Full Disk Encryption Hard For Law Enforcement To Crack 575
If you'd rather keep your data private, take heart: disk encryption is a lot harder to break than techno-thriller movies and TV shows make it out to be, to the chagrin of some branches of law enforcement.
MrSeb writes with word of a paper titled "The growing impact of full disk encryption on digital forensics" [abstract here to paywalled article] that illustrates just how difficult it is. According to the paper, co-authored by a member of US-CERT, "[T]here are three main problems with full disk encryption (FDE): First, evidence-gathering goons can turn off the computer (for transportation) without realizing it's encrypted, and thus can't get back at the data (unless the arrestee gives up his password, which he doesn't have to do); second, if the analysis team doesn't know that the disk is encrypted, it can waste hours trying to read something that's ultimately unreadable; and finally, in the case of hardware-level disk encryption, tampering with the device can trigger self-destruction of the data. The paper does go on to suggest some ways to ameliorate these issues, but ultimately the researchers aren't hopeful: 'Research is needed to develop new techniques and technology for breaking or bypassing full disk encryption.'"
I wish this was the case in the UK (Score:5, Informative)
I wish this was the case in the UK, any encryption keys have to be handed over when asked by the police or .Gov
Re:I wish this was the case in the UK (Score:5, Informative)
So use TrueCrypt and a hidden volume. Give them the keys to your outer volume. It mounts and they can browse your collection of Lolcats. Let them prove that's not what they were looking for.
Giving up passwords (Score:5, Informative)
(unless the arrestee gives up his password, which he doesn't have to do);
In the UK he does [theregister.co.uk]. And people have been punished [theregister.co.uk] for not handing it over.
So what? Even our goons can do it. (Score:3, Informative)
The encryption might be practically unbreakable but that doesn't help a lot. Around here police just break into homes to install hardware or software keyloggers. Sure, that may not be exactly legal for them to do, but they don't care because they know nothing will happen to them.
Full report is available (Score:4, Informative)
For the full report, Google
filetype:pdf "The growing impact of full disk encryption on digital forensics"
Re:Giving up passwords (Score:5, Informative)
First, the quote was from the Declaration of Independence, a document that preceded the U.S. Constitution by more than a decade, was purely symbolic in nature -- which is to say, it has almost zero application in the law of the United States of America.
What both of you are trying to recall from your ancient civics classes is the Fifth Amendment (part of the Bill of Rights, passed 2 years after the Constitution), which reads (in relevant part):
No person shall be . . . compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law. . . .
Whether or not coercing someone to unlock the chest where they put their confession is the same as forcing them to incriminate themselves is a tricky and unsettled question of law that we (the Yanks) are still working on. (Whether the coercion is beating them with a $5 wrench, or putting them in prison indefinitely for "contempt", the principle is the same.)
Your meta-point is quite true, however - the creation and protection of such individual rights in conflicts with the State was the fundamental schism that led North America to diverge from the previously (fairly homogenous) Anglo/European civilization about 200 years ago. Now build some Settler[early game]/Armor units[late game] and get out there and spread the word to the rest of the map.
Re:I wish this was the case in the UK (Score:5, Informative)
From the actual paper (worth reading if you have academic access):
Challenges can also arise when a defendant appears to be cooperative. For instance, the defendant may provide incorrect decryption details but the defense may claim that the encrypted container was damaged in some manner, which was why it would not open.
They also list several court cases where truecrypt FDE rendered the machines inaccessible many years after the fact.
Re:Giving up passwords (Score:4, Informative)
My SSD is encrypted with AES in hardware. .
Depending on the brand, only the key is stored using AES. In many cases the actual data on the disk is encrypted with a weak encryption or even not at all. Full AES encryption of all the data would make the drive horribly slow.
Re:I wish this was the case in the UK (Score:5, Informative)
You sound like someone who hasn't seen this [explainxkcd.com] yet, but would enjoy it.
Re:I wish this was the case in the UK (Score:5, Informative)
You can take a published string and make it a reasonably secure passphrase by adding enough entropy to it, but you still have to remember the entropy that you've added. Why not just start with a diceware passphrase and memorize the entropy directly?
Re:"more research?" (Score:5, Informative)
want to see a lawyer's head explode?
(we all do. read on...)
tell them you support jury nullification.
its almost like telling an electrical repairman that there ARE user-repairable parts inside and that that label is pure hogwash.
lawyers and judges are so smug sure that 'judging guilt' is a hard job, to be left only to those 'qualified'.
the thing is, the so-called pros have done such a bad job over the last few decades, I can't believe that even a random roll of dice would be worse for carrying out justice. perhaps that would even be an upgrade. getting 50/50 would probably BE an upgrade over what we have now.
the fact that regular people are taken out of the loop is actually a safeguard that they are bypassing.
but dare talk to a friendly lawyer about this and they'll likely bite your head off. and if you are in voire dire and dare tell anyone that you are even aware of what JN means, you are immediately dismissed as a juror. worse: if you don't let on during VD and then vote your concience, you can be jailed for contempt!
all for following a legally allowed american principle; but one that has an unspoken 'do not admit to its existence' rule about nullification.
see fija.org for more info. people should all know about this. its one of the best parts of our system, in fact!
