Not even FBI was able to decrypt files of Daniel Dantas

By brentaal
in Back Page News

 Share

Recommended Posts

Grand Master

primexx

Posted
Posted

no **** the fbi can't crack a proper passphrase, that's the whole point! how the hell is this even news?

....and that's when you get laws which require you to give up keys.

...and that's where decoy containers come in.

They're wasting their time and costing too much money. They should just torture him.

torture doesn't do ****.

Link to comment
Share on other sites
Grand Master

boogerjones

Posted
Posted

However I'd rather take the 3 years(?) prison time for not giving up my "password" than be charged with Terrorism or CP.

3 years? They imprison you until you comply.
Link to comment
Share on other sites
Mentor

Luis Mazza

Posted
Posted

The FBI is helping the Brazilian government in the wrong way: they should get the intel directly from Daniel Dantas.

I think that Jack Bauer could take care of it pretty well :woot:

:cool:

Link to comment
Share on other sites
Community Regular

murkurie

Posted
Posted

Maybe the other program was the Microsoft one, can't think of the name. comes with WIn7 and WinVista by default if you get the ultimate ones.

Link to comment
Share on other sites
Grand Master

ThaCrip

Posted
Posted

he probly used keyfiles lol.

agreed. with key files it's like using a super long secure password.

so using those alone is probably going to be very hard for them to break through TrueCrypt (i been using this program for roughly 4-5 years now. and it's stable/reliable) and if you got a pretty good password on top of that i don't think it will be easy for any one to break even people with super computers etc.

A Supercomputer would probably decode it in a few minutes (if not seconds). n00bs.

i think your overestimating how good those are. because i doubt the minutes/seconds stuff.

Link to comment
Share on other sites
Grand Master

M_Lyons10

Posted
Posted

Not even FBI.......

If i were a computer wizard i'd most likely work someplace i would get tons of money. I'm sure the FBI, whilst maybe paying a good salary, doesn't qualify. So, as with most (if not all) government agencies, you get good people at best. Very good ones ......

If you pay peanuts you get monkeys.

So i guess that should read: The FBI was unable to decrypt files of Daniel Dantas

Factual, Fred please change the title of the thread.? :whistle:

I would say government workers are generally over paid...

As for the OP, this is very interesting, and I'm not security expert here, but without the passphrase or key, how would they be able to just break it?

Link to comment
Share on other sites
Mentor

argonite

Posted
Posted

I love how people think the FBI can do anything. Including retrieving data from drives that have been randomly overwritten (1 or more times) and cracking extremely long passwords.

I suppose it's the impression that movies make. I'm surprised nobody's paranoid that the CIA is watching them through their hacked toaster oven.

Link to comment
Share on other sites
Grand Master

Vice

Posted
Posted

but without the passphrase or key, how would they be able to just break it?

Only really 2 ways to access encrypted data.

1. Get the key and use it

2. Find a vulnerability in the encryption method or implementation and exploit it

It would appear that the government in this case were unable to figure out what the key was and possibly didn't bother with finding vulnerabilities. And I can see why to be honest. The dictionary method just requires computer time but finding a vulnerability would take a lot of intelligent people and many man hours. Possibly something the FBI budget doesn't allow. I imagine something like that would only be undertaken during wartime to decode opponents communications and things of that nature.

Link to comment
Share on other sites
Grand Master

ThaCrip

Posted
Posted

It's very interesting to see just how quickly even the best passwords can be broken with a supercomputer. Doesn't make me feel secure at all

i think you semi-misread that site because notice how it ONLY shows 8 length passwords on the '96 character' parts?

i.e. once you add length to those it will become VERY hard to break even on a super computer ;)

because you can see password length of 7 to 8 jumps A LOT (i.e. from 20hours to 83 1/2 days in just ONE character increase)

so basically imagine a 63 length password on a '96 character' section as that will make even super computers take forever. (and i believe the key files on TrueCrypt use something along these lines (i don't know details but your not going to easily break a keyfile in TrueCrypt to put it simply ;)) ). plus if you add in your own password on top of that. it just makes it that much harder)

from TrueCrypt website...

IMPORTANT: To make brute force attacks on a keyfile infeasible, the size of the keyfile should be at least 30 bytes.

and the KeyFiles that TrueCrypt generates are 64bytes.

Link to comment
Share on other sites
Mentor

argonite

Posted
Posted

No reason to have the whole thing set up if its been erased.

If he set-up a convincing hidden volume, he can easily give away a key that actually works, but only unlocks useless decoy data. The investigators have no idea if there is another volume behind that with what they need, it's all random and looks like a securely formatted drive. Said drive could've been formatted at any time, for perfectly valid reasons.

