British man jailed over computer password refusal

Oliver Drage was ordered to serve 16 weeks at a Young Offenders Institution on Monday A teenager has been jailed for 16 weeks after he refused to give police the password to his computer.

Oliver Drage, 19, of Liverpool, was arrested in May 2009 by police tackling child sexual exploitation.

Police seized his computer but could not access material on it as it had a 50-character encryption password.

Drage was convicted of failing to disclose an encryption key in September. He was sentenced at Preston Crown Court on Monday.

Drage, was arrested when he was living in Freckleton, Lancashire, but later moved to Liverpool.

He was formally asked to disclose his password but failed to do so, which is an offence under the Regulation of Investigatory Powers Act 2000, police said.

http://www.bbc.co.uk/news/uk-england-11479831

Then again, a decent hacker should be able to break the encryption anyways.

a bad hacker could get past the "security" on a personal computer.

This is not simply the password for a Windows user account or a zip file. It sounds like he probably has an encrypted (not merely password protected) partition.

If it has a 50 character encryption key then, assuming it consists only of upper and lower case characters and the 10 digits, there are 3.15E+085 possible combinations (if my math is right). That's 315 followed by 83 zeros. Add in punctuation and other characters and it becomes even bigger.

Granted, it probably contains at least some dictionary words, which makes the problem somewhat easier but it's still a very difficult problem and likely can only be broken by a brute force attack, which can take a LONG time.

which is currently impossible to crack even by brute force if you are using a password such as $mK;^klEe!:/.

if you have the lifetimes of many universes to do it. But for all practical purposes you're correct, it's impossible.

residual data is always there, in many places. I write software for PLC controllers (not siemens) and I take specific steps to destroy any work product that may reside other places on my system.

I doubt most people take those steps.

The entire partition is encrypted.

Everything. The OS, the files, the virtual memory, temporary files, everything.

Of course, whoever let it slip that it's exactly 50 characters just reduced the workload a fair bit.

Oh, and FWIW, you can be compelled to divulge passwords in the US, depending on the reason and jurisdiction.

Welcome to the New Reality

If divulging the password *itself* (rather than what it revealed upon use of the password) would incriminate you, you can "plead the 5th".

The 4th is easily trumped by probable cause.

Thus, while "Iroxxors(theb0xxors)" would be a reasonable password, it would not be protected.

"Ik!lledmyw1feandchild" would be a self incriminating password. While you may still be compelled to provide the password, the prosecution then has a serious problem on their hands with any resulting evidence, because they forced somebody to unwillingly surrender their rights, and incriminate themselves.

So, if you want to confess to any crimes, use *that* as a password, and then refuse to divulge it, on grounds of self-incrimination.

Again, IANAL, and would love to hear from them.

The "I killed my wife" password would preclude an indictment based solely on that admission.

It would not bar prosecution for unrelated crimes revealed by the data on the computer, in accordance with the purpose of the warrant (and any incidental crimes, besides the murder, found incident to the warranted search).

:-)


sP

Lets assume it is ONLY all lower case (no spaces, no upper case, no numbers). That is 26^50 possible combinations. 5.6*10^70.

Assumming you could break 1 billion codes per second and had 1 billion computers working on it nonstop 24/7/365 it would only take 1.7 * 10^45 years to try all combinations.

That is 1,700,000,000,000,000,000,000,000,000,000,000,000,000,000,000 years.

If the police had a valid warrant and a court had ordered him to disclose it, then he could be jailed for contempt for as long as it takes for him to challenge the order or comply with it.

The idea that a good hacker can break real encryption using a strong password is something that exists in only Hollywood.

And example would be AES
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard

I could give you a file encrypted w/ TrueCrypt (256bit AES implementation) and as long as I chose a strong password you will never crack it. Never.

Not in a year, not in a decade, not in a century. Not if you borrowed every single computer on the planet and they all worked 24/7/365 for the next milenium.

"Not in a year, not in a decade, not in a century."

