• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

Archived

This topic is now archived and is closed to further replies.

Not even FBI was able to decrypt files of Daniel Dantas

Recommended Posts

brentaal    404

Not even FBI was able to decrypt files of Daniel Dantas

The FBI failed to break the encryption code of hard drives seized by federal police at the apartment of banker Daniel Dantas, in Rio de Janeiro, during Operation Satyagraha. The operation began in July 2008. According to a report published on Friday (25) by the newspaper Folha de S. Paulo, after a year of unsuccessful attempts, the U.S. federal police returned the equipment to Brazil in April.

According to the report, the fed only requested help from USA in early 2009, after experts from the National Institute of Criminology (INC) failed to decode the passwords on the hard drives. The government has no legal instrument to compel the manufacturer of the American encryption system or Dantas to give the access codes.

The equipment will remain under the protection of the feds. INC expect that new research data or technology could help them break the security codes. Opportunity Group reported that the two programs used in the equipment are available online. One is called Truecrypt and is free. The programs were used due to suspected espionage.

According to the report, the FBI and the INC used the same technology to try to break the password. It is a mechanism called a "dictionary" - a computer system that tests password combinations from known data and police information. Experts from the INC used this technique for five months, until December 2008, when the discs were sent to the United States.

Article @ Globo

Share this post


Link to post
Share on other sites
hdood    145

Guess he picked a strong passphrase.

Share this post


Link to post
Share on other sites
c3ntury    133

So what was the other program? ;)

Share this post


Link to post
Share on other sites
The_Decryptor    1,105

My grandmother will love this, she's of the belief that the government can crack any encryption instantly.

Share this post


Link to post
Share on other sites
BigCheese    9

Not even brainzilla could decode it.

Share this post


Link to post
Share on other sites
petrossa    156

Not even FBI.......

If i were a computer wizard i'd most likely work someplace i would get tons of money. I'm sure the FBI, whilst maybe paying a good salary, doesn't qualify. So, as with most (if not all) government agencies, you get good people at best. Very good ones ......

If you pay peanuts you get monkeys.

So i guess that should read: The FBI was unable to decrypt files of Daniel Dantas

Factual, Fred please change the title of the thread.? :whistle:

Share this post


Link to post
Share on other sites
MR_Candyman    114

Guess he picked a strong passphrase.

yep, THIS is why they tell you to do so.

Share this post


Link to post
Share on other sites
Colin-uk    134

he probly used keyfiles lol.

Share this post


Link to post
Share on other sites
TechFreak:)    5
It is a mechanism called a "dictionary" - a computer system that tests password combinations from known data and police information.

A dictionary attack only works if you use a simple password. Usually, people who want to hide something will use harder passwords which are breakable only by brute force attack. And this kind of attack could take months/years before they will find the right key.

Share this post


Link to post
Share on other sites
gian    18

Not even FBI.......

If i were a computer wizard i'd most likely work someplace i would get tons of money. I'm sure the FBI, whilst maybe paying a good salary, doesn't qualify. So, as with most (if not all) government agencies, you get good people at best. Very good ones ......

If you pay peanuts you get monkeys.

So i guess that should read: The FBI was unable to decrypt files of Daniel Dantas

Factual, Fred please change the title of the thread.? :whistle:

They don't exactly pay peanuts so as you said they can get good ones - maybe not the best, but I doubt the best would help here.

It's mostly a matter of equipment and surely the FBI can have a big enough budget (thank you tax payers...) so as to get the best equipment out there. Maybe a PS3 :p

Who is that guy?

Share this post


Link to post
Share on other sites
Lechio    15

A Supercomputer would probably decode it in a few minutes (if not seconds). n00bs.

Share this post


Link to post
Share on other sites
MillionVoltss    62

Seriously ? They can plot nuclear fallout, weather, the stars etc on large systems but they cant brute force a password ?

Share this post


Link to post
Share on other sites
funkymunky    3

I'm glad this article is here.

As there a lot of people who think that encryption is easily breakable and that the US government has back doors into all these products.

In fact I'll just leave this here for people to understand the actual reality behind this:

http://www.lockdown.co.uk/?pg=combi

Share this post


Link to post
Share on other sites
Darth Laidher    37

Good.

Share this post


Link to post
Share on other sites
hdood    145

Seriously ? They can plot nuclear fallout, weather, the stars etc on large systems but they cant brute force a password ?

What are these supposed to have in common?

