Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

FBI hackers fail to crack TrueCrypt

Open source encryption on Brazilian banker's hard drive baffles police dictionary attack

Article comments

The FBI has admitted defeat in attempts to break the open source encryption used to secure hard drives seized by Brazilian police during a 2008 investigation.

The Bureau had been called in by the Brazilian authorities after the country's own National Institute of Criminology (INC) had been unable to crack the passphrases used to secure the drives by suspect banker, Daniel Dantas.

Brazilian reports state that two programs were used to encrypt the drives, one of which was the popular and widely-used free open source program TrueCrypt. Experts in both countries apparently spent months trying to discover the passphrases using a dictionary attack, a technique that involves trying out large numbers of possible character combinations until the correct sequence is found.

Brazilian reports mention that the authorities had no means of compelling the makers of TrueCrypt to help them though it is hard to see how its creators could have helped.

If a complex passphrase has been used – a random mixture of upper and lower case letters with numbers and special ASCII characters throw in – and the bit length is long, formidable computing power and time would be required to chance upon the correct passphrase.

TrueCrypt also uses what is termed a 'deniable file system' approach to encrypting whole hard drives. Under this design, the existence of the encrypted partition will not be obvious to anyone examining the drive allowing the individual using such encryption to plausibly deny its existence.

The logic is persuasive. If an encrypted partition or files is detected by investigators is puts the person using the encryption in the difficult position of having to refuse to disclose the passphrase, a potentially incriminating stance.

By interesting coincidence, around the time of the arrest of Daniel Dantas in 2008, a team including encryption celebrity Bruce Schneier found weaknesses in Truecrypt 5.1's implementaion of the technology that could compromise the plausible deniability design.

Although 'data leakage' of the sort noted by the team examining TrueCrypt would not allow investigators access to the encrypted files it is possible that this flaw betrayed the fact that encryption had been used by the defendant.



Share:

More from Techworld

More relevant IT news

Comments

Fettson said: Did people not learn about the exponential fucntion in schoolThe difficulty to crack depends entirely on the password strength if randomly generated and a very tiny amount of luck posible symbolslengthPasswords Second The maximum amount of time it will take to crack the password Lets assume case-sensitive-alphanumeric password 62 symbolsPasslength of 10 letters and the strongest computersystem i could find online to crack it 350 billion guesses per second the password would take at most a bit over a day to crack 28 hours BUT if there was 11 letters instead it would take more than 2 MONTHS to cover all possible combinations 20 symbols would take 1500000000000000000 YEARS to cover all possible combinations even if we assume they got lucky and would only have to go through 1 of the possible combinations before finding the right password by then the earth would not even exist anymore and then we havent even included symbols like and

misdirection said: With or without a keyfile AES 256 bit cannot be cracked Just a randomly generated password 20 char in length and its not in the dictionary -- GOOD LUCK

misdirection said: They cant and even with complicated randomly generated password It would take NSA good 10000 years to crack it So no NSA cant do it

Pinger said: imposible now i 2012 i think it is possible also it can be untrue information just for anyboth that hides bad files behind truecrypt

rosdi said: Password is not the only problem FBI have to crack here what if the user uses keyfiles FBI has no way knowing this even though they might have the password but without the correct keyfiles it is still useless

Dodge34 said: And what if this news was invented to make us believe in TrueCrypt Im quite sure the FBI can have a quick access to anything like TrueCrypt encrypted files with their 10000 super computers or even more best way to have something really secured is to make sure the data is destroyed after a few attempts of finding the correct password

Admin said: truecrypt is a powerful program indeed

Vito said: As if we didnt already know that TrueCrypt was the shiznit

crypto said: I have been using TrueCrypt for several years now and Im glad to hear that the Feds cant crack it though Im sure the NSA can but they wont help in this case as its not National Security and not in American Interests to do so



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *