.
"The case is an illustration of how care in choosing secure (hard-to-guess) passwords and applying encryption techniques to avoid leaving file fragments that could aid code breakers are more important in maintaining security than the algorithm a code maker chooses."
True so long as the algorithm is strong enough. AES256 probably is (assuming the NSA don't know something about it which very many expert cryptographers who would earn a very big prize and reputation if they could crack it don't). DES certainly isn't strong enough against an attacker with the resources as described: http://en.wikipedia.org/wiki/Deep_crack
DES is not really "broken". Rather, NSA made sure it has a crippled key length. If you use 168 bits of key and concatenate three DES crypto steps (actually a bit different), you get 112 bits of effective key. Which is out of reach of ANYGOVONEARTH.
I trust 3DES much more than the AES stuff.
Just as Churchill couldn't let it be known that Enigma was compromised, security agencies aren't in a position to let people know they've been cracked. Far better to use the intelligence gained from the crack to lead enforcement agencies to an arrest through more normal means. The benefit is the your clever criminal doesn't just clam up and you should be able to work out a considerable amount about their dealings, leading you to other criminals too. John le Carre's book The Night Manager is essentially an interesting debate on the balancing point of pure intelligence vs enforcement in the illegal arms trade. (It's got a wonderfully written baddie in it too).
Also - so what if people are able to withhold evidence through encryption. At some point they'll want to be paid for their nefarious activities and have to explain where their sudden injection of money comes from. I wonder if that explains the absurd amounts of money people are paying for works of art these days. The parts of the world that don't have some sort of international money laundering detection and extradition treaties are getting smaller.
Finally, in Bruce Schneier's excellent book (Applied Cryptography - I think) he details 7 levels of cryptography from the very silent stuff where the person being investigated has no idea and could have no idea, up to the bluntly titled 'Rubber-hose cryptography' where you beat them with rubber hose until they tell you their password (though I imagine they'd waterboard you these days). I can only imagine that not only is his password hygiene excellent but also every other form of covering his tracks.
Did anyone bother to consider that they can routinely crack Truecrypt, but aren't about to tell anyone and have weighed up the advantages (you get a potential theif) vs the disadvantages (every crim in the world knows not to use Truecrypt.) and decided that the advantages were far outweighed by the disadvantages?
Bear in mind that: Enigma was routinely crackable during the war as was Lorenz, but troops were sent on suicide missions rather than allow the enemy to know that their encryption was cracked. Then there is the Zimmerman telegram...
I don't believe it, I think it's a trick to make us think AES 256 is good enough.
Look back in history, look at all the work was done with encryption, then they cracked down using ITAR, since then, nothing has even compared to the same amount of development we did back then.
It's high time to upgrade our encryption to AES 16384 bit! or better.
...I've got the string.
I could go on, but the point is that given proper conditions, one can make an unbreakable code. It isn't easy, but it can be done. Of course by "unbreakable" one means in something close to historical time.
Also note that the existence of an event (maybe a casual phone call) might be the actual piece of "encrypted" information. Its particular time could be the "bit" (even hours for zero, odd hours for one, just one example).
This post has been deleted by a moderator
Messaging app Telegram, which came to prominence for offering end-to-end encryption that irritated governments, has celebrated passing 700 million active monthly users with a pastel-hued announcement: a paid Premium tier of service.
A Sunday post celebrates the 700 million user milestone by announcing a $4.99/month tier. The Premium tier distinguishes itself from the freebie plebeian tier with the ability to upload 4GB files, unthrottled downloads that come as fast as users' carriers will allow, and the chance to follow up to 1000 channels, create up to 20 chat folders each containing up to 200 chats, and to run four accounts in the Telegram app.
Paying punters will also get exclusive stickers and reactions and won't see ads once they sign up to hand over coin each month.
Analysis Startup QuSecure will this week introduce a service aimed at addressing how to safeguard cybersecurity once quantum computing renders current public key encryption technologies vulnerable.
It's unclear when quantum computers will easily crack classical crypto – estimates range from three to five years to never – but conventional wisdom is that now's the time to start preparing to ensure data remains encrypted.
A growing list of established vendors like IBM and Google and smaller startups – Quantum Xchange and Quantinuum, among others – have worked on this for several years. QuSecure, which is launching this week after three years in stealth mode, will offer a fully managed service approach with QuProtect, which is designed to not only secure data now against conventional threats but also against future attacks from nation-states and bad actors leveraging quantum systems.
Another ransomware strain is targeting VMware ESXi servers, which have been the focus of extortionists and other miscreants in recent months.