Share this post


Link to post
Share on other sites
MR_Candyman    114

I'm glad this article is here.

As there a lot of people who think that encryption is easily breakable and that the US government has back doors into all these products.

In fact I'll just leave this here for people to understand the actual reality behind this:

http://www.lockdown.co.uk/?pg=combi

It's very interesting to see just how quickly even the best passwords can be broken with a supercomputer. Doesn't make me feel secure at all

Share this post


Link to post
Share on other sites
hdood    145

It's very interesting to see just how quickly even the best passwords can be broken with a supercomputer. Doesn't make me feel secure at all

I doubt you'll be around for 631 billion years. Longer passphrases are always preferable to passwords.

Share this post


Link to post
Share on other sites
Darth Laidher    37

I doubt you'll be around for 631 billion years. Longer passphrases are always preferable to passwords.

I have a crap memory so i can't use long pass words lol.

Share this post


Link to post
Share on other sites
MR_Candyman    114

I doubt you'll be around for 631 billion years. Longer passphrases are always preferable to passwords.

96 Characters

Mixed upper and lower case alphabet plus numbers and common symbols

8 characters 7.2 Quadrillion combinations 83½ Days to crack AT MOST when they use a supercomputer to crack it

edit: oh, I get where you got the 631 billion years. Interesting. That's a 20 digit though, and ya, I couldn't remember it. Still, if you did the example above with 20 digits they would never get it

Share this post


Link to post
Share on other sites
hdood    145

I have a crap memory so i can't use long pass words lol.

Just use an English sentence you can remember. "I love pie more than anything in the world because it is so yummy yummy yummy" is effectively an uncrackable passphrase.

Share this post


Link to post
Share on other sites
yxz    95

It's very interesting to see just how quickly even the best passwords can be broken with a supercomputer. Doesn't make me feel secure at all

lolwut?

The full alphabet, either upper or lower case (not both in this case).

Length 20

631 Billion years

F. 1,000,000,000 Passwords/sec

Typical for medium to large scale distributed computing, Supercomputers.

Share this post


Link to post
Share on other sites
count0nz    59

agree use something like

"IBetTheFBIcan'tBreakThisPasswordIn10000YearsMyDob1967"

;-) there you go going to take the BEST super computer over 83 Days to bresk that ;-)

Share this post


Link to post
Share on other sites
Nadja    13

he probly used keyfiles lol.

2 or more key files encrypted in hidden/decoy containers in removable media or cyberspace would do the trick... :whistle:

Share this post


Link to post
Share on other sites
boogerjones    86

I don't think anybody actually thought the US government had some special way to get peoples' crypto keys. They very likely have large precomputed hash tables for some algorithms since that's the best value when a salt isn't used. They probably also have a distributed hardware cluster, but I highly doubt they'd tie it up for months on some Brazilian guy.

In fact I'll just leave this here for people to understand the actual reality behind this:

http://www.lockdown.co.uk/?pg=combi

That's a good starting point, but it ignores important factors. Programs like PGP and Truecrypt use key-derivation functions that iterate hash algorithms to increase the time need to derive the key. Truecrypt uses 1000-2000 iterations; PGP measures your CPU speed and uses a number of iterations that take 1/10 of a CPU-second to calculate on your machine.

A far more practical case for the government will be to press Congress to enact legislation that forces you to provide your passphrase. The constitutionality of being compelled is already being tested in the courts. In the case of Sebastian Boucher, an idiot who showed a border patrol agent his kiddy porn and verbally admitted his computer had kiddy porn on it, he was forced by a court to type his passphrase in to unlock a PGP-encrypted virtual disk. But most US courts would probably not compel you to provide your passphrase if the government didn't already have direct knowledge know that your computer contained specific and probably illegal material.

Most courts have acknowledged that an encryption key is not the same as a physical key, but it only takes a single Supreme Court decision to end that debate forever. And given the way the Supreme Court has been ruling in heavy favor of the everyone's-a-terrorist attitude of our government, it wouldn't surprise me if they ruled this constitutional under the 5th Amendment. However, I don't know of such case even hitting the appeal courts yet.

Share this post


Link to post
Share on other sites
Master1    11

Well ya duh, I mean if the password is long enough and complex enough it will take years to break it with current technology i.e. the brute force attack

My opinion is that in the future AI could have a major impact in such cryptography cases as it could be possible to maybe detect a pattern or something in the attempts of cracking or maybe I have been watching too many Action/Sci-Fi movies laugh.gif

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.