FBI endorses TrueCrypt
Sarad AV
jtrjtrjtr2001 at yahoo.com
Thu Jul 1 22:19:16 PDT 2010
this is more like saying that the FBI endorses AES-256 (assuming the
implementation is correct). Then, AES is published as US FIPS 197.
Sarad.
--- On Fri, 7/2/10, Eugen Leitl <eugen at leitl.org> wrote:
> From: Eugen Leitl <eugen at leitl.org>
> Subject: FBI endorses TrueCrypt
> To: cypherpunks at al-qaeda.net
> Date: Friday, July 2, 2010, 2:38 AM
> Or they at least try to make it look
> that way, at least.
>
> http://www.theregister.co.uk/2010/06/28/brazil_banker_crypto_lock_out/
>
> Brazilian banker's crypto baffles FBI
>
> 18 months of failure
>
> By John Leyden b" Get more from this author
>
> Posted in Enterprise Security, 28th June 2010 11:49 GMT
>
> Cryptographic locks guarding the secret files of a
> Brazilian banker suspected
> of financial crimes have defeated law enforcement
> officials.
>
> Brazilian police seized five hard drives when they raided
> the Rio apartment
> of banker Daniel Dantas as part of Operation Satyagraha in
> July 2008. But
> subsequent efforts to decrypt files held on the hardware
> using a variety of
> dictionary-based attacks failed even after the South
> Americans called in the
> assistance of the FBI.
>
> The files were encrypted using Truecrypt and an unnamed
> algorithm, reportedly
> based on the 256-bit AES standard. In the UK, Dantas would
> be compelled to
> reveal his passphrase under threat of imprisonment, but no
> such law exists in
> Brazil.
>
> The Brazilian National Institute of Criminology (INC) tried
> for five months
> to obtain access to the encrypted data without success
> before turning over
> the job to code-breakers at the FBI in early 2009. US
> computer specialists
> also drew a blank even after 12 months of efforts to crack
> the code, Brazil's
> Globo newspaper reports.
>
> The case is an illustration of how care in choosing secure
> (hard-to-guess)
> passwords and applying encryption techniques to avoid
> leaving file fragments
> that could aid code breakers are more important in
> maintaining security than
> the algorithm a code maker chooses. In other cases, law
> enforcement officials
> have defeated suspects' use of encryption because of weak
> cryptographic trade
> craft or poor passwords, rather than inherent flaws in
> encryption packages.
More information about the cypherpunks-legacy
mailing list