Jump to content

Youth Jailed For Not Handing Over Encryption Password

MRGRIM

By MRGRIM
in Everything Else

 Share

Recommended Posts

Infiltrator Newbie

Infiltrator

Posted
Posted (edited)
only 16 weeks for kiddy porn? maybe cause they dont have the evidence. i bet if they crack that file hes fucked.

If they can crack it! It all depends on the size of the key used to encrypt the files.

If the keys are way too long, then the police is fucked with no hard evidence.

Edit: Way to hide the evidence +10, great work dude.

Edited by Infiltrator
Link to comment
Share on other sites
deleted Newbie

deleted

Posted
Posted
It's a great way of bypassing a greater charge. Multi-year sentance + sex offenders register + "special" prison or 16 weeks in with the shoplifters.

I was just thinking this, because he cannot be charged again for not revealing the password for the same file after he is released.

However, he will now be known as the guy who avoided paedophilia charges through not revealing the password which carries its own social penalties.

Link to comment
Share on other sites
cooper Newbie

cooper

Posted
Posted (edited)

I'm pretty certain this guy's still fucked. He's been jailed for 16 weeks for hindering an investigation or whatever, but I didn't see anything to suggest that after those 16 weeks everything will be hunkydori, he'll get his machines back along with his half-empty box of cleenex and be sent on his merry way.

The dumb-ass mistake he made is that the encrypted bit on his machine was found and he is now required to allow investigators access to it because the search warrant compels him to do so. He refuses, probably because he knows that the stuff contained in there will land him in a world of trouble. What he should've done was create a big-ass TrueCrypt file with a hidden container inside it. Stuff the regular container with a bunch of the most sick, depraved (but very much LEGAL) porn you can find. The kind that any person would be terribly embarrassed about if found out. Stuff the hidden container with the ILLEGAL porn you possess. Make sure the checkbox that prevents the main container from overwriting the hidden container due to space constraints is turned off so the existence of the hidden container can't be proven by simply filling up the regular container.

The end result would be that if asked about the TrueCrypt container, he could provide the password and thus comply with the search warrant. Act dumb when asked about any hidden container ("You can do that? Why would anybody want to do that?"). The sick stuff in the regular container would explain the need for an encrypted storage - you don't want ANYBODY to realise just what a sick, depraved little fuck you are. They won't be able to prove that a hidden container is in the main container either, so as long as you keep your sensitive files in there and only in there, the worst that can happen is that it gets overwritten in an attempt to prove that the hidden container is there. And I'm sure that's a much more preferable situation than this guy's current situation...

Edited by Cooper
Link to comment
Share on other sites
VaKo Newbie

VaKo

Posted
Posted

Well lets be honest, for the average guy having an encrypted archive full of gay porn would be enough to have a plausible reason for an encrypted archive. It's plausible that you would resist handing over the password to something like that until you were being threatened with jail time. In in guy terms, its also plausible that the police would stop looking once they hit that. And thus, would probally that your archive of stolen nuclear secrets/kiddy porn would go undetected. There is no need to have a collection of scat porn on your machine, which would label you as a pervert rather than someone who is experiencing issues with there sexuality.

Link to comment
Share on other sites
SomeoneE1se Newbie

SomeoneE1se

Posted
Posted

They MIGHT have a copy, remember cops are not tech inclined. They may have been

"give us the password"

"nope"

"well that's that, it's now unhackable"

a better idea would be to just seize the computer and guy, make a disk img, implant a recording device into the computer, demand password (smoke screen), release guy and return computer. If he's dumb he'll enter the password to view the content if he's not he'll just delete it and then you have him for destruction of evidence.

Link to comment
Share on other sites
luke Newbie

luke

Posted
Posted

"Police say they are still trying to crack the password."

..Of course they have to say that, but seriously - with realistic estimates of how much police resources would be allocated to cracking a 50 character passphrase, does the kid have much to worry about?

Link to comment
Share on other sites
Guest Deleted_Account

Guest Deleted_Account

Posted
Posted

"Police say they are still trying to crack the password."

..Of course they have to say that, but seriously - with realistic estimates of how much police resources would be allocated to cracking a 50 character passphrase, does the kid have much to worry about?

