A little security help for my friends

More than a couple of people have asked me about computer security in the last couple of days, especially after the Tallbloke raid incident.

I’m offering a simple security solution for those that want to protect their files: a USB flash drive with built in hardware security that works on USB 3.0 and USB2.0 ports

See all the details here, buy one if you want a neat new gadget for Xmas (it sure beats getting socks or a tie).

About these ads

98 thoughts on “A little security help for my friends

  1. A note, however, I believe law enforcement warrants compel people to divulge keys/keycodes. You would essentially be in obstruction if you used hardware encryption to keep information away from the law.

    BUT… IANAL.

  2. Or use an encrypted filesystem with linux. Without the passphrase, you can’t even tell the drive is formatted. Even the filesystem metadata is encrypted. They can’t even tell that there are any files on it at all, let alone what is in them.

  3. The dubious statements claimed by the drive are as follows:

    “no software exists that can be cracked”
    This is not true if the attacker can get a key logger onto your computer before you use this drive.

    “blocks 100% of auto-run based malware attacks”
    While I can’t declare this false on principle, this seems much more likely advertising exaggeration than true.

    “Comes with secure erase software to allow full deletion of files you move from hard disk to the Dataguardian drive.”
    This software cannot be relied on to achieve successful full deletion of files. Especially because of temporary files created by viewers and editors and such. Only full drive encryption can be relied on to maintain security. This is especially the case when using flash drives, where the flash chips never overwrite a file but just leave the old file and write the new version at a different location. You can only delete any file on a flash drive by overwriting the entire flash drive. Even then, traces or entire files could remain in the weak blocks taken out of service by the drive controller. Some drives have a secure erase command to erase the entire drive, including the bad blocks, but it can be hard to run, especially if your computer bios locks your hard drive settings at boot, as many do.

  4. d55mayD55may says:
    December 16, 2011 at 5:05 pm

    > Whats up with the advertising?

    New products from http://www.weathershop.com/ warrant a post – others have. Note the right side nav bar images for “Monitor your own climate” amongst the books and the Dataloggers (I have three) at the bottom right.

    Both of those go to Anthony’s weathershop too.

    Note – these memory sticks are not from weathershop. Note that there’s plenty of other advertising here too.

  5. In the UK and other countries you can be compelled to disclose passwords, or end up in jail for contempt until you disclose the password (guilt until proven innocent). Similar things have been tried in the US when people were crossing borders.

    Things like TOR might help, although liberal application of thermite on short notice may be the only real solution. I can’t find the article but the cops in Russia or a near by country triggered a remote wipe while testing a car key to see what car it opened, of course this trick won’t work more than a few times :)

  6. Truecrypt will protect your complete PC on the fly whether Windows/Linux/Mac and is free. You can have an inner encrypted partition (file) that they can’t even see even if you are forced to divulge the key

  7. re post by: Jeremy says: December 16, 2011 at 5:09 pm

    I believe law enforcement warrants compel people to divulge keys/keycodes. You would essentially be in obstruction if you used hardware encryption to keep information away from the law.

    Perhaps – but I would think in the USA that the 5th amendment protects people from having to disclose passwords/keycodes, wouldn’t it? Otherwise, you’d essentially be testifying against yourself…. It would be interesting to know if any case law exists on this issue.

  8. By all means, protect your data. And, by all means, protect your right to free discourse.

    But, when it comes to climate information, we’ve nothing to hide. If some prominent “skeptic” does have something to hide, pertinent to the climate discussion, I’d advise offering it up. It would cause great harm to the skeptic side if a skeptic was found to have done something nefarious regarding the climate discussion and hid it from the law. I don’t think anyone will care about the music pirated or the porn on your PC. Some have stated the internets were invented for porn! ;-) If you’re sharing that stuff with a bit torrent or something of that nature, stop it.

    There are plenty of fights to fight regarding individual rights and privacy. But, towards the climate discussion we should take care not to be seen as hypocrites.

  9. Rational Debate says:
    December 16, 2011 at 5:57 pm

    re post by: Jeremy says: December 16, 2011 at 5:09 pm

    I believe law enforcement warrants compel people to divulge keys/keycodes. You would essentially be in obstruction if you used hardware encryption to keep information away from the law.

    Perhaps – but I would think in the USA that the 5th amendment protects people from having to disclose passwords/keycodes, wouldn’t it? Otherwise, you’d essentially be testifying against yourself…. It would be interesting to know if any case law exists on this issue.
    =======================================================
    In the U.S., one is compelled to blow in a breathalyzer if suspected of being drunk. If refused, guilt is assumed. The 5th amendment, like most of the constitution, is deemed only words to circumvent by our judges and lawmakers.

  10. When the Feds want you, NOTHING gets in their way. They’ve never been slowed down by nanotrivia like laws and constitutions.

    When the Feds aren’t interested in you, it may feel like the laws are protecting your “rights”, but in fact the only thing that’s protecting you is lack of interest.

  11. I think, I hope, some really good computer “geeks ?”, are so far ahead of the curve on this thing ……
    I mean it is a dream project, ain’t it ??

  12. I found ‘liberte linux’ .
    It gives privacy to your documents and anonimous surfing. Free for all, the bad guys and the good ones. Install in common usb stick and it leaves no trace on disk drives not even in the ram when unpluged.

  13. re post by: PuterMan says: December 16, 2011 at 5:53 pm

    Truecrypt will protect your complete PC on the fly whether Windows/Linux/Mac and is free.

    PuterMan (or anyone else knowledgeable about this stuff!), I’m ignorant about this stuff but interested – so a question for you please? I’m assuming that if one encrypts a drive, they can still work on it quite normally just as if it’s not encrypted, once the password is entered, correct? Thanks in advance for response(s)!

  14. The way I understand the law and caselaw in the UK (and in the US if one is crossing a border) one cold be arrested for not revealing the password to an emcrypted file on a computer storage medium that is under your control.

    So, for example, if I have a file on my drives labelled something like “all.f7″, I am obliged to reveal the password, and can suffer the consequences of I do not reveal it or claim that I do not know/remember it.

    IANAL

  15. FREE – Full Disk Encryption or just encrypted volume (on ordinary cheep USB stick)
    TrueCrypt – Free Open-Source On-The-Fly Disk Encryption
    Software for Windows 7 Vista XP, Mac OS X and Linux !!!!

    http://www.truecrypt.org/

    How to Set Up TrueCrypt Disk Encryption, Part 1 – eSecurity Planet

    http://www.esecurityplanet.com/features/article.php/3865291/How-to-Set-Up-TrueCrypt-Disk-Encryption-Part-1.htm

    Sorry officer/m’lud I can’t remember the passphrase due to the trauma , shock & etc.

  16. If they ask for your password say you forgot it. They can’t prosecute you for forgetting your password and you can’t give it to them if you forgot it and they can’t prove you did not forget it. Use Truecrypt http://www.truecrypt.org/ an open source utility which can encrypt your entire hard disk or create mountable files. it can even create hidden volumes so that it does not even appear to have encrypted files at all.

    Anthony: Please tell your readers about Truecrypt. It is excellent. I have not affiliation with them, i just like their software.

  17. re post by: James Sexton says: December 16, 2011 at 6:14 pm

    By all means, protect your data. And, by all means, protect your right to free discourse. But, when it comes to climate information, we’ve nothing to hide.

    James, this isn’t an issue related to whether one has anything to hide or not – it’s a matter of civil liberty. As I understand things, at least, if police come to your house with a warrant, the warrant has to specify exactly what they are looking for. They are allowed to search for, confiscate, and read or evaluate only those things which appear clearly related.

    If they seize someone’s hard drive, however, there is nothing to prevent the reading and evaluating of other utterly unrelated files at leisure, and by many different individuals. That leaves one open to abusive use of that information. Obviously things like that should never happen, but as we all know, police and all officials are human too, and some percentage will be corrupt, or happen to have an unfounded (in law) grudge against you (or someone you happen to be corresponding with on the computer), and so on.

    And that’s totally aside from the issue of using encryption to protect oneself against thieves, or accidental loss of a laptop, etc.

    In other words, it seems that there are many different reasons for encryption to be a smart thing to do.

    Also, re post by: C3 Editor says: December 16, 2011 at 5:57 pm

    Thanks for the info and link on key disclosure law in the USA.

  18. will not work with the judges and the police

    It will in New Zealand.

    I’ve even been involved in a case where a guy had encrypted data that couldn’t be accessed by the Police. Annoyingly, as we knew it was the worst sort of paedophilia.

    However, security of this type is not a solution for most people worried about the cops. If the Police come they will take your protected data. So you won’t have it, which is a bit of a problem if you actually need it. And what’s the point of having data you don’t need?

    The Police won’t give it back if they have good reason to believe that it contains illegal material.

    So, good protection, but only for certain situations. More businesses should use these, for example, to hold accounts and personal data.