ESXi, a bare-metal hypervisor used by a broad range of organizations throughout the world, has become the target of such ransomware families as LockBit, Hive, and RansomEXX. The ubiquitous use of the technology, and the size of some companies that use it has made it an efficient way for crooks to infect large numbers of virtualized systems and connected devices and equipment, according to researchers with Trend Micro.
"ESXi is widely used in enterprise settings for server virtualization," Trend Micro noted in a write-up this week. "It is therefore a popular target for ransomware attacks … Compromising ESXi servers has been a scheme used by some notorious cybercriminal groups because it is a means to swiftly spread the ransomware to many devices."
Proposed European regulations that purport to curb child abuse by imposing mass surveillance would be a "disaster" for digital privacy and strong encryption, say cybersecurity experts.
A number of options have been put forward for lawmakers to mull that aim to encourage or ensure online service providers and messaging apps tackle the "detection, removal, and reporting of previously-known and new child sexual abuse material and grooming."
These options range from voluntary detection and reporting of child sexual abuse material (CSAM) and grooming, to legally mandating that service providers find and report such material using whatever detection technology they wish — essentially scanning all private communications and, if necessary, breaking end-to-end (E2E) encryption for everyone.
US president Joe Biden issued two directives on Wednesday aimed at ensuring the nation – and like-minded friends – remain ahead of other countries in the field of quantum computing. Especially as applied to cryptography.
The first directive, an Executive Order, creates a National Quantum Initiative Advisory Committee comprising up to 26 experts from industry, academia, and federal laboratories – all appointed by the president and under the authority of the White House. The committee is an enhancement to the National Quantum Initiative Act – a 2018 law that provides $1.2 billion and a plan for advancing quantum tech.
The other directive is a memorandum designed to promote US leadership in quantum computing while mitigating risks to cryptographic systems.
Kaspersky has found a vulnerability in the Yanluowang ransomware encryption algorithm and, as a result, released a free decryptor tool to help victims of this software nasty recover their files.
Yanluowang, named after a Chinese deity and underworld judge, is a type of ransomware that has been used against financial institutions and other firms in America, Brazil, and Turkey as well as a smaller number of organizations in Sweden and China, Kaspersky said yesterday. The Russian security shop said it found a fatal flaw in the ransomware's encryption system and those afflicted can get a free fix to restore their scrambled data.
Symantec's threat hunters uncovered this Windows ransomware strain in the fall and said unknown fiends have been using it to infect US corporations since at least August 2021.
End-to-end encryption (E2EE) has become a global flashpoint in the ongoing debate between the security of private communications versus the need of law enforcement agencies to protect the public from criminals.
The Register has written at length about this increasingly strident back-and-forth that is seeing proponents of both sides more entrenched in their beliefs.
London-based think tank the Royal United Services Institute (RUSI) released a report [PDF] this week laying out the contours of the privacy-vs-safety debate, weighing the needs and exploring possible solutions.
OpenSSH 9 is here, with updates aimed at dealing with cryptographically challenging quantum computers.
The popular open-source SSH implementation aims to provide secure communication in a potentially unsecure network environments. While version 9 is ostensibly focused on bug-fixing, there are some substantial changes lurking within that could catch the unwary, most notably, the switch from the legacy SCP/RCP protocol to SFTP by default.
The OpenSSH group warned the change was coming earlier this year, with a deprecation notice in February's version 8.9 release. Experimental support for transfers using the SFTP protocol as a replacement for the SCP/RCP protocol turned up in version 8.7 in August 2021 with the warning: "It is intended for SFTP to become the default transfer mode in the near future."
IBM has unveiled a cloud-based key management service that should make it easier for organizations to manage encryption keys across complex multi-cloud hybrid environments, as well as on-premises.
The new support comes in the form of the Unified Key Orchestrator, a multi-cloud key management product sold as a managed service as part of IBM's Cloud Hyper Protect Crypto Services.
Many organizations have by now adopted a multi-cloud strategy, hosting workloads in the most advantageous location, whether that is in a public cloud or in the organization's own datacenter.
House Democrats on Monday plan to introduce a law bill that calls for the development of an electronic version of the US dollar that has the same legal status and privacy expectations as physical currency.
The bill, titled Electronic Currency and Secure Hardware (ECASH) Act, would direct the US Treasury Department to establish a program to coordinate the development and implementation of e-cash and the technology necessary to support it, such as cryptographic hardware.
Sponsored by Rep Stephen Lynch (D-MA), Chairman of the Task Force on Financial Technology, and by Rep Jesús "Chuy" García (D-IL), who serves on the Committee on Financial Services, the ECASH Act represents a response to recent calls by the US Federal Reserve and the Biden administration to promote the development of digital assets.
Biting the hand that feeds IT © 1998–2022