Very true which is why i use encryption. Well there are two things really:

1) If they were being nice and I had no implication in the crime whatso ever OR I was the only one that could help them track down a criminal i would supply the password (and change it after)

2)If i could possibly be implicated as an "accomplice" or such I would use it as leverage for immunity and then hand it over to the police :P

I use 50+ char ASCII password on my FDE :) AES-256 bit in XTS mode lets see them get that :) Not to mention backups are encrypted on a file by file biases and then sealed in a AES-TWOFish-serpent encrypted partition on my 1 TB external HDD with another 50+ char ASCII password + 4 key files and has a hidden volume as well! Kiss my ass Law enforcement!

Link to comment
Share on other sites
psydT0ne Newbie

psydT0ne

Posted
Posted

Imagine the public reaction if the cops said yeah we've cracked the password already...you're going to jail fuck knuckle.

Consider the implications if the authorities publicly admitted that they had the ability to crack strong encryption?

Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted

Bravo, +10 X942

Link to comment
Share on other sites
luke Newbie

luke

Posted
Posted
Consider the implications if the authorities publicly admitted that they had the ability to crack strong encryption?

At the present time it's purely a question of computational power. The cops can set a whole farm of computers working on cracking an encryption key, but even if they get lucky and find it, they won't have "solved" any real problem - they'd have to start right back at square 1 following the exact same algorithms to crack another key.

Hypothetically speaking, if the cops were to crack the key in the case of this article they would have to handle the situation very gingerly, as I'm sure the public would expect them to be able to crack the keys of every defiant criminal from then on.

I've not done my homework on the subject but apparently quantum computing may bring encryption-cracking into the realm of feasibility, the implications of which I can only imagine (HTTPS anyone? :unsure: )

Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted
I've not done my homework on the subject but apparently quantum computing may bring encryption-cracking into the realm of feasibility, the implications of which I can only imagine (HTTPS anyone? :unsure: )

If Quantum computing existed, most encryption nowadays would be easily broken. However I found this very interesting article about Quantum Encryption, which claims to be 100% uncrackable.

http://spectrum.ieee.org/computing/it/quan...ography-cracked

Link to comment
Share on other sites
SomeoneE1se Newbie

SomeoneE1se

Posted
Posted
If Quantum computing existed, most encryption nowadays would be easily broken. However I found this very interesting article about Quantum Encryption, which claims to be 100% uncrackable.

http://spectrum.ieee.org/computing/it/quan...ography-cracked

yeah, and 640K ought to be enough for anybody.

Quantum computing just solves P=NP

Link to comment
Share on other sites
okiwan Newbie

okiwan

Posted
Posted
They MIGHT have a copy, remember cops are not tech inclined. They may have been

"give us the password"

"nope"

"well that's that, it's now unhackable"

a better idea would be to just seize the computer and guy, make a disk img, implant a recording device into the computer, demand password (smoke screen), release guy and return computer. If he's dumb he'll enter the password to view the content if he's not he'll just delete it and then you have him for destruction of evidence.

http://www.skoutforensics.com/products-pro.php

if there computer department is any good, then they have equipment like this, an they have a copy of his HD.

Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted
yeah, and 640K ought to be enough for anybody.

Quantum computing just solves P=NP

Apparently, its been proven that you can break Quantum encryption, the flaw does not lie in the software itself but in the hardware itself.

http://events.ccc.de/congress/2009/Fahrpla...ts/3576.en.html

Link to comment
Share on other sites
SomeoneE1se Newbie

SomeoneE1se

Posted
Posted
http://www.skoutforensics.com/products-pro.php

if there computer department is any good, then they have equipment like this, an they have a copy of his HD.

Only an idiot (read: someone who has no idea what they're doing) would buy that, or anything like it. ANY linux live CD + a usb HDD and you just dd yourself an img.

Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted
Only an idiot (read: someone who has no idea what they're doing) would buy that, or anything like it. ANY linux live CD + a usb HDD and you just dd yourself an img.

After you created the image, comes the hard part decrypting the hard drive itself.

Link to comment
Share on other sites
SomeoneE1se Newbie

SomeoneE1se

Posted
Posted (edited)
After you created the image, comes the hard part decrypting the hard drive itself.

maybe you should go back and read my suggestion

the human aspect of computer security is the weakest and should always be your first target, meanwhile you can have your super computers running a BF attack in the background... what's that you don't have a few super computers sitting around doing nothing? well that's too bad, try to crack the human element.

Edited by SomeoneE1se
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...