  19. re post by: James Sexton says: December 16, 2011 at 6:18 pm

    In the U.S., one is compelled to blow in a breathalyzer if suspected of being drunk. If refused, guilt is assumed. The 5th amendment, like most of the constitution, is deemed only words to circumvent by our judges and lawmakers.

    James, I don’t know exactly how the law works with respect to breathalyzers – or what a good lawyer would advise someone to do if they are ever asked by a policeman to blow into one.

    I know the 5th is commonly viewed as something only used by the guilty – but it ought NOT be viewed so, and this is one right that we really ought to be fighting to both keep, and to overturn that prejudice where ever we encounter it.

    On another thread just recently, the one about the situation with Tallbloke, someone posted an excellent youtube video link regarding advice on whether one ought to ever talk to or cooperate with police without a lawyer present- with history and info on the 5th amendment included. It’s a talk to a law class, by a very well established lawyer, with brief followup by a long time police detective. This is a video that I suspect would be well worth everyone watching if they haven’t already, so I’ll pass it along.

  20. Protect your data by putting it on the oldest CP you can find. After all, they only took Tallbloke’s laptops, not the ancient hardware.

    I have a ZX80 going cheap – spend some of those oil dollars you are all getting.

  21. One of the things that concerns me about encrypting files is that I’m really good at forgetting passwords and most of the passwords I come up with seem to be initially really easy to remember and hard to guess. Of course 2 weeks later I’ve forgotten what interesting mathematical operations I performed to generate the numbers in the passwords and can’t remember which letters were upper or lower case. Having essentially trashed an Oscar EMR installation through forgetting of passwords, I’ve decided that I no longer encrypt data. Thus, I utilize the security through obscurity technique and think I’m up to about 20 Tb of disk storage at this time. Having had to search for certain files from years ago I’ve found out that even going through a couple of Tb of data takes a long time.

    For data that I do encrypt I use PGP and a 2048 bit key. The password that I use has never been written down and just have to remember to turn off my keylogger when I use PGP. For those who want to use PGP, only the early versions are still open-source and the version I use is for a 680×0 based Mac which I access through BasiliskII which emulates a Mac on a PC.

    The nice thing about having so much data is that it’s impossible for an outside party to know what is relevant and what is just cruft. Another way of achieving security through obscurity is via steganography although this works best with non-compressed image data. Another place to hide data is in the last bit of ripped CD’s although comparison of the file with the actual CD would show that there was something hidden there. I have hundreds of music CD’s that I’ve ripped to my hard drives and this is a very large amount of potential storage space. The effect of using the LSB on sound quality would be minimal except in really quiet passages.

    The only data that I’m really interested in encrypting is patient medical data. There are legal requirements to encrypt this but the result of this mandated security with constantly changing passwords has resulted in it being very easy to find passwords usually written on a sticky attached to the medical offices receptionists computer. The only non-breakable form of encryption is a one time pad and a music CD is one way of providing a 600 Mb encryption code which can be applied to data via a simple XOR transformation. Again, one has the problem of being unable to access data should the original CD become damaged.

    Given that one can get a very tiny SD card with 8 or 16 Gb capacity, putting sensitive information on this medium in unencrypted form and hiding the card is a better long-term solution as forgetting the password means that the data is gone forever. More important is knowing what is on ones hard drives as I’d be more concerned about police suddenly “finding” child porn on a seized drive than anything suspicious on my hard drives. Thus I create periodic directory files of all of the drives that are in use and store them separately from the hard drive.

  22. Okay so, in the UK there is the RIPA act – Regulation Of Investigatory Powers Act 2000 – which basically turned the UK into a Police State.

    Even if you encrypt your data, this act gives police the power to DEMAND the keys to decrypt your data, with an automatic penalty of 2 years in prison if you refuse to do so.

    It’s that bad.

    The way around this, is to use Truecrypt.

    With Truecrypt, you can hide a complete Windows installation within what appears to be random data on your hard drive, which only appears when you type in one of three pass phrases.

    What you then do, is create what appears to be just a typical Truecrypt hidden volume, which is protected by the second of three passwords, to which you add “sensitive” data (say bank account details and ordinary passwords, ordinary correspondence to family or friends etc.) , such that when you are compelled by the UK police to reveal your keys under penalty of imprisonment, they get to see this “sensitive” data.

    After this, you then create a “decoy” OS installation, from which you boot every day and use normally. Again, this is accessed via the third of the three pass phrases involved. This is your “day to day” OS, which you use to perform your everyday tasks.

    The Hidden OS is used only when you are doing something REALLY sensitive – like say corresponding with a whistleblower for example, using completely encrypted (PGP) email, throwaway or completely different email accounts, via the Tor network, etc etc etc.

    When the police come to your door and DEMAND the keys to your encryption,you give them 2 out of the 3 keys (passwords/phrases) – the key to the “day to day” use OS, and the key to the Hidden Volume which stores your “sensitive” documents. You then with a poker-face explain that those are the only keys to your encrypted stuff, that you have complied with the RIPA 2000 Act etc etc.

    There is absolutely no way to tell if there is a Hidden Operating System on your hard drive, if you do everything precisely the way in which the Truecrypt methodology entails.

    Everything you need to know about this is on the Truecrypt website – including everything you need to appear plausible in front of law enforcement.

    I hope this clears things up for folks.

  23. I find those expensive hardware solutions very dubious. You cannot inspect them for backdoors.
    I can only recommend open source software for security. You do not need to examine the source code yourself. If it is open source, someone will, sooner or later.

    Windows users checkout Truecrypt.
    Linux users read about cryptsetup.
    Webmasters enable https

    All users, get to know GPG, ssh, Tor, SSL

  24. Also, there is absolutely NO need to purchase these specialized USB data keys – and they will NOT protect you in the UK from the RIPA Act 2000. Only the Truecrypt route I described above will protect you from that.

    Note also you can create your own far cheaper encrypted USB stick using the method I described above.

  25. What is wrong with being tested for drink driving randomly.

    If your over the limit you shouldn’t be on the road – end of story.

    No-one compels you to drink and drive but drunken drivers are a menace we can do without.

  26. Haven’t y’all folks in the USA been paying attention? I suggest you read HR 1540 (National Defense Authorization Act of 2012), in particular Sections 1031 and 1032. http://thomas.loc.gov/home/thomas.php .

    Quote:

    SEC. 1032. REQUIREMENT FOR MILITARY CUSTODY.

    (a) Custody Pending Disposition Under Law of War-

    (1) IN GENERAL- Except as provided in paragraph (4), the Armed Forces of the United States shall hold a person described in paragraph (2) who is captured in the course of hostilities authorized by the Authorization for Use of Military Force (Public Law 107-40) in military custody pending disposition under the law of war.

    (2) COVERED PERSONS- The requirement in paragraph (1) shall apply to any person whose detention is authorized under section 1031 who is determined–

    (A) to be a member of, or part of, al-Qaeda or an associated force that acts in coordination with or pursuant to the direction of al-Qaeda; and

    (B) to have participated in the course of planning or carrying out an attack or attempted attack against the United States or its coalition partners.

    (3) DISPOSITION UNDER LAW OF WAR- For purposes of this subsection, the disposition of a person under the law of war has the meaning given in section 1031(c), except that no transfer otherwise described in paragraph (4) of that section shall be made unless consistent with the requirements of section 1033.

    (4) WAIVER FOR NATIONAL SECURITY- The Secretary of Defense may, in consultation with the Secretary of State and the Director of National Intelligence, waive the requirement of paragraph (1) if the Secretary submits to Congress a certification in writing that such a waiver is in the national security interests of the United States.

    (b) Applicability to United States Citizens and Lawful Resident Aliens-

    (1) UNITED STATES CITIZENS- The requirement to detain a person in military custody under this section does not extend to citizens of the United States.

    (2) LAWFUL RESIDENT ALIENS- The requirement to detain a person in military custody under this section does not extend to a lawful resident alien of the United States on the basis of conduct taking place within the United States, except to the extent permitted by the Constitution of the United States.
    Endquote

    Note that although it is not “required” to detain a citizen in military custody, it remains an “option”. You don’t get a lawyer or any other rights if the govt. claims you are a suspected person under the definition. You just disappear.

  27. [quote]In the U.S., one is compelled to blow in a breathalyzer if suspected of being drunk. If refused, guilt is assumed. The 5th amendment, like most of the constitution, is deemed only words to circumvent by our judges and lawmakers.[/quote]
    Not quite. You can lose your driver’s license, but are not guilty unless they can prove it some other way.

  28. re: Jeremy’s comment above:
    In the US, you absolutely do NOT have to divulge the encryption key(s) to any secured device. They can take the device if they have a warrant but you do not have to give them the password. The Electronic Freedom Foundation has a whitepaper on the topic at https://www.eff.org/wp/know-your-rights. A grand jury or judge may compel you to decrypt the contents but generally only when you are not the subject of the investigation.

    re: IANAL’s comment, the US can seize a computer without a warrant when you cross a border but even there you do not have to divulge the password.

    (And, yes, the folks at EFF are very good lawyers.)

