# Doing something illegal? Encrypt your files!



## TechGuy

[WEBQUOTE="http://www.news.com/8301-13578_3-9834495-38.html?tag=nefd.top"]In potentially landmark case, Vermont judge says that thanks to Fifth Amendment, child pornography defendant doesn't need to divulge his laptop's encrypted passphrase.[/WEBQUOTE]

I'm not sure how I feel about this one. When it comes to child porn, I'd like the guy to get busted. I never would have considered that he wouldn't be required to hand over the password. Interesting...


----------



## iltos

TechGuy said:


> [WEBQUOTE="http://www.news.com/8301-13578_3-9834495-38.html?tag=nefd.top"]In potentially landmark case, Vermont judge says that thanks to Fifth Amendment, child pornography defendant doesn't need to divulge his laptop's encrypted passphrase.[/WEBQUOTE]
> 
> I'm not sure how I feel about this one. When it comes to child porn, I'd like the guy to get busted. I never would have considered that he wouldn't be required to hand over the password. Interesting...


i agree with the busting him part.....seems the case hinges on the fact that two fbi agents saw the porn before the files were encrypted, but then turned off the laptop....

we need our legal beagles on this one....why wasn't the laptop taken as evidence that first time? isn't there some law about tampering with evidence?....wouldn't encrypting the files fall under tampering?

then they could just hold the guy for contempt if he wouldn't surrender it and the feds could run their password guessing program.


----------



## Nesjemannen

TechGuy said:


> [WEBQUOTE="http://www.news.com/8301-13578_3-9834495-38.html?tag=nefd.top"]In potentially landmark case, Vermont judge says that thanks to Fifth Amendment, child pornography defendant doesn't need to divulge his laptop's encrypted passphrase.[/WEBQUOTE]
> 
> I'm not sure how I feel about this one. When it comes to child porn, I'd like the guy to get busted. I never would have considered that he wouldn't be required to hand over the password. Interesting...


Feel the same - Child Porn is terrible, horrible, inhuman business. They are ruining lifes, for God's sake! 

Omg, and why do they let him go - without giving over the password?... That is just stupid...


----------



## TechGuy

I'm not sure, but from the article it sounds like the files automatically encrypted when shut down. It probably asks for the password whenever the drive is opened, and then remains available until shutdown... at which point the password is required again.


----------



## hewee

It did not say why they even looked at his laptop to start with. Do they look at everyones computer that crosses the border? 
I think what the guy was doing is wrong but still why did they look at the laptop to start with.


----------



## iltos

hewee said:


> It did not say why they even looked at his laptop to start with. Do they look at everyones computer that crosses the border?
> I think what the guy was doing is wrong but still why did they look at the laptop to start with.


hmmm...good question....i got the impression that it was on already when they looked at it....or maybe they had sufficient reason to ask him to turn it on, and then they saw the pics, that were encrypted again when he shut it down (pretty arrogant of the guy, it that's the case....or he's got himself a really good lawyer)

i've taken my laptop across the border a couple of times....most anyone ever did was push the start button....when the lights went on, they handed it back.


----------



## hewee

That is just it what right did they have to look at it to start with. 
Now that seem dumb if they start your laptop and then hand it back. That is not doing anything.
If they start it and wait to see the desktop to see what is on it and hand it back then that is not doing much either. But if they see sex wallpaper and files on the desktop then guess they can then do more. 

Just put a good password on the login screen so when they start it up all they will ever see is the login screen and then you have the right not to give them the password.


----------



## iltos

hewee said:


> That is just it what right did they have to look at it to start with.
> Now that seem dumb if they start your laptop and then hand it back. That is not doing anything.


the way i heard it, a dummy laptop can conceal enough contraband to be worth its weight in gold (hehe...i guess some of them almost are, anyway )

that's why i'm thinking the feds must have had a reason to look more closely, or the guy gave them some other reason to be suspicious.


----------



## hewee

I see a laptop that boots up is not full of drugs.


----------



## KMW

Ha, reading the thread title me thought Techguy wuz teaching us to do something shady


----------



## zabusant

I also still don't understand how this happened in the first place - I can imagine an "officer" booting up a laptop to see if it's not a dummy, but accessing files (I'm guessing the files didn't just pop up by themselves) - didn't know they were qualified to do that, it all seems a bit fishy.

However I don't see how the fifth am. protects someone from giving up their password since the article states that a person can be legally compelled to hand over a key - what is a password, if not a key?


----------



## jaye944

Forgetting about the child porn bit, I think we all agree on that side of things....

We dont have a 5th ammendment in the UK

But my take on this it the law "IS" the law it is there to protect everyone.

