[WP] Pedo refuses to give up password to his hard drive

More than likely true. Researchers have accomplished it with supercomputers to a certain extent - i think it took like 16 months if i remember correctly.

EDIT: I was thinking of the RSA challenge. My bad. Not quite the same thing.

 

It seems to me they don't have to crack the encryption key, they have to get his password. Brute force cracking a password is very possible. The biggest worry is the software locking up for a period of time after X number of login attempts, but even that can probably be avoided. It may take too long if you has a really good password (mixed case, numbers, and symbols) and they don't have very good computer resources, but the fact that he left child p*rn in his temporary internet files tells me he's probably no the most computer savvy person out there.

 

It's not that simple.

 

So figuring out what his password is won't give them access to the data? Why did they ask him for it in the first place?

 

Sorry, the point is that this password (a private key) is not simple to brute force. It's bloody difficult.

 

Maybe you didn't read the whole article, but it says that the only way they are getting in without him giving up the password is for them to run a program that tries random passwords until it hits the right one, which will take years.


EDIT: I see you already took some flack.

 

The private key isn't the password, the password is what the user types in to get access to the private key. This isn't just a bunch of encrypted data that they have to crack, they have the software that was used to encrypt the data and that can decrypt the data, that software gives the user a way to access the data. The weak point is the password that the user has to type in, not the key used to encrypt the data.

 

Yes. But that password is probably a MD5 hash. Not trivial either.

EDIT/disclaimer: i have not studied cryptography since college, when i was a math dork.

 

Why did they even ask to see his laptop? This whole thing doesn't seem right.

 

another movie myth

 

I'm with you here... not on the hacking part, but on the warrant part.

Seems to me that encrypting something is simply "putting it in a private space," only it's in the digital world. So it's like the equivalent of having something in a safe in your house. If there is good reason to suspect the guy, I don't see why a warrant shouldn't be able to force him to let officers see into that private space.

Of course, as the original poster said, I'm not so sure the officer had grounds to be looking at the files on his computer in the first place. That's the murky area for me. The password dilemma is clear-cut by comparison.

 

It still wouldn't be easy but it would be exponentially easier than cracking the key itself. And if they can get the hashed value of the password and it's not a strong password they could crack it in a few hours or days depending on the hardware they have. There are databases that have the hash values of any 8 or less character passwords that it could be compared against.

A password without symbols should be crackable in about a month, and under 3 days with a supercomputer.
http://www.lockdown.co.uk/?pg=combi

 

I don't think its that rare to ask someone to turn on a laptop. Once when I was flying out of NYC I was asked to turn on my laptop. I think the fear is that the laptop casing could be used to hide a bomb or something else. In my case I just turned it on and when they saw it boot up they let me go. My guess is that if I had refused they would've seized the laptop.

 

this isn't a 4th amendment search issue...but a 5th amendment right to not incriminate oneself issue.

because he would have to reveal a password...a thought in his mind...the logic is that he is being compelled to testify against himself.

i dont know if the supremes would agree with this fairly liberal reading of the 5th. i hope it does. its the right reading. but this court?

 

Bosco.

 

Similar example: A guy murders and buries a person. The cops suspect him of the murder and see him with a shovel and dirt on his pants but, try as they might, they can't find the body. Can they order the guy to reveal where he's been digging? Where he's been digging is as innocuous as a password, except for what might be revealed when the police leverage the information.

 

I know that. But my point is that isn't how this issue should be viewed. Sure, it can be viewed that way if read literally. But if no one can ever be forced to give up a password, then it seems that no one could *ever* be held criminally liable for something that's encrypted. That's both ridiculous and unacceptable.

I'm saying the way this should be viewed is that the encrypted drive should be viewed the same way physical private space is viewed: it's private, unless there's good reason to search it (a warrant).

Rules for the physical world just aren't always gonna work for the digital world... a decision not to force him to give up the password would make pedos essentially invulnerable to the law as far as I'm concerned.

 

"So the combination is one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!"

"1 2 3 4 5? That's amazing! I've got the same combination on my luggage!"

 

Same thing happened to me, although I forget which airport it was. I don't pay much attention to the security signs, but I thought they mentioned that you should be prepared to turn on your laptop. I'm surprised more people haven't seen/heard of this.