  29. Rational Debate says:
    December 16, 2011 at 6:39 pm

    re post by: James Sexton says: December 16, 2011 at 6:14 pm

    By all means, protect your data. And, by all means, protect your right to free discourse. But, when it comes to climate information, we’ve nothing to hide.

    James, this isn’t an issue related to whether one has anything to hide or not – it’s a matter of civil liberty……
    ================================================
    Rational, I entirely agree with what you’ve stated in your response to both of my comments. Things ought not to be the way things are. But they are. My intention was to alert some people about how things are vs. how things ought to be.

    I’ve been twisting back and forth on the cause for the intrusion of T.B.’s computers/information/life. My perspective is this…….. if our law enforcement (on both sides of the pond) were really that incompetent as to believe his PCs would hold information pertinent to the crime of hacking into UEA’s servers, then, by all means, provide all the information necessary. If this is a form of harassment and intimidation, then show them you can’t be intimidated. From what I’ve gleaned, T.B. has followed this line of thinking.

    As to the thinking that one can hide data by encryption from the police….. not. As bungling as they can be, eventually they’ll be smart enough to find a hacker that can hack your stuff. When my superiors question me about the security of our network, I always tell them an age old American adage. “There’s never been a horse that couldn’t be rode. There’s never been a cowboy that couldn’t be throwed.” Data security is an illusion. It’s like locking your door at night. If someone wants in, they’ll get in. As to our rights to privacy, and against self incrimination, that too, is an illusion. It shouldn’t be this way. It wouldn’t be this way in a free and just society. It is this way.

    For the people wondering what they should do if this is a form of intimidation. Exact a cost. When I was a young person, people would attempt to bully me. (I’m short in stature and was thin as a young person.) On occasion I would be pummeled by a much larger person. The way to make this stop is to exact a cost. Typically, in the instances where I couldn’t win, I’d wait until they weren’t prepared, or watching. And, I would exact a cost. Make it to where the bullies will find it much easier to deal with someone else than to deal with you. In that case, encryption, password protection, obfuscation, misdirection, and all of the rest of the arsenal is what one should opt for.

  30. Sam Hall says:
    December 16, 2011 at 7:46 pm

    [quote]In the U.S., one is compelled to blow in a breathalyzer if suspected of being drunk. If refused, guilt is assumed. The 5th amendment, like most of the constitution, is deemed only words to circumvent by our judges and lawmakers.[/quote]
    Not quite. You can lose your driver’s license, but are not guilty unless they can prove it some other way.
    =========================================================
    Yes….. proof being deemed as the word of the arresting officer. But, if that doesn’t work, yes, losing your ability to drive, fines, and jail when you don’t blow into the machine, but not convicted of DUI is somehow deemed not technically convicted. It is a Pyrrhic victory.

  31. This is windows only stuff. Use linux. Put encrypted filesystems on ordinary USB keys. Encrypt your entire system if you feel like it. Or better still put linux on a USB key.

  32. Encryption is not data security it is a delaying or a cost-value tactic.

    One purpose of encryption is to delay access to some information until such time as the information no longer has value to the attacker (An invasion plan). Alternatively, if the cost of decrypting the encrypted information is greater than the potential value of the information then there is no net benefit to the attacker (The Neman Marcus Cookie Recipe).

    All encryption can be compromised if the value the attacker assigns to the information is greater than the cost of the attack. Most major intelligence organizations have the resources to successfully attack all encryption methods.

    If you have data that you need to keep secret then it must be either guarded physically or hidden physically; because physical access it total access.

    A simple and effective method for securing data in your home is to use a short-range wireless network storage device kept in your attic with the power controlled by a receive-only remote control power bar. No emanations when it is off, not visible, and only on when you need to use it.

  33. Mike Rossander says:
    December 16, 2011 at 7:47 pm

    ….In the US, you absolutely do NOT have to divulge the encryption key(s) to any secured device. …A grand jury or judge may compel you to decrypt the contents but generally only when you are not the subject of the investigation.

    Uh, didn’t you just contradict yourself? We were discussing a case wherein the person who was served with a warrant was not the suspect, so my point would seem to apply.

  34. Rosco says:
    December 16, 2011 at 7:25 pm

    What is wrong with being tested for drink driving randomly.

    If your over the limit you shouldn’t be on the road – end of story.

    No-one compels you to drink and drive but drunken drivers are a menace we can do without.
    =====================================================
    Nothing, if you don’t care about the 5th amendment. Rosco, rights are only preserved when you defend the rights of others. If you don’t defend other people’s rights, you’ve no expectation of having your rights defended.

  35. There is a disturbing and long history of these devices having worthless encryption. For example, these devices, which were supposedly certified to government FIPS standards:

    http://www.schneier.com/blog/archives/2010/01/fips_140-2_leve.html

    One of the comments to that article mentions another older USB drive that stored the password on the drive encrypted with nothing but XOR to a constant key. Several manufacturers have been intentionally using these bad designs for many years and have continued until recently. There is no reason to trust that they will change their ways anytime soon. Nobody can economically tell if they have done a decent job of the encryption in these devices. For this kind of encryption, open source software like Truecrypt that can be inspected by public experts, is the best choice.

  36. James Sexton says on December 16, 2011 at 6:18 pm

    In the U.S., one is compelled to blow in a breathalyzer if suspected of being drunk. If refused, guilt is assumed. The 5th amendment, like most of the constitution, is deemed only words to circumvent by our judges and lawmakers.

    Not quite; there may be some penalty for ‘not blowing’ as this is usually part of the law written into the ‘agreement’ you agreed to for the privilege of obtaining a drivers license (you gave what is called “Implied Consent” – you agreed to ‘testing’ in various forms, incl blood and breath, when you applied for and obtained your DL).

    For instance, regarding Florida’s “Implied Consent” Warning and a refusal to take a breathalyzer test:

    In order for the fact that the driver refused to submit to chemical testing to be admissible at trial, the officer must read the driver Florida’s implied consent warnings.The implied consent laws in Florida require that any driver who accepts the privilege of driving a vehicle with the state is deemed to have given consent to submit to an approved chemical test of the driver’s breath, urine or blood.

    So, in FL ‘refusal’ to take a breathalyzer test after being read the “Implied Consent” warning subjects a person to legal sanctions.

    Upon refusal, in any case, a judge in most states can still issue a warrant in order to ‘draw blood’ for the purposes of a blood-alcohol test as well.

    .

  37. Rosco says:
    December 16, 2011 at 7:25 pm

    What is wrong with being tested for drink driving randomly.
    ========================================================
    Sorry, I was too brief in my first response. Randomly? That is the most despicable application of the totalitarian state I’ve ever come across. We used to view the Soviets with contempt when our movies would portray the random road blocks in the USSR and they’d have people stopped and stated, “Your papers, please.” I ask you, what is the difference? You do understand the road blocks aren’t specifically for drunks. They are a catch all. Drunk? Licensed? Insured? Pot? Whatever else. There is no probable cause. There is only that you are driving on the roads you helped pay for.

    It is a sad, sick and perverted world to see the victory won by our fathers against such a state only to watch their sacrifice be all for naught. Khrushchev was right. They won without firing a shot.

    Do people not understand what was meant when our forefathers stated things such as, “If ye love wealth better than liberty, the tranquillity of servitude than the animating contest of freedom—go from us in peace. We ask not your counsels or arms. Crouch down and lick the hands which feed you. May your chains sit lightly upon you, and may posterity forget that ye were our countrymen!” Or, “What is it that gentlemen wish? What would they have? Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery? Forbid it, Almighty God! I know not what course others may take; but as for me, give me liberty or give me death!” or,”Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety.”

    These are all well known, so I won’t bother with attribution, but what these people were stating, there are things more important than mere existence. They are the idea and principles of freedom and liberty. Random checkpoints are an antithesis to Liberty. Of course, it is correct to note people won’t defend your right to life while driving drunk. Which brings us to another Adams….. John….. “Our Constitution was made only for a moral and religious people. It is wholly inadequate to the government of any other.” So, unless you wish to sit as the arbiter of what is moral and religious, it is still the obligation of all citizens of the U.S. to strive for the liberties and freedoms, invoked by Nature, and described by our fathers.

  38. Paranoia has crept in here, surely the only reason they are investigating TallGuy is because they have evidence that he was involved in “stealing” the UEA E-mails. Looking at this from the “other end of the telescope” The UEA should be compelled to release the E-Mails as it is in the public interest to have a truly transparent debate on how they have come to the decisions over human interaction with climate; after all the decisions they make have global consequences for us all. The tactics of criminalizing sceptics is very clever , it distracts from the real story of whether the UEA et al have skewed the evidence to suit their own agenda.

  39. Mooloo says:
    December 16, 2011 at 6:47 pm


    And what’s the point of having data you don’t need?

    Or in the case of Phil Jones, what’s the point of needing data you don’t have?

  40. Anthony,

    Any chance you could have those made up with a logo on them? Maybe have Josh come up with something appropriate? Of course they should come with a pre-loaded file that only decrypts with the password “FOIA” or maybe “wattsupwiththat” to….surprise us.

  41. itsteapot says:
    December 16, 2011 at 9:17 pm

    …….. surely the only reason they are investigating TallGuy is because they have evidence that he was involved in “stealing” the UEA E-mails. …..The UEA should be compelled to release the E-Mails as it is in the public interest to have a truly transparent debate on how they have come to the decisions over human interaction with climate;
    ====================================================
    I’d be really surprised if that were the case. But, you’re correct with your assertion about the UEA and making their emails available. What is ironic, is that we wouldn’t have bothered with them had they not shown evidence of collusion even prior to the first release of the emails. All one had to do was to follow the Steve Mac’s blog to know the climatologists did collude…. and worse.

  42. For those asking questions, there are a lot of very good answers in this thread, but the bottom line is this:

    1. Any method that is 100% secure renders the computer useless. You have to strike a balance between security and utility.
    2. The stronger the security method you use, the more complex it becomes for you to access your own data, and the more likely it will be that you make your own data inaccesible from yourself (losing your encryption password for example)
    3. Encryption is a very good way to protect sensitive data, but encyrption isn’t 100%. As noted above, breaking an encryption key is only a matter of time and resources versus the value of the data.
    4. All the security on your personal computer in the world doesn’t protect you from what you do with your computer on the internet. You have to access the internet through an ISP service, and the ISP service can track all sorts of information about what sites you visit and what you downloaded and so on. There are ways around that too by using your ISP service to get to a proxy service etc to hide your tracks, but frankly, unless you are doing something illegal why would you go to the trouble? Whistle blowing would be the obvious exception.
    5. If you want to keep it simple, but still protect your data, biometric authentication is easiest and pretty effective. You can get USB drives that are keyed to a fingerprint for example. No password to lose. But that doesn’t mean that someone with sufficient time and resources can’t get the data. It just makes it pretty simple to protect your data, hard to lose your “password”, and expensive enough that unless your data is worth millions, no one will be going after it. Of course, if your data is worth that much, you should be engaging a professional to protect it.

  43. Rosco said:
    December 16, 2011 at 7:25 pm
    What is wrong with being tested for drink driving randomly.
    If your over the limit you shouldn’t be on the road – end of story.
    No-one compels you to drink and drive but drunken drivers are a menace we can do without.
    ********

    Currently in Houston (Harris County) there is a “run away” Grand Jury proposing the indictment of a number of people in the District Attorney’s office for various conspiracies involving the whitewashing of the fact that the Houston Police Department has routinely used special “mobile labs” that give “erroneous” data, for their setups.
    So you could be sober but still have the cops produce evidence that you are dead drunk.
    Enjoy your time behind bars, thanks to “uncalibrated” instruments. You don’t think that weather stations are the only equipment that gives phony data do you.

  44. _Jim says:
    December 16, 2011 at 9:08 pm

    James Sexton says on December 16, 2011 at 6:18 pm

    In the U.S., one is compelled to blow in a breathalyzer if suspected of being drunk. If refused, guilt is assumed. The 5th amendment, like most of the constitution, is deemed only words to circumvent by our judges and lawmakers.

    Not quite; there may be some penalty for ‘not blowing’ as this is usually part of the law written into the ‘agreement’ you agreed to for the privilege of obtaining a drivers license (you gave what is called “Implied Consent” – you agreed to ‘testing’ in various forms, incl blood and breath, when you applied for and obtained your DL).

    For instance, regarding Florida’s “Implied Consent” Warning and a refusal to take a breathalyzer test:

    In order for the fact that the driver refused to submit to chemical testing to be admissible at trial, the officer must read the driver Florida’s implied consent warnings.The implied consent laws in Florida require that any driver who accepts the privilege of driving a vehicle with the state is deemed to have given consent to submit to an approved chemical test of the driver’s breath, urine or blood.

    So, in FL ‘refusal’ to take a breathalyzer test after being read the “Implied Consent” warning subjects a person to legal sanctions.

    Upon refusal, in any case, a judge in most states can still issue a warrant in order to ‘draw blood’ for the purposes of a blood-alcohol test as well.
    ==============================================================
    Jim, I love that rationale…… of course rules vary from state to state, in many cases asking for a blood draw is the same as refusing a breath analysis. But, either way, what difference does it make? If refusing to testify against yourself results in loss of rights and privileges what right do you really have? I really didn’t mean for the conversation to move to a discussion about drinking, but, I’m a drinker so I’ll go with it. It is a case in point. The impetus for me involving myself in the climate discussion was always the issue of Liberty. Right, wrong or indifferent, colding, hotting, or warmcolding….. none of the issues they may present is worth the Freedoms we have. In my experience, it has been serendipitous to discover the ills imagined from this global warming issue were just that……. imaginary. Turns out, the CO2 correlation is a machination as well. It is heartwarming and welcomed.

    But, in the end, if it turned out that we were hotting up the world and the warming would present difficult weather, I’d still oppose the solutions. Liberty under harsh conditions is preferable to servitude under favorable conditions.

  45. If you don’t believe the UK is a police state keep reading.
    I was driving home with the wife last month, after shopping in town, when I heard a siren. Looking in the mirror, expecting to see an ambulance or fire engine, much to my surprise I see an unmarked car with flashing blue rights. This car is right on my tail with plenty of room to overtake so I assume they want me. I pull into a layby and a uniformed policeman gets out of the car behind and asks me for my insurance !?!?!
    After a lot of palavar and the police visiting my home it appears my insurance company had missed updating the DVLA computer when my AUTOMATIC RENEWAL went through.
    A bored policeman entered my licence plate number and BINGO – found a criminal – SHEESH!

    Statistics say there are over 2 million unensured vehicles on the UK roads but they managed to catch me in two weeks! Go figure.

  46. 1. Unless you create your files on a safe computer, saving them safely won’t help. Malware will watch you creating documents. They don’t care then how you store them, they have the information.
    2. Get a second PC and never connect it to the internet. Only generate valuable files on that PC.
    3. Be aware that security services can detect you typing on that PC through vibrations via the mains socket. Trust me, they can. It’s scary but true. You need to be aware of that and do something about it.
    4. If the US Government really want to follow you, they’ll use a satellite. Your PC is never free of their bugging eyes, unless you build a metal-encased tomb underground.

    That’s the corporate world nowadays. It’s why they are encouraging ‘inventors’ and ‘entrepreneurs’. Because if the ideas come from the little guys, they can steal them. Without fear of lawsuits.

    Cynical, sad?

    The truth, I’m afraid………

  47. davidmhoffer says:
    December 16, 2011 at 10:20 pm

    For those asking questions, there are a lot of very good answers in this thread, but the bottom line is this:

    1. Any method that is 100% secure renders the computer useless. ……
    ==============================================
    I’m supposedly one of those “professionals”, and what you’ve stated is exactly correct.

    Time and reason, these are the things which keep one person’s data safe. And, as I stated earlier….. exact a cost. Give the SOBs reasons to move on. There’s someone easier around the corner. The credit card I use online has a very small limit. My taxes are on a different PC. ……yeh, they can come get me…..but, gosh the dance they’d have to do to get what little low hanging fruit they’d want….. of course that’s just for the average bad person. If we’re talking about a person who’s out to get you……. that’s what gun ownership is for. …… The 2nd amendment is because our founding fathers were smarter than most of us. :-)

  48. Richard111 says:
    December 17, 2011 at 12:20 am

    If you don’t believe the UK is a police state keep reading.
    =======================================
    That is heartbreaking. Because you didn’t purchase from a private company in the proper manner, you are subject to search and seizure. I wish us yanks could say we’re above that. But, as you can see by this thread, we are not, and not only that, we still have advocates who believe this is proper.

    What is exceptionally noteworthy is that the principle of “a Man’s home is his castle” is one of the foundations of U.S. Constitutional law. Sadly, our application of such principle is applied in much of the same manner it is in Great Britain.

    Don McLean is singing now. Starry, starry night…...

  49. Be careful with “secure” USB drives. Many of them don’t actually encrypt the data, after all. So if the USB drive is opened and the flash memory is accessed directly, the data is there plain to read (this is easy as 1-2-3 and has been demonstrated by IT magazines in tests).

    In any event, using a USB drive in a Tallbloke scenario is missing the point.

    Obviously, they tracked him through his user account after posting. And in the UK, you can be forced to reveal any password, or else go to prison to contemplate about it a bit longer… ;)

    I you feel the need for added security, go online ANONYMOUSLY. Of course you must act legal at all times, even if anonymous, yes, that’s right.

    Don’t use your subscription landline/broadband and/or school/uni/library access – that does not qualify as anonymous and they will end up ringing at your door again for obvious reasons. (that wasn’t obvious to those anonymous and lulzsec kids; and also TOR connections can often be traced back, unlike popular believe – another thing that wasn’t obvious to them… I have read a forensic report on Tor, and they say they can often trace up to 6-7 out of 10 connections back with a high degree of certainty, if they badly want to – I don’t use it… it is a hassle, and if you reaaaally had to stay anonymous, you may well not be – of course I would use it anyway if I had to email a human rights report from Iran or some such thing)

    Depending on where you live, there may be pay-as-you-go wireless USB internet access sticks available which you do not have to register to a name/address — AND do not top it up with your credit card!! :) That means you can actually remain anonymous.