If he is smart enough, he'll know that there is no way the investigators can even prove the secret data exists without already knowing it exists (barring brute-forcing), much less tell if he's innocent or should be tortured more. This is the nature of plausible deniability.

Link to comment
Share on other sites
Experienced

tablet_user

Posted
Posted

A Supercomputer would probably decode it in a few minutes (if not seconds). n00bs.

ya cause they never thought to use one. some kid on neowin had a better thought process then fbi lol

Link to comment
Share on other sites
Grand Master

ThaCrip

Posted
Posted

If he set-up a convincing hidden volume, he can easily give away a key that actually works, but only unlocks useless decoy data. The investigators have no idea if there is another volume behind that with what they need, it's all random and looks like a securely formatted drive. Said drive could've been formatted at any time, for perfectly valid reasons.

If he is smart enough, he'll know that there is no way the investigators can even prove the secret data exists without already knowing it exists (barring brute-forcing), much less tell if he's innocent or should be tortured more. This is the nature of plausible deniability.

Agreed. but i think the key is making that 'useless data' look at least moderately interesting because if it's just a few files in there with basically nothing even remotely interesting i would just assume they won't believe you and keep on pressuring you to give up the other key to unlock the REAL stuff you got hidden.

sure, they won't be able to PROVE that you got another volume but you can be pretty sure if it's a government organization i don't think they will buy it that easy especially if they are not civilized about the whole thing. even though technically your right about the whole plausible deniability thing.

Link to comment
Share on other sites
Grand Master

primexx

Posted
Posted

Agreed. but i think the key is making that 'useless data' look at least moderately interesting because if it's just a few files in there with basically nothing even remotely interesting i would just assume they won't believe you and keep on pressuring you to give up the other key to unlock the REAL stuff you got hidden.

sure, they won't be able to PROVE that you got another volume but you can be pretty sure if it's a government organization i don't think they will buy it that easy especially if they are not civilized about the whole thing. even though technically your right about the whole plausible deniability thing.

yea so just make sure your decoy does look secret.

bank account informaton, pics of your wife/secretary, or clown-doing-autoerotic-asphyxiation-while-standing-in-a-puddle-of-feces porn or something.

Link to comment
Share on other sites
Grand Master

MR_Candyman

Posted
Posted

i think you semi-misread that site because notice how it ONLY shows 8 length passwords on the '96 character' parts?

i.e. once you add length to those it will become VERY hard to break even on a super computer ;)

because you can see password length of 7 to 8 jumps A LOT (i.e. from 20hours to 83 1/2 days in just ONE character increase)

so basically imagine a 63 length password on a '96 character' section as that will make even super computers take forever. (and i believe the key files on TrueCrypt use something along these lines (i don't know details but your not going to easily break a keyfile in TrueCrypt to put it simply ;)) ). plus if you add in your own password on top of that. it just makes it that much harder)

from TrueCrypt website...

and the KeyFiles that TrueCrypt generates are 64bytes.

Yes, I realised the error of my ways and yesterday started seeing the best types of passwords sites I go into allow and making a randomly generated one using Keepass with the maximum characters and of all the types allowed. The passwords I was using before would have all taken very little time on a normal machine to force. I know a couple of people who got either email or game accounts hacked, so I think it's good to make it harder for somebody to do so. I freely admit I'm still pretty ignorant as to cryptography, but at least this thread has made me take steps to protect myself better.

Link to comment
Share on other sites
Enthusiast

TechFreak:)

Posted
Posted

I know a couple of people who got either email or game accounts hacked, so I think it's good to make it harder for somebody to do so. I freely admit I'm still pretty ignorant as to cryptography, but at least this thread has made me take steps to protect myself better.

Hacking in email/game account is really hard.

If you don't know the password and know that the account has strong password, your only choice is brute force. And brute force takes time. If you have a simple password, for example "9999", it will take 6561 tries if you check all combinations from 0 - 9999. Mostly people use letters and symbols which will take even longer to crack.

Email providers usually block your IP for at least an hour if you try with the wrong password for 3 - 4 times. So if you're really lucky and have 1000 IPs, you would be able to try about 3000 combinations in an hour. However, they usually also have algorithms which checks for that sort of behaviour and temporarily disables the account in that case.

Link to comment
Share on other sites
Neowinian

HARF HARF HARF

Posted
Posted

Factual, Fred please change the title of the thread.? :whistle:

Factual, don't tell people what to do unless you're in a position of authority. Whistle at that, bro.

Link to comment
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.