FBI endorses TrueCrypt
Eugen Leitl
eugen at leitl.org
Thu Jul 1 14:08:34 PDT 2010
Or they at least try to make it look that way, at least.
http://www.theregister.co.uk/2010/06/28/brazil_banker_crypto_lock_out/
Brazilian banker's crypto baffles FBI
18 months of failure
By John Leyden b" Get more from this author
Posted in Enterprise Security, 28th June 2010 11:49 GMT
Cryptographic locks guarding the secret files of a Brazilian banker suspected
of financial crimes have defeated law enforcement officials.
Brazilian police seized five hard drives when they raided the Rio apartment
of banker Daniel Dantas as part of Operation Satyagraha in July 2008. But
subsequent efforts to decrypt files held on the hardware using a variety of
dictionary-based attacks failed even after the South Americans called in the
assistance of the FBI.
The files were encrypted using Truecrypt and an unnamed algorithm, reportedly
based on the 256-bit AES standard. In the UK, Dantas would be compelled to
reveal his passphrase under threat of imprisonment, but no such law exists in
Brazil.
The Brazilian National Institute of Criminology (INC) tried for five months
to obtain access to the encrypted data without success before turning over
the job to code-breakers at the FBI in early 2009. US computer specialists
also drew a blank even after 12 months of efforts to crack the code, Brazil's
Globo newspaper reports.
The case is an illustration of how care in choosing secure (hard-to-guess)
passwords and applying encryption techniques to avoid leaving file fragments
that could aid code breakers are more important in maintaining security than
the algorithm a code maker chooses. In other cases, law enforcement officials
have defeated suspects' use of encryption because of weak cryptographic trade
craft or poor passwords, rather than inherent flaws in encryption packages.
More information about the cypherpunks-legacy
mailing list