    Internet USB drives like this are available in the UK, for example (hint-hint, tallbloke..) – as are anonymous pay as you go phones, and, low and behold, credit cards !! Yes that’s right, you can buy throw away credit cards at corner stores/at news agents and top them up right there with cash. I have a bunch, because for some reason, Valve/Steam didn’t accept my ‘proper’ credit card.

    Anyway, that was my first thought – the guy is sitting on a heap of Sun boxes and must be thinking he is an IT big-shot, but no clue at all about internet security and/or how to stay anonymous, and probably even more so, no situational awareness, cough-cough… With the Climategate history as we know it, this was totally foreseeable, so I cannot feel sorry for him. I would have bet money on something like this happening.
    Then again, the real issue here is proabably not that he is such a n00b, rather, he wanted to take the credit for breaking the news… ahh.. pride broke his neck… maybe he had the means to do it anonymously, but he sought recognition, and now he’s got it – who’s to complain about that? – Same is true about the Manning/Wikileaks cables – not content with what he did, he had to go around and brag about… what a fool. If there were no criminal charges attached to what Manning did, he should still go to prison for being that stupid. I had to think about him again, as he is in the news these days, and I just cannot bring myself to feel sorry for him on that basis alone – riles me up without end… it is like f*cking up the ‘perfect crime’.

    So then kids, don’t go out and buy one of these, thinking you are invincible, especially if you get one of the type that doesn’t actually encrypt the data, even if the manufacturers all try to make them look as if they did (sometimes this isn’t 100% clear even after reading the tech specs sheet). And then encryption may not get you anywhere, if you reside in the ‘wrong’ country (e.g. UK). Long story short – don’t do naughty things :P

    Being aware of computer security is not a crime, and is actually actively endorsed by many governments (e.g. in Germany, they are actively peddling Live Linux CDs, advise on encryption, etc – you can download that directly from your friendly government) – only then running off with it and doing naughty things is not ok.

    As a matter of fact, don’t buy this and save your money if you don’t have a clue about computers (that’s 95% of you for this purpose). – That is the case if you felt like owning one of these would actually do something for you after reading the article – and some of the comments show that you are hot candidates….

    If you are e.g. a Windows 7 user, Windows will write (yes, actually write) backup copies of ALL your personal and system files with the volume shadow copy service (by default of the C drive, but you should check), and it does that regularly (who’s even heared of that before?). So even if you deleted your files and have them ‘secure’ on your USB, it takes anyone with a clue (= the guy examining your HD) 5 seconds to access the shadow copy and retrieve your data. (shadow copy is a bit more complex than can be explained in one line) If you don’t have a clue how, where and when your OS writes data, then you don’t need a secure USB key.
    There are many more concerns attached to avoiding and/or getting rid of this type of data, which I will not elaborate on, so don’t run off, delete your shadows and think you are up to something. You don’t have to go all the length for practical purposes, but you would have to go a veeery long way if you were looking forward to an interview at the police station and I cannot help you with that. – When they clone your drives, eventually they will find anything that’s on it, and even heaps more you didn’t even think or know about, e.g. shadow copies and other fun stuff.

    Don’t go out and buy this because chances are you won’t be a happy camper in the end, no one here is well advised by getting an encrypted key (that often isn’t actually encrypted to begin with).

    Of course having an encrypted key is great when you lose it at the local Starbucks or the library. In the UK, full/any HD encryption is also no help, because you would have to reveal the key. Which is why I don’t even bother – but then, I am not in the business of downloading/leaking data illegally… (actually, I once lost an external drive because I just couldn’t remember the password :) I think that is when I stopped messing with encryption because I have no use for it beyond curiousity)

    Getting one of these encrypted USBs will be ‘security by obscurity’ for many or most people reading here for one reason or another – if the concern is that the police comes knocking at your door and not just general data security.

    Encryption is NOT the subject Tallbloke should have contemplated, it is that other subject, all righties?

    The prospect of being able to encrypt data or remain anonymous should not embolden anyone to do naughty stuff – you should, however, consider it as a matter of good practice.

    This is not at all a complete guide on how to keep your system clean – I would be sitting here all day typing to achieve that (but it is not one of my concerns to do that for you), so if you are Dr Evil, you need to dig a bit deeper still in your own time.

  50. d55mayD55may says:
    December 16, 2011 at 5:05 pm

    Whats up with the advertising?

    Yes, terrible isn’t it, the idea of advertising on a privately run blog. Well, clearly Anthony is in the pay of big USB. Isn’t that obvious, d55may? Duh.

  51. Matt [December 17, 2011 at 1:29 am] says:

    “the guy is sitting on a heap of Sun boxes and must be thinking he is an IT big-shot, but no clue at all about internet security and/or how to stay anonymous, and probably even more so, no situational awareness, cough-cough… With the Climategate history as we know it, this was totally foreseeable, so I cannot feel sorry for him. I would have bet money on something like this happening.

    Then again, the real issue here is proabably not that he is such a n00b, rather, he wanted to take the credit for breaking the news… ahh.. pride broke his neck… maybe he had the means to do it anonymously, but he sought recognition, and now he’s got it – who’s to complain about that? – Same is true about the Manning/Wikileaks cables – not content with what he did, he had to go around and brag about… what a fool. If there were no criminal charges attached to what Manning did, he should still go to prison for being that stupid. I had to think about him again, as he is in the news these days, and I just cannot bring myself to feel sorry for him on that basis alone – riles me up without end… it is like f*cking up the ‘perfect crime’.”

    Not a whole lot of sense there Matt. Are you positive that you have even followed ClimateGate 2.0? I would review the facts if I were you.

    To the best of our knowledge, Tallbloke was the first blogger on whose blog there was a 3rd party person (FOIA) write a blog comment and post the link to the ZIP file. FOIA then went to several other sites and did the same. That is it. This whistleblower (FOIA) essentially did what you just did here, writing a comment on a blog.

    Tallbloke reported it by commenting on a comment to his blog and several others. What exactly do you mean by ‘taking credit’? The thrust of your statement implies to me that Tallbloke somehow deserves this or was asking for it. I suggest you back that up.

    P.S. Enough with the wikileaks comparison. Climatology is not equal to the Federal Military or State Department or state secrets. The punk stole classified material. In normal times he would be swinging from a tree before nightfall.

  52. I am afraid this device wouldn’t help Tallbloke in the UK. As Jeremy ((5:09PM) and John (5:53PM) have already pointed out, in the UK you can be compelled to disclose your personal passwords. In the UK this is sanctioned by the ‘Investigatory Powers Act, which imposes a penalty of 2 years imprisonment for failure to disclose. People have already been imprisoned under this act in the UK, so simply saying that you have forgotten it won’t work. However, I do not believe that there is any such law in the US.

    What you have to do is encrypt files without making it clear that files are encrypted., e.g. no password is prompted for when the file is accessed Alternatively, some software allows double encryption keys; what data you get to see depends on which password you type in.

  53. Um…

    For a blog which is meant to support a scientific approach there seems to be a lot of proposing of favourite answers before the question has been fully understood…

    The start point with security is not necessarily an encrypted USB stick, or, indeed, an encrypted anything. It is Risk Analysis.

    Security is about providing appropriate responses to threats. If you want to ‘do security’ in a professional manner, you should start by considering what you have got, considering what the threats to it are, and from that information, how you are going to protect it. If you do not do this, you will be looking for countermeasures without a clear idea of why you need them. You will be a salesman’s dream…

    There are a lot of cowboys out there selling defences which do not work. But even if you buy something that does work, it is useless to you if it doesn’t protect you, at an appropriate level, from the threats you actually face. And when you approach security in this way you will understand that a bit of hardware or software is usually of limited value without the physical, procedural and personnel countermeasures which need to go with it….

  54. Anthony, are you aware that Phil Jones and his cabal of scientists read this blog?

    Dam… now look what you’ve done. They now know about Data Guardian, and are in an even better position to hide their incriminating voodoo pseudo science when the police start investigating Lord Monckton’s complaint’s against them. They police will have to properly investigate.

    Lord Monckton has stated: “I have begun drafting a memorandum for prosecuting authorities…to establish…the existence of numerous specific instances of scientific or economic fraud in relation to the official ‘global warming’ storyline…they will act, for that is what the law requires them to do.”

    Of course, we know there will be a problem… the whereabouts of all the Data Guardian USB memory sticks that will have been unfortunately misplaced by Phil “Amnesia’ Jones!!!!

  55. davidmhoffer December 16, 2011 at 10:20 pm
    3. Encryption is a very good way to protect sensitive data, but encyrption isn’t 100%. As noted above, breaking an encryption key is only a matter of time and resources versus the value of the data.

