Silk Road forums
Discussion => Security => Topic started by: Baraka on August 15, 2013, 09:18 am
-
Clearnet link: http://www.wired.com/threatlevel/2013/08/feds-crack-encrypted-drives/
Federal authorities have cracked two encrypted drives they say are filled with child pornography, leading to an arrest in an ongoing case that shows the limits of encryption and highlights a novel legal issue in which the government has been trying to force the defendant to decrypt the drives to aid his prosecution.
Investigators arrested Jeffrey Feldman in Wisconsin on Tuesday and accuse him of three counts of receiving and possessing child pornography.
The arrest came months after the authorities told a federal judge they were unable to decrypt the drives and needed the defendant to disclose his passwords — pitting the constitutional right against compelled self-incrimination against the government’s need to access data. In June, the authorities urged the court to demand that Feldman fork over his passcodes, saying the suspect could “forget his passwords.”
FBI agent Chadwick Elgersma said in court documents filed Tuesday that seven more drives await decryption. It remains unclear whether the judge presiding over the case will order Feldman to decrypt them.
Elgersma said in an arrest affidavit that investigators cracked two Western Digital My Book Essential external hard drives they believe were used with a Dell Inspiron 530 personal desktop running Windows 7. Authorities suspect thousands of files on the drives are child pornography, the agent said.
The authorities did not say what type of encryption Feldman used. But the case illustrates that encryption isn’t foolproof and that the authorities are making headway cracking encryption.
“The investigation is ongoing and the FBI is still working on decrypting Feldman’s remaining seven encrypted drives,” Elgersma wrote. (.pdf)
Authorities believe Feldman downloaded child pornography on the file-sharing e-Donkey network. They seized several drives and a computer from his suburban Milwaukee apartment with a search warrant in January. A federal magistrate had ordered Feldman to decrypt the drives, but because of procedural grounds, reversed his decision and the legal flap continues.
Though rare, decryption orders are likely to become more common as the public increasingly embraces technology that comes standard on most operating systems. Decryption orders have never squarely been addressed by the Supreme Court, despite conflicting opinions in the lower courts.
Among the last times an encryption order came up in court was last year, when a federal appeals court rejected an appeal from a bank-fraud defendant who has been ordered to decrypt her laptop so its contents could be used in her criminal case. The issue was later mooted for defendant Romano Fricosu as a co-defendant eventually supplied a password.
Whether a defendant forgets the password is another story.
That issue, too, has never been addressed in court. But judges usually view forgetfulness “as a sham or subterfuge that purposely avoids giving responsive answers.”
It doesn't say which encryption algorithm was used. It was probably a shit poor one implemented by Western Digital. See here (clearnet again): http://computersciencelabs.blogspot.ca/2010/11/256-bit-based-hardware-encryption-on-wd.html
-
It's more likely that he used a shitty password. The password crackers are getting really good. They iterate on dictionary words, so turning your password from "potato" to "p0t4to34" isn't much help.
Here's an Ars Technica article about it:
http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/
-
This should be obvious, but here's some advice for when you need to choose a secure password:
has at least 30 characters;
has uppercase letters;
has lowercase letters;
has numbers;
has symbols, such as ` ! " ? $ ? % ^ & * ( ) _ - + = { [ } ] : ; @ ' ~ # | \ < , > . ? /
is not like your previous passwords;
is not your name;
is not your login;
is not your friend’s name;
is not your family member’s name;
is not a dictionary word;
is not a common name;
is not a keyboard pattern, such as qwerty, asdfghjkl, or 12345678.
-
Awesome article. Thanks!
Here's a simple graphic I found very recently which illustrates your point perfectly: https://xkcd.com/936/ (clearnet link)
Update: stupid me. The xkcd comic is on the last page!! lol
It's more likely that he used a shitty password. The password crackers are getting really good. They iterate on dictionary words, so turning your password from "potato" to "p0t4to34" isn't much help.
Here's an Ars Technica article about it:
http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/
-
Yep, pass phrases composed of works are stronger and easier to remember than character strings.
Here's what I wrote about it before:
http://dkn255hz262ypmii.onion/index.php?topic=106496.msg730353#msg730353
-
Really great stuff!!
Here's more (clearnet): http://www.explainxkcd.com/wiki/index.php?title=936:_Password_Strength
There's even a password strength checker linked from there.
-
Really great stuff!!
Here's more (clearnet): http://www.explainxkcd.com/wiki/index.php?title=936:_Password_Strength
There's even a password strength checker linked from there.
Excellent thank you for the post.
-
Even with the 30 characters long password, you don't think they'd still crack it and reveal what's on the drive?>
-
Every character added increases the difficult of decrypting exponentially.
-
He probably had a guessable password.
-
Ch1ldP0rn I'm guessing.
-
lol!!! ;D
Ch1ldP0rn I'm guessing.