As soon as you start saying whom a law should apply to or "extenuating" circumstances then you are on a VERY slippery slope.

Sometimes the law protects scumbags....
and sometimes it protects the innocent !


----------



## bmt626

it seems his laptop would have had to been on and he would have already had to access the drive in order for it not to prompt for a password. but techguy is right it sound like encrypts its self when shut down. Their best bet is to run scans to see if they can find files that had been deleted and not completely erased or look at logs to see if he had been sending the files via email.


----------



## zabusant

Are you serious jaye944? The right against self-incrimination originated in England, you do indeed have "the fifth amendment" in the UK (obviousely not by the same name though). 

Of course, the law should be the same for everyone - but the law seems to be (at least that's what the article suggests) that a person can be legally compelled to hand over a key (a key to a safe containing evidence against himself) - so this does not seem to be a part of "the fifth" - since the act itself (of handing over the key) is not by itself self-incrimination. That happens only when the key is used and the evidence is gathered. But in the case of a password it seems this is not the case (or so the judge ruled) - and that's where I think either the decision or the law is wrong.
But it is what it is and until it gets changed (not likely), it applies to everyone equally - and that is how it should be.


----------



## hewee

Wonder if they are really trying to find the password.

Because here are Password Recovery Speeds
http://www.lockdown.co.uk/?pg=combi&s=articles


----------



## zabusant

Not the numbers one would expect, however I regulary use 12+ lenght passwords with the combination of upper and lower case, numbers and symbols. Overkill, I guess, but if I'm doing it - someone who really has a reason for it - could be doing it as well.

But if you take the math in the article a little further, with a lenght of 9 and 96 symbols - the "F" attack would last 8016 days= 21 years
Without the numbers it would still take 2924 days=10 years

So a password such as MyPassword, which is actually 10 letters long, without any special combinations would - if the numbers in the article are correct - take 1664 days =4,5 years with a super-computer (with a brute-force attack)

So in my case (lenght=12+, 96 possible symbols), even the fastest computer on earth (reported in the article to check 76,1 billion passwords/second) would take over 250000 years. Not encouraging


----------



## hewee

Yea passwords can be easy to hard to crack. I had a link to a site that is no longer around but it let you put in passwords and it would then till you with a brute-force attack how long it would take . 
Was some nice to just type in passwords and even what you think is a good long password that is easy to remember can still be very easy with a brute-force attack to crack.


----------



## kimsland

Don't be fooled by this, encrypted stuff.

The only way to conceal the contents of a harddrive from others is to drill a large hole into it. Although the point here is being argued; under torture (the common way of most prison inmates) Most will crack.

My point:

*Do not store illegal material on your working harddrive*.

In case of automatic mind set replies, no I'm not talking about actual experience by me.


----------



## zabusant

Wasn't thinking of doing anything illegal, but will keep in mind in case I decide to rob a bank or two in the future

What do you mean? How would you get pass the encription without a password?


----------



## kimsland

just ask for it (this comment can bend a little)


----------



## DongleFree

Forget about the material it self, 
But the question is what kind of protection and encryption are used, most of algorithms already hacked, so in this case, 

if the algo is not cracked yet how long it take to be hacked, like the MD5 and RCA and now SHA1 .
Brute force is the basic method to crack password but there is a differnt ways to do it, 
it is strange that FBI use another compnay to crack a password, 
caz it should has the best and most current info and tech ,
anyway in technology you can imagaine anything , with the right tools and good money and u will see the dreams become true,

all the cracks which is around, they software companys are useing the most advanced encryption to protect the software pirates but in the same case there is no software not cracked around * are u agree with me or not* ,, even the most encrypted type of software uses the same encryption type with 15 days and good group of cracks and powerful computer , that is it ...


----------



## Gulo Luseus

zabusant said:


> Not the numbers one would expect, however I regulary use 12+ lenght passwords with the combination of upper and lower case, numbers and symbols. Overkill, I guess, but if I'm doing it - someone who really has a reason for it - could be doing it as well.
> 
> But if you take the math in the article a little further, with a lenght of 9 and 96 symbols - the "F" attack would last 8016 days= 21 years
> Without the numbers it would still take 2924 days=10 years
> 
> So a password such as MyPassword, which is actually 10 letters long, without any special combinations would - if the numbers in the article are correct - take 1664 days =4,5 years with a super-computer (with a brute-force attack)
> 
> So in my case (lenght=12+, 96 possible symbols), even the fastest computer on earth (reported in the article to check 76,1 billion passwords/second) would take over 250000 years. Not encouraging