    I don’t think that’s true. Based on what I’ve read, AES-256 is unbreakable, at least for some years to come, and it might be unbreakable, period.

  56. Now you are being stupid again, Anthony.
    Why are you implying that Tallbloke had files to hide?
    It was all about IP tracing a comment to a blog post.

  57. “If they seize someone’s hard drive, however, there is nothing to prevent the reading and evaluating of other utterly unrelated files at leisure, and by many different individuals. That leaves one open to abusive use of that information. ”

    It’s worse than that. If, in the process of looking for what they grabbed the drive for, they come across other material deemed to be illegal or evidence of illegality, you’ve just entered an entirely new world of hurt. To be sure, they have to handle the next steps properly to ensure the judge won’t throw the case out on a premise of illegal search and seizure, but thats a formality of paperwork, not inherent constitutional protection. Remember that folder with all those, ahem, downloaded MP3s and mpegs….?

  58. James Sexton says on December 16, 2011 at 10:34 pm

    [_]Jim, I love that rationale

    Any ‘rationale’ aside, this is much more in the vein of “contract law” when you, in effect, agreed to those terms when you ‘signed on the dotted line’ in the process of obtaining your driver’s license.

    This is well-settled law, I might add; complaints voiced in a “tell it to the judge” moment will more than likely (exc in certain liberal enclaves and on most ‘uber-conservative’ and Laup Nor boards) fall on deaf ears.

    BTW, on the name pls note the “_” attached before the “Jim” yielding a composite “_Jim” so’s we can keep our Jims on WUWT straight.

    .

  59. A previous commenter mentioned difficulty of remembering a really good password. The key to a really strong password is a combination of length and a decent mix of letters, numbers and special characters and eliminating spaces. And as it turns out, a really good password does not have to be hard to remember.

    For example, start with this pass phrase: “I really hate Joe Romm with a passion”. Now add in your mother’s birth year “1925”. finally, add your favorite special character “&”. Now combine them in this format keeping the upper case letters: &1925IreallyhateJoeRommwithapassion&

    To brute force or crack this pass phrase by any known method would take this long: 5.07 hundred billion trillion trillion trillion centuries, as per this security expert’s web site https://www.grc.com/haystack.htm .

    The key is creating a phrase you can easily remember but no one else is going to guess (eg, “I absolutely love Xmas turkey”), then you eliminate the spaces while keeping the upper case, then you add some number and then add a few special characters and voila, a massively secure password.

  60. C3 Editor December 17, 2011 at 7:07 am
    To brute force or crack this pass phrase by any known method would take this long: 5.07 hundred billion trillion trillion trillion centuries, as per this security expert’s web site

    That’s not the time needed for “any known method.” It’s the time needed for brute-force search. Password strength depends on the encryption scheme used, not only the number of possible passwords of the same length.

    There are encryption schemes with which your “&1925Ireallyhate…” could be discovered in far less then 1 second. For example, consider a scheme that XORs the cleartext with so many catenated copies of your password as needed for the text length. If the text contains a line of all spaces or all any other character, it is utterly trivial to discover the password. Otherwise it’s more difficult, but extremely fast.

  61. John Silver says:
    December 17, 2011 at 5:23 am

    Now you are being stupid again, Anthony.
    Why are you implying that Tallbloke had files to hide?
    It was all about IP tracing a comment to a blog post.

    I think you’re confused. The Tallbloke post is over there at http://wattsupwiththat.com/2011/12/14/uk-police-seize-computers-of-skeptic-in-england/ . However, do note that the blog host was not at Tallbloke’s residence, the cops were looking for data on his personal systems that may have been through the blog. And anything thing else they might stumble across.

    This post is about personal data security in general, not blog hosts.

    Anthony is not implying Tallbloke has files to hide, the people who applied for the search warrant did.

  62. Jeremy says: “You would essentially be in obstruction if you used hardware encryption to keep information away from the law.”

    They need to offer a booby trap destruct feature. Enter a specifically ‘wrong’ password and acid is released onto the die etching off all the evidence.

    “OPPS! I’m so sorry officer! I’m not very good with these things and I accidentally gave you the wrong password. ”

    Now they have the burden to PROVE that you intentionally gave them the destruct code.

    (This comment will self destruct 30 seconds after you read it – good luck Mr. Phelps!)

  63. Smoking Frog says:
    December 17, 2011 at 5:05 am

    I don’t think that’s true. Based on what I’ve read, AES-256 is unbreakable, at least for some years to come, and it might be unbreakable, period.

    That isn’t stated correctly. What you mean is that properly implemented AES-256 that only allows brute-force attacks is essentially unbreakable as no computer exists that would take less than the age of the universe to brute-force the key. The problem with your statement is that brute-force attacks are not the only way to attack encryption.

    never forget: http://xkcd.com/538/

  64. Smoking Frog, yes indeed the data encryption is different than the password. I was just assuming that a full strength encryption of data was being used, and was really only speaking to password strength. I also assumed this password would not be transmitted (intercepted) in clear text, but would only be used in the encryption of a hard disk or USB file.

    If it is “trivial” to break a 36-character pass phrase like the one I suggested, why don’t we run a a little test? You can download an encrypted file from my site with a similar type of password. Go ahead and try to “discover” the pass phrase. There will be a secret message inside that you will discover once this trivial pass phrase has been broken by you et al. Let me know what the secret message is and I will then give you the opportunity on my site to explain how you did it, if Anthony isn’t interested in posting the result of your success.

    Let me know if you want to carry out this test. I’d seriously like to find out how vulnerable this type of password is.

  65. Folks, there’s a lot of confusion here about breaking encryption keys.

    For someone with a desk top computer using a brute force attack, breaking 256 bit encryption is impractical. Not impossible. Itz like winning the lottery. The odds are huge, but someone does. There’s a percentage chance (though a teeny tiny one) that someone nails it on the first try.

    But from a practical perpsective, 256 bit encryption is vulnerable to sophosticated methods other than brute force, in particular when they are combined with supercomputers. 10,000 cpu’s working in parallel changes the odds considerably. And you’d be surprised how many facilities that large or larger exist.

    In fact, quite a few of them would exist at climate research centres such as CRU. One can only wonder if Phil Jones and Co are sweating bullets trying to break that encryption key to see just how bad it really is…. of course, having all that compute horsepower at your disposal means little when the team lead can’t even figure out how to use Excel, and their statistical analysis methodologies produce nothing but hockey sticks.

  66. Let’s step a bit lower:

    Take Rijndael (standardized as the Advanced Encryption Standard). The standard allows two key lengths; 192-bits (24 bytes) and 256-bits (32 bytes). So the universe of key patterns includes either 2^192 or 2^256 possibilities.

    When you enter your key phrase (such as the one described above), a cryptographically secure hash algorithm (e.g. SHA-1 or SHA-256) is used to collapse the keyphrase into a (hopefully) unique 192 or 256-bit pattern. That pattern is then used as the symmetric cipher key when encrypting and decrypting to and from AES. A brute force attack simply needs to try each of the two to the one-hundred-ninety-second (or two to the two hundred fifty-sixth) power possible patterns as symmetric keys. It just takes time. Lots of it. (But I’ve worked on some cheap parallel systems with 1024 highly capable processors – several of them harnessed together can do some pretty cool things).

    The purpose of using a long passphrase is to prevent rainbow and dictionary attacks. Rainbow tables are not feasible for SHA-256, so when using AES-256, using a pass phrase with many words significantly decreases the probability that your passphrase will be vulnerable to a dictionary attack.

    And crosspatch, using xxd(1), an encrypted partition is pretty obvious. That it is encrypted data can be determined simply by the lack of required file-system data structures and the “randomness” of the content, but its content is opaque.

  67. Most people have a problem with the huge numbers because they only read what media writes. That’s why they think their use of 256-bit encryption will take the bazillion years to brute force through as a properly used and implemented 256-bit encryption theoretically could take.

    The amount of CPUs is moot today, it is the amount of cores in each CPU that counts and how many thread each core can process. The ancient old, 2008, IBM Roadrunner had 116,000+ cores, and did one+ Peta Flop.

    But to put this is relative terms, my newest, sub $1000, laptop can do 900-1200 passwords per second on average with four cores@1.8GHz and two threads per core on a 32bit system, to up to nine character length passwords. An similar but optimized system can do twice+ in 64-bit mode. That would be up to some 2000*116000 passwords per second for an ancient system such as the 2008 IBM Roadrunner. That’s like all the words stored in a library per minute.

    Enter 2011 and Fujitsu’s 10.5+ Peta Flops of super computing power.

    But, enter the human mind and the not so random choosing of passwords…where brute forcing a password gets easier the more you know about the person and the password, but of course that is all moot when the police interrogator, sorry interviewer, enters the room, then pretty much everyone gives up their passwords in the end, for the simple reason of one or both parties being nice so that all can go home in time for dinner, so to speak.