Re:Not impossible, not even hard (Score:5, Informative)
Within 10-20 years after that any conventional (e.g. what most PCs today are capable of) encryption other than one-time-pads or the like will be breakable.
Uh, no. Quantum computers can brute-force conventional encryption in about the square root of the time taken by a conventional computer. Doubling the key size is much easier than building a quantum computer of a usable capability.
This is precisely why AES has a 256-bit key option when conventional computers could never break a 128-bit key anyway. AES256 is about as difficult to brute-force with a quantum computer as AES128 is with a conventional computer.
Re:Deniable encryption only works in theory (Score:5, Informative)
the outer volume, when mounted in "unsafe" mode uses the entire disk partition, thus there are three ways to log into a TC volume with a hidden partition:
Into hidden volume, with hidden password: see hidden volume, outer volume as unavailable.
into outer volume, with both outer and hidden password: outer volume mounts, hidden volume shows as unavailable.
into outer volume, with outer password only: outer volume mounts entire space as one volume, all space available, contents of hidden volume may be overwritten, but all space appears consumed.
in practice to make the outer volume look valid you should place sensitive info there:
tax returns for clients if you are a CPA (while the cooked books are on the hidden volume).
"normal" porn if you are a married person (while the CP is on the hidden volume).
company confidential design docs if you are an engineer (while the hidden volume contains competitor trade secret info).
etc.
The point being that you should make the outer volume both useful and not small so that it will have data churn.
Also, to defeat casual perusal of your filesystem by random people who may access your computer I am fond of storing my truecrypt volumes as alternate data streams/metadata to normal files. I have a 500 gig drive with a single mp3 on it that is only 3 min long, yet the disk is full :)
-nB
Re:Giving up passwords (Score:4, Informative)
Seagate published a paper to justify why they went with 128-bit AES. The bottom line is that 256-bit encryption impacted disk throughput. That said, their Momentus 7200 FDE line is just as fast as their non-encrypting line.
http://www.seagate.com/staticfiles/docs/pdf/whitepaper/tp596_128-bit_versus_256_bit.pdf [seagate.com]
Re:I wish this was the case in the UK (Score:2, Informative)
I think you are vastly underestimating the cost to brute force a pass phrase!
You need to test every substring with an expensive process: perform the (salted, multi-round) substring->key conversion, attempt to decrypt one or more cipher blocks, and decide if the result is correct plaintext... a well-designed FDE system will not make this an easy task, and you have to repeat it an awful lot of times to brute force the passphrase.
A 40 TB corpus has approximately 4 x 10^16 substrings of less than 1K, or 4 x 10^15 if we assume strings start on word boundaries and an average word length of 10 or less. Even if you charitably assume the whole hash/decrypt/validate process can be done in 1 ms of compute time per candidate, thats 4 x 10^13 seconds (about 1M years) of compute time. Unless Amazon has drastically lowered their prices, I don't think you'll be getting that for $150...
Re:Minor issues (Score:5, Informative)
Except modern drive recovery can restore the blanked out sector.
Uh, no.
It has never, despite it being 'common wisdom', been possible to recover overwritten sectors on a hard drive.
No one has ever demonstrated it in the entire history of hard drives.
It was a theoretical attack a long time ago, on pre-IDE 'MFM' hard drives.But we moved off that sort of drive in 1986.
And even then, it didn't work. It was a theory that said with a very poorly build hard drive, it might be possible to recover some data. Like I said, no one's ever actually shown this.
And with IDE, we moved to RLL encoding which means, statistically, you couldn't get anything. With an MFM encoded drives, if you got 50% of the data with 50% accuracy, you had 25% of the data and might possibly come up with something, although, like I said, no one ever has managed this.
But with RLL encoded drives, if you got 50% of the data with 50% accuracy, you have nothing. It is not really possible to get a partial byte.
No that anyone has ever demonstrated reading anything from a ' The idea that you need to do anything more than overwrite a sector to make it unreadable is one of those zombie lies that simply cannot die.
The only way to recover a lost sector is if it was going bad at some point, so the hard drive made a copy of it and remapped that sector to the copy. Which means the original might still be there. (OTOH, the original was going bad, so who knows if it's still readable.) The odds of this happening are astronomical.
Re:I wish this was the case in the UK (Score:4, Informative)
Don't try that in Australia. BDSM porn is illegal in Australia.