Actually, thats not quite right. The probable time to break the code is between 83 days and 1581 days. This gives 95% confidence of achieving the right combo. In real time, the greater probability is that it would be broken within 18/26 of that time, being 1152 days, as 80% of passwords allegedly begin with a letter equal or lower than S. This assumes that you know the length of the password, if not, it needs to start with 1 letter/ number/ symbol combos, and inthe event of this there are 62 combos, not including symbols (lower case, upper case, and numbers). Then proceed to 2 digit passwords ( 62x62) for 3844 combos, etc. By binomial theory, this gives a huge number I cant be bothered to work out, but trust me, its big. If you them turn to 64 bit or 128 bit encryption, chances are it will take forever and a day to get anywhere. 
Sorry to get technical, but it just shows how many possibilities there are. Trying to acquire passwords is a huge task, and help seeking ( birthdays, friends names etc, employers) can narrow the field a bit, but a reasonably savvy individual will make something more random. Often th eonly recourse is to get them to give the password, and given the stakes, that seems unlikely.


----------



## zabusant

Yes - of course those are only the maximum times to break a code (or rather the times to check all possible combinations).

No, I don't believe you - knowing the lenght of the password is pretty irrelevant, since the possible combinations increase exponentially with each "digit". 

So in the case of 96 possible symbols - all the previous (shorter) combinations will only "add" about 1% of the total time (will represent roughly 1% of all the possible combinations - the actual number is 1,05263...%). So, pretty irrelevant

"The probable time to break the code is between 83 days and 1581 days." is not correct/or rather it is awkwardy put. What's true is that you have a 95% chance of "guessing" the number somewhere in the time between 83 and 1581 days - and that's not the same thing by far.
The fraze you used is misleading in the sense that it implies there is a great chance you'll guess the number in 83 days. Let me just say this then - there is even a greater then 95% chance of "guessing it in 1 to 1581 days"

But as you've figured out - the distribution is asimetrical and so the numbers are not correct anyway.


----------



## guitar

just bypass the password


----------



## zabusant

bypassing a password will do nothing if the data is encripted.


----------



## guitar

it only said the password was encrypted 
and the gov cracks these on a daily basis hacking into each others comps as a defense against hackers, 
they are still getting hacked


----------



## kimsland

Hiding ; Encrypting and Editing (really hiding) is useless
Just inevitable time consuming revealed hacked results
All should be aware of this


----------



## zabusant

Actually the article states that the whole drive (Z) is believed to have been encrypted.

Unfortunatelly kimsland, time is all one needs to avoid punishement, since the "statute of limitations" sets forth the maximum period of time, after certain events, that legal proceedings based on those events may be initiated. That basically means if you commit a crime and no one can prove it for a certain period of time, you are free.


----------



## jmw3

I find it hard to believe that there would be a statute of limitations on child sex offences, even in the US.


----------



## zabusant

There is - from this article it seems it used to be 15 years - and can now be extended to 27 years. Although I think it's not the same for each state. (And also the law is not retroactive - so it doesn't affect cases more than 15 years old at the time the law was changed). And Australia had only just abolished the statute of limitations for child sex offenders in 2002, I believe.

But I was really talking more generally - on the subject of data encryption, rather than the specific crime.


----------



## Zeroday

Has the man that searched his computer when he crossed the border been investigated? 

How do we know that man isn't lying? Where is the proof? Besides, there is no law saying that you are allowed to search people's laptops. That is invasion of privacy, border law or not! The man that searched his computer probably made a biased charge.

That still doesn't explain why his computer/laptop was turned on at the time they got to the border.
or why he would leave it on and risk being found out.

I think that what the man that searched his computer didn't really find what he said he did.

maybe, he wasn't able to search the computer at all, because it was already locked and the man refused to let him search it 

what position does this man have? has his background been searched? Is he with the mafia, drug groups? Government - Might have top-secret documents?


----------



## hewee

guitar said:


> it only said the password was encrypted
> and the gov cracks these on a daily basis hacking into each others comps as a defense against hackers,
> they are still getting hacked


My Aunt worked for the National Security Agency and they cracked code all the time.


----------



## Zeroday

That may be true, but it could take years.

Depending on the type/quality of the Encryption, it can be easy or hard.


----------



## guitar

not if a good cracking team wants to ie vista was cracked within days of release


----------



## Zeroday

Actually, the NSA added "features/files/security" of their own to Vista before it was even launched, and while it was still in pre-production. What exactly the features/files/security are, remains elusive.

As for Cracking Vista? Do you mean like "pirating" it? because that can be easily done with a simple registry change.


----------



## shant93

iltos said:


> er a couple of times....most anyone ever did was push the start button....when the lights went on, they handed it back.


Did they expect it to blow up?


----------



## Zeroday

Maybe


----------