    If you’re a traveling salesman, or what not, traveling all over with your computer and, or, information on memory sticks, then encrypt it pronto, but for the sole reason of misplacing it, dropping it, having it stolen. But to encrypt your files because you fear the police might get a hold of it? If you’re not living in a western world democracy, fine, for fear the communists, but in a western world democracy that same information might as well set you free.

  68. re post by: Richard111 says: December 17, 2011 at 12:20 am

    If you don’t believe the UK is a police state keep reading….After a lot of palavar and the police visiting my home it appears my insurance company had missed updating the DVLA computer when my AUTOMATIC RENEWAL went through. A bored policeman entered my licence plate number and BINGO – found a criminal – SHEESH! Statistics say there are over 2 million unensured vehicles on the UK roads but they managed to catch me in two weeks! Go figure.

    You may have been picked up by an automated plate reading system, rather than a bored policeman. These were apparently first developed in the UK, at least according to the nortoriously unreliable but far too convenient wikipedia: http://en.wikipedia.org/wiki/Automatic_number_plate_recognition There are apparently existing systems that can now handle relative speeds of 200 mph, and automatically read and check databases for several thousand vehicles an hour (a minute??). They’re becoming more and more common all over the place, and for various uses – along with use of unmanned aerial drones even, which can also use cameras to check license plates.

    I live in the USA, and not long ago had a policeman appear at my door. He wanted to know why I had a vehicle, parked on private property mind you, with old license plates from another state. I told him right off because the vehicle isn’t driven, and then thought to ask if there was some problem with that. He told me that I should remove the plates… with a little more discussion, turns out that isn’t a legal requirement at all, even tho from his initial wording most would jump to that conclusion. I asked him why in the world he took the time (and our tax dollars, although I didn’t say it) to actually come and check on a totally legal situation (and don’t police have far better and more important things to do, although I sure didn’t say THAT either!). He said someone had reported that there was a vehicle with out of state plates. Of course, no way he’d tell me who or why, but did inform me that they regularly check to see why someone hasn’t registered vehicles with out of state plates in the state. That while they’re checking reported ones, they’ll keep an eye out for others that aren’t and check on those too.

    So I had a perfectly legal situation, yet taxpayer money and police time and effort was wasted chasing it down (courtesy of Fed. Stimulus funds perhaps, allowing areas to keep on more police that can be used to intimidate the law abiding public in this fashion?). So why do the police even bother checking out of state plates? Only thing I can figure is it must be a nice revenue raiser for the area.

    In retrospect I wish that I’d had the piece of mind to start the conversation, rather than replying directly to his question, with a question of my own “is there any legal problem with out of state plates on a vehicle parked on private property?” Then to deflect any further questions once he said no… I think the majority of folks have the exact tendency I do, however, which is to answer directly exactly what was asked, and to be helpful where ever possible. Politely deflecting inappropriate questions by legal authorities just doesn’t come to mind – which is why the video I linked to above is so meaningful.

    Being honest and forthright with police is all good so long as the police are doing what they ought to be doing, checking on ILLEGAL things, and if one assumes there is no corruption or bad moods etc. on the part of police officers. Or unless someone happened to let registration slip until 31 days after moving the vehicle into the state (or whatever your local area requirements are), at which point admitting that mistake will automatically cost you hundreds of dollars in fines. And just who are the ‘kind’ people who would report an out of state plate anyhow, for heavens’ sake? (and no, the vehicle is not any sort of eye sore, not that even that would have justified a report to the police & only nasty sorts of people would do that sort of thing… worst that could be said about the vehicle is that it could stand a wash perhaps)

  69. With all due respect to ‘Smoking Frog’ and others, the likelihood of discovering a long, easily remembered pass phrase by law enforcement officials is going to take an inordinate amount of time, even with today’s advanced silicon, non-quantum, technology. Unless blind luck happens or the law enforcement officials determine the password from social engineering, the potential length of time to discover the password is astronomical – it just becomes unfeasible.

    Those suggesting otherwise should accept my ‘Smoking Frog’ password challenge, which can be found here: http://www.c3headlines.com/smoking-frog-password-cracking-challenge.html.

    Okay, “crack” this easily remembered password phrase for the two encrypted files located at the ‘C3′ page. Claim the glory and educate all of us that we need to be much better at security. And, let’s see how long a massive, parallel PC effort takes to ‘crack’ a simple but long password phrase. Let the zombie-infected PC farms rip!

    BTW, Steve Gibson, the well known expert on information security suggests that the simple password phrase used in the ‘Smoking Frog’ challenge would take 65 trillion trillion trillion centuries to discover using today’s super-duper technology. Time to prove him wrong also, don’t ya think?

    Check out Steve’s site (https://www.grc.com/haystack.htm) and test your own password or pass phrase as to how strong it potentially is.

  70. “Jeremy says: December 16, 2011 at 5:09 pm
    A note, however, I believe law enforcement warrants compel people to divulge keys/keycodes. You would essentially be in obstruction if you used hardware encryption to keep information away from the law.”

    You give them a password and they enter it and nothing happens. You look at them aghast and say “you typed it in wrong and now it has self destructed”. Prove otherwise. I don’t know about these particular devices but TrueCrypt (my personal fav) has that option. You just need to be a real good typist or you will ruin your own day :)

  71. Jeremy December 17, 2011 at 9:30 am

    Smoking Frog December 17, 2011 at 5:05 am
    I don’t think that’s true. Based on what I’ve read, AES-256 is unbreakable, at least for some years to come, and it might be unbreakable, period.

    Jeremy
    That isn’t stated correctly. What you mean is that properly implemented AES-256 that only allows brute-force attacks is essentially unbreakable as no computer exists that would take less than the age of the universe to brute-force the key. The problem with your statement is that brute-force attacks are not the only way to attack encryption.
    never forget: http://xkcd.com/538/

    It is stated correctly. At present, there seems to be no known attack on AES-256 that is sufficiently superior to brute force to matter, and there might never be.

  72. C3 Editor December 17, 2011 at 10:20 am

    Smoking Frog, yes indeed the data encryption is different than the password. I was just assuming that a full strength encryption of data was being used, and was really only speaking to password strength. I also assumed this password would not be transmitted (intercepted) in clear text, but would only be used in the encryption of a hard disk or USB file.

    The assumption was not evident in what you wrote, and it’s not evident in the webpage that you linked. Besides, there’s no guarantee of what constitutes “full strength.” For example, someone might find a feasible attack on AES-256 tomorrow.

    If it is “trivial” to break a 36-character pass phrase like the one I suggested, why don’t we run a a little test? You can download an encrypted file from my site with a similar type of password. Go ahead and try to “discover” the pass phrase. There will be a secret message inside that you will discover once this trivial pass phrase has been broken by you et al. Let me know what the secret message is and I will then give you the opportunity on my site to explain how you did it, if Anthony isn’t interested in posting the result of your success.

    Let me know if you want to carry out this test. I’d seriously like to find out how vulnerable this type of password is.

    It’s trivial with a weak encryption method. I once wrote a program to crack passwords for the XOR cipher I described, but I don’t have it anymore. I can’t accept your challenge, because I don’t know the cipher you’d be using, I don’t have the resources to try to discover it, and I don’t have the skill for many ciphers. I am not a cryptanalyst. I was only pointing out that the difficulty of breaking a cipher depends on the cipher, because what you wrote would lead a person to believe that almost everything depends on the strength of the password.

    I could indicate the method of breaking that XOR cipher, but it would be too much writing.

  73. davidmhoffer December 17, 2011 at 11:59 am
    But from a practical perpsective, 256 bit encryption is vulnerable to sophosticated methods other than brute force, in particular when they are combined with supercomputers. 10,000 cpu’s working in parallel changes the odds considerably. And you’d be surprised how many facilities that large or larger exist.

    No, that’s not true. C3 Editor presented a 36-character password. First consider brute force, and suppose the alphabet size is 70 (upper and lower case, numerals, and some other stuff), so there are 36^70 possible 36-character passwords, which is on the order of 10^108. Divide that by 10,000 and you have 10^104 possible passwords for each of the 10,000 computers. How about a trillion computers, which is about 1,000 times the number of computers in the world. That gives you 10^96 passwords per computer. You’ve accomplished nothing.

    Now consider “sophisticated methods.” Based on what I’ve read, the strongest known attack on AES-256 reduces the problem by far less than 10,000, but it could reduce it by far more and still be useless.

  74. 1DandyTroll December 17, 2011 at 2:07 pm
    Most people have a problem with the huge numbers because they only read what media writes. That’s why they think their use of 256-bit encryption will take the bazillion years to brute force through as a properly used and implemented 256-bit encryption theoretically could take.

    This is a case in which what they read in the media is correct, so far as the question of how much difference the amount of computing power could make goes. Read what I just wrote to davidmhoffer.

    But, enter the human mind and the not so random choosing of passwords…where brute forcing a password gets easier the more you know about the person and the password, but of course that is all moot when the police interrogator, sorry interviewer, enters the room, then pretty much everyone gives up their passwords in the end, for the simple reason of one or both parties being nice so that all can go home in time for dinner, so to speak.