It could be cracked at the very first attempt. The odds are very,very small, but it is possible. The ODDS are that it won't be broken in a century, but you can't say that for sure.

Maybe a better way to express it would be:

Another way to look at it is after couple millions years of working 24/7 will all known computing resources on the planet you would have less than one millionth of 1% chance of finding the decryption key. :)

Study them, use them.

1BushEatsShit2CheneyEatsShit3YourMotherEatsShitToo

Maybe this was meant as a joke, but longer pass keys use many less shift strikes.

register too.

Maybe the "child porn" on the machine is nekkid pics of himself when he was 17, or a naughty video of him and his 17-yr-old girlfriend. I'm not one to rush to judgment just because the cops used the magic word "child porn." Here's hoping I'm not the only one.

Since the age of consent in Britain is 16, pictures of yourself at 17 naked with other 17 year olds would not form the basis of any child sexual exploitation investigation.

Point remains.

as he would be in possession of a picture of a minor (under 18) but that was not likely to get the police knocking on his door unless he was distributing those pictures.

Maybe his family is a bunch of homophobes who think all queers should die. For a scared 19 year old maybe 4 months in prison is better than revealing that.

People have various reasons for secrets. The govt shouldn't be able to jail someone for failing to reveal their secrets. The law would be unconstitutional in the US.... today bad brit have no Constitutional rights.

despite age of consent being 16.

So yes a photo of his 17.5 year old girlfriend (or boyfriend) taken with her consent is still illegal. As stupid as it sounds having sex with his girlfriend is legal, taking a picture of her is not.

Or is the encryption he used practically impossible to hack?

♥

unless he has kernel level knowledge there is no way to destroy all the evidence. First step is to clone the drive, then grab data his ISP cached up stream that is linked to him.

Encryption sold to consumers is a walk in the park for professionals. They will not however publicly break aes-(whatever) in this venue.

I encrypt instructions for cnc tooling. Primarily to prevent theft and design change. I take steps to be sure my work is intact and protected.

Encryption is one of MANY things in the process. Encrypting a file, or even a whole drive is not due diligence.

There is nothing plaintext. Everything is encrypted. Period.

As far as an ISP search. Secure tunnel to third party anonymous proxy.

A "plausible deniability password".

You may or may not use this second password. (Which if used reveals only innocent, decoy files.) Moreover, if you DO use two passwords but say you use only one, there's NO WAY anybody can prove you're lying.

Highly recommended.

http://www.truecrypt.org/docs/?s=plausible-deniability

you thought were gone. Unless you track every written block and anything derived from it there is a trace. There are methods to remove these but most people dont use them.

Since he is accused of child porn I fell little sympathy for him.

If you look at the 'Hidden Volume' section on the page CPD gave, it shows that they organise their encrypted volume to have space for a second header for a second volume. If you don't configure it to use this second volume, then this space, and the free space on the volume, is filled with random data. But, until you know the correct password, they say you can't tell the difference between random data and the encrypted data.

So, without the second password, there should be no way to tell if there is encrypted data there or not. So you put something that you ultimately don't mind being discovered, but which you might plausibly claim to want to encrypt, in the section encrypted with the first password; and then the stuff you really don't want found in the second section.

I'm not sure what you mean by "parts of the file you thought were gone". This isn't about erasing data; it's about keeping it encrypted, without them really knowing if there's any data there at all.

where it is generally destroyed by removing "pointers" not blocks. It goes into physical memory, and into a pagefile during that process..

When you encrypt a file a working copy is created or the original is used for that purpose. For example I disable swapping all together. I dont want a pagefile containing data.

Without getting all nerd the process to truly secure a system is complex and not solved by one off the shelf solution.

There is a number of overwrites which a magnetic signature persists. Again a CP fucker gets no sympathy from me.

...in deallocated blocks.

The only place the plaintext exists is in RAM, and that disappears
irretrievably the moment you turn off the system's power.

Tesha

if there is whole disk then cloning the drive and mounting it on another machine is a logical step. Breaking the "road map" to where the blocks are is the next logical step.