    Anyone who really doesn’t want his encrypted stuff to be read, even by experts, won’t have picked a guessable password.

  75. C3 Editor December 17, 2011 at 4:23 pm
    Your challenge is absurd. Your “Smoking Frog” webpage misrepresents what I wrote here; it conflates weak encryption with strong encryption. I merely pointed out that a “strong” password is not strong with a weak cipher. I did this because what you had written could easily lead an uninformed person to believe otherwise. Weak ciphers really do exist, mind you. They exist in legacy software in businesses and government agencies, and uninformed persons use them.

    Your SmokingFrog2 file shows several signs of being a WIndows executable, but you claim it is an encrypted file. Are you expecting me or someone else to notice that it seems to be an executable, and try to run it, with who knows what consequences? That’s called a “Trojan.”

    Nice going.

    To say the least, it is interesting to me as an AGW skeptic to learn that a well-known AGW skeptic (you, except your name) exhibits such attitude and behavior. Why should anyone trust you?

  76. @Rational Debate

    Yes indeed, the disk just continues to appear to you as normal. Encryption and decryption are done on the fly.

    From their web page:
    Main Features:
    Creates a virtual encrypted disk within a file and mounts it as a real disk.
    Encrypts an entire partition or storage device such as USB flash drive or hard drive.
    Encrypts a partition or drive where Windows is installed (pre-boot authentication).
    Encryption is automatic, real-time (on-the-fly) and transparent.
    Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted.
    Encryption can be hardware-accelerated on modern processors.
    Provides plausible deniability, in case an adversary forces you to reveal the password:
    Hidden volume (steganography) and hidden operating system.
    More information about the features of TrueCrypt may be found in the documentation.

  77. Smoking Frog wrote:

    No, that’s not true. C3 Editor presented a 36-character password. First consider brute force, and suppose the alphabet size is 70 (upper and lower case, numerals, and some other stuff), so there are 36^70 possible 36-character passwords, which is on the order of 10^108. Divide that by 10,000 and you have 10^104 possible passwords for each of the 10,000 computers. How about a trillion computers, which is about 1,000 times the number of computers in the world. That gives you 10^96 passwords per computer. You’ve accomplished nothing.

    Actually, as I pointed out above, for the most secure AES-256 encryption, the number of keys that need to be checked is 2 raised to the 256th power. A large number, to be sure. But that number is completely independent of your “36 ^ 70″ possible passwords, since the string you enter as a passphrase is run through a secure hash algorithm to produce a 256-bit (32-byte) key used by the AES algorithm to convert plaintext to ciphertext. Regardless of the length of your pass phrase (1 word or 100 words), the actual key used for the encryption is 256-bits (32-bytes) in length. The reason to use a long pass phrase is to prevent dictionary attacks, which are _not_ brute force.

    Given the time required for a brute-force key space attack, most attackers and researchers concentrate on attacking weak implementations of the algorithms, or other flaws in the implementation. For example, a rather clever researcher discovered that one of the stream ciphers had a flaw in how the padding bits were handled, and by analyzing the padding bits in the chained blocks, the key could be recovered. low-bit-rate covert channels also leak information.

    But as all attackers know, the weak spot in all crypto is the human. Something like 70% of computer users will give their password to someone who calls and claims to be from the IT department

  78. As an example, here are some real AES keys and the corresponding passphrases:

    Passphrase: a
    87428fc522803d31065e7bce3cf03fe475096631e5e07bbd7a0fde60c4cf25c7
    Passphrase: The science can never be settled
    47507e7ecd7ec4a34a51b6b26c438b89f0372119373961cdd515c6ea1d46789f
    

    Note that the 256-bit number (above represented in base-16) cannot be converted back into the corresponding pass phrase, this is a one-way (trapdoor) transformation. The probability of any two district inputs (pass phrases) to the secure hash algorithm producing identical output (AES keys) is vanishingly small.

    The 256-bit number is then used to transform each 256-bit block of the plaintext in turn producing the corresponding ciphertext, or vice versa when decrypting.

  79. scott (December 18, 2011 at 12:44 pm):
    I assumed a 36-character password to conform to C3 Editor’s presentation, including his use of Steve Gibson’s calculator. But let me ask you: Does a person who uses an idiotic password, such as “password,” get the same 256-bit key as everyone else who uses the same idiotic password? If not, how is the key generated?

  80. to everyone: My description of the simple XOR cipher was wrong. The one I described is even easier to break than I intended – ludicrously easy, too easy to use as my example. What I actually had in mind was an XOR-based cipher that does something with overlapping text segments or overlapping repetitions of password. It’s been so many years that I forget how it goes, but the point is that even it is easy to break and can be broken in far less than one second, but has been used in the real world.

  81. Smoking Frog asked:

    Does a person who uses an idiotic password, such as “password,” get the same 256-bit key as everyone else who uses the same idiotic password? If not, how is the key generated?

    The secure hash algorithm has the property that for any given input, A, there is one and only one distinct output A’. So yes, “password” always produces the same 256-bit key. That is one reasons why security professionals recommend against using the word ‘password’ as a pass phrase. An implementation may salt the passphrase (add something to it) before passing it to the secure hash algorithm, but in this usage, the salt would only make rainbow tables more difficult ) (and they are effectively impossible already for 256-bit keys, requiring billions of disk drives, and they do no good in this usage anyway since recovering A if you have A’ is pointless, just use the A’ you have to decode the message already).

    That said, trying to brute force AES by varying the SHA256 input (A) rather than simply cycling through the universe of SHA256 A’ values may never actually crack the encryption since there is no guarantee that all possible A’ values can be generated by an infinitely large set of A values.
    (one could pass the AR4 pdf to sha256sum and use that as a key, for example. Another property of SHA-256 is that the probability of two different A values generating the same A’ value is infinitely remote.)

    If you have a linux system with the sha256sum command, you can play with it and see how unique A’ is for different 1-character A values.

  82. scott December 19, 2011 at 1:16 pm
    Your explanation doesn’t make sense to me. If the password is shorter than 256 bits, the 256-bit string that sha256sum produces from it is not “more unique” than the password in any relevant sense. If the password is a member of a set with fewer than 2^256 members, the search for it will be correspondingly shorter. For (extreme) example, if an attacker knows that you are using a 1-character password consisting of a single, upper-case letter of the alphabet, he will discover it in 26 or fewer probes. You may object that the attacker won’t know that you are using a 1-character password. Sure, but he may, for example, know that it’s a very good bet that you are using a password of 10 characters or fewer consisting of common words and letter combinations. If you are, the search space is far, far, far smaller than 2^256.

    In my earlier reply to you, I forgot to point out that, although 70^36 is smaller than 2^256, it’s far too large to be something to complain about. It’s on the order of 2^245.

  83. Looking at the specification I see nothing better than my own USB key with Truecrypt.
    Autorun is normally disabled on any serious PC.
    the password is limited to 16 chars, which is not enoug except if you use realy really really random one. Me I prefer to have very very very long passphrase (hackers can break 64-70bits, government nearly 90, and english language use 1 information bit per letter… so use a random sentence of more that 100 letters… nb: not a citation)

    it provide complementary software (sweeper! antivirus?) usefull, but to be honnest I install all security software on my PC, and don’t trust others.

    for security advices, read Bruce Schneier books (best ate “Beyond Fear” and … forget it, it is too technical), and consult his blog… he have the reasonable paranoia and the risk aware trust.

    ps: I don’t fear climate police, but identity stealers that will copy my civil papers to steal my life…

    note that if you want a real hardware solution for critical data, it should be qualified hardware,
    qualified software, separate keyboard.

    companies like Gemalto are selling asymmetric cryptographic smart-card, card reader with separate keyboard…
    but as usual the risk is on the host computer.
    my best advice is to have a separate computer, with truecrypt style encrypted disk, with USB asymmetric key token (and pincode)…
    use a very simple navigator, mostly readonly disk, simple text editor (at most libre office, but avoid), and non administrator account. of course antivirus, firewall activated…
    if you are serious, maybe use a pocket separate router+firewall to protect your pc , even if it is already protected by your DSL router…

    don’t use tor for secret data.
    use SSH/SSL, or good encrypter transport (S/MIME/PGP) for secret communication…

    and first of all know what is secret and what is not, what is valuable and what is not…
    and use your safe PC only for real safety needs…
    don’t do game, porn, news reading, hobby foruming on the safe PC…
    keep it for sensible application, like spying the evil climatologist, talking with the daemon (or with skeptics), making/scanning/keeping administrative of business papers, keeping the nudist photo of your spouse, and the awful baby playing with mud photo of your teen kids…

    anyway, except if you host stolen data like climate gate, wikileaks, clear stream listing, your only asset to protect are :
    – civil documents that could help to steal identity (of you or your business)
    – private documents, image, video (home porn, ridiculous, shocking relations) that can ruin your reputation or social life, or the one of your loved ones.

Comments are closed.