There is nothing off the shelf that the real deal cant walk through.

While actually, in all likelihood, P≠NP.

and some problems are very simple to solve. I use just enough to be sure people dont steal my shit or change it without leaving traces and then sue me.

CS problems and Game Theory dont reduce sloppy code, human error, or a blatant back doors.

Ahh , remember when des was secure. So triple des seemed even more secure... those were the days.

...to serve the NSA's needs; all of the NSA's needs.

Tesha

you think any block cypher including Rij's stuff is going to stand up? You would be better writing you own.

When your DRAM stops refreshing, there will be no useful data
left in it in a very few seconds and nobody, not the CIA nor
the NSA nor Bill Gates or Steve Jobs is going to be able to
dredge any useful data out of it.

And no, if the whole disk is encrypted with strong-enough
encryption, you will not be accessing the cleartext in the
remaining lifetime of our planet.

Where do people get these ideas???

Tesha

I wonder why a hisec machine would encrypt main memory. with an algorithm you never heard of..

I wonder if the germans really thought enigma was secure.

Quiz how long to break aes on a machine where you have root? hint, it is measures in clock cycles... i think those are pretty quick.

Really how good is whole disk if you own the key?

http://tdistler.com/2008/02/21/data-in-ram-can-be-recovered-after-power-off

It is difficult, it doesn't always work but it can be done.

Here's what the abstract of your reference says:

> A research group out of Princeton has demonstrated that the bit values
> in DRAM don’t clear immediately at power-off, but fade over time. The
> fade time is determined by the temperature, so spraying the DRAM with
> dust-off can cause the data to remain for ten minutes or more. This
> technique can then be used to recover disk encryption keys.

So if you happen to have a can of cryogenic spray handy and if
you can remove the DIMM cards and if you can transport them
into another environment ('cause you sure can't boot them up
with the memory-clearing BIOS or ECC-initialization routines
in the host computer) and you can do it all in under ten minutes,
you might only lose a significant fraction of the data in memory.

Practically, it might as well be impossible.

Realistically, at ordinary temperatures (such as the nice warm
temperatures inside a computer case), the lifetime of an
unrefreshed DRAM bit is measured in seconds, and not
many of them.

Tesha

and make a copy of the DIMM contents. No need to read it from the host system or even another computer. There are custom built memory readers (used for testing) that could record an image of memory contents in a matter of seconds. Ten minutes (hell even 2 minutes) is more than enough time to transfer DIMM is the operative has practiced.

Calling it is cryogenic spray is dubious. This ultra powerful "cryogenic spray" can be found at any Walmart.

Obviously it requires planning. It isn't something you can do adhock but most deep penetrations of secure systems require planning, skill, and timing.

So it all depends on how badly someone wants what you have. Of course in future someone could devise a system that when sytem powers down a random pattern of 0 & 1 is refreshed through DIMMs making any data recovery impossible. Until then it is a difficult but possible data recovery technique.

And as I've mentioned, at operating temperature, after the
first few seconds of being powered-down, the data is gone.
This isn't a threat I'm going to worry about.

Tesha

Personally I have nothing and likely will never have anything of enough value that would warrant such measures.

I was just correcting your incorrect statement.



There are SOME situations where it would warrant decryption key recovery from volatile RAM. It wouldn't be that difficult to devise a coolant system which has a tube inserted into fan or cooling vent in computer tower and pumps in enough coolant to keep DIMMS cool enough from extraction.

I will never be involved in such a situation but it doesn't mean such situations don't exist.

Then again in these encryption debates I always think of this:



:)

Properly installed and congigured TrueCrypt is secure.

There is nothing to roadmap. Everything is encrypted. To turn it into plaintext you need the passphrase.

So should nobody feel sorry for you now?

See how that works.

Truecrypt encrypts everything. The entire partition is encrypted. That includes the OS, the virtual memory, temporary files.

There isn't anything that left in plain-text.

:kick:

IambyfarthebiggestMichaelJacksonfaninGreatBritain!