More than a couple of people have asked me about computer security in the last couple of days, especially after the Tallbloke raid incident.
I’m offering a simple security solution for those that want to protect their files: a USB flash drive with built in hardware security that works on USB 3.0 and USB2.0 ports
See all the details here, buy one if you want a neat new gadget for Xmas (it sure beats getting socks or a tie).
Discover more from Watts Up With That?
Subscribe to get the latest posts sent to your email.
Smoking Frog, yes indeed the data encryption is different than the password. I was just assuming that a full strength encryption of data was being used, and was really only speaking to password strength. I also assumed this password would not be transmitted (intercepted) in clear text, but would only be used in the encryption of a hard disk or USB file.
If it is “trivial” to break a 36-character pass phrase like the one I suggested, why don’t we run a a little test? You can download an encrypted file from my site with a similar type of password. Go ahead and try to “discover” the pass phrase. There will be a secret message inside that you will discover once this trivial pass phrase has been broken by you et al. Let me know what the secret message is and I will then give you the opportunity on my site to explain how you did it, if Anthony isn’t interested in posting the result of your success.
Let me know if you want to carry out this test. I’d seriously like to find out how vulnerable this type of password is.
Folks, there’s a lot of confusion here about breaking encryption keys.
For someone with a desk top computer using a brute force attack, breaking 256 bit encryption is impractical. Not impossible. Itz like winning the lottery. The odds are huge, but someone does. There’s a percentage chance (though a teeny tiny one) that someone nails it on the first try.
But from a practical perpsective, 256 bit encryption is vulnerable to sophosticated methods other than brute force, in particular when they are combined with supercomputers. 10,000 cpu’s working in parallel changes the odds considerably. And you’d be surprised how many facilities that large or larger exist.
In fact, quite a few of them would exist at climate research centres such as CRU. One can only wonder if Phil Jones and Co are sweating bullets trying to break that encryption key to see just how bad it really is…. of course, having all that compute horsepower at your disposal means little when the team lead can’t even figure out how to use Excel, and their statistical analysis methodologies produce nothing but hockey sticks.
Let’s step a bit lower:
Take Rijndael (standardized as the Advanced Encryption Standard). The standard allows two key lengths; 192-bits (24 bytes) and 256-bits (32 bytes). So the universe of key patterns includes either 2^192 or 2^256 possibilities.
When you enter your key phrase (such as the one described above), a cryptographically secure hash algorithm (e.g. SHA-1 or SHA-256) is used to collapse the keyphrase into a (hopefully) unique 192 or 256-bit pattern. That pattern is then used as the symmetric cipher key when encrypting and decrypting to and from AES. A brute force attack simply needs to try each of the two to the one-hundred-ninety-second (or two to the two hundred fifty-sixth) power possible patterns as symmetric keys. It just takes time. Lots of it. (But I’ve worked on some cheap parallel systems with 1024 highly capable processors – several of them harnessed together can do some pretty cool things).
The purpose of using a long passphrase is to prevent rainbow and dictionary attacks. Rainbow tables are not feasible for SHA-256, so when using AES-256, using a pass phrase with many words significantly decreases the probability that your passphrase will be vulnerable to a dictionary attack.
And crosspatch, using xxd(1), an encrypted partition is pretty obvious. That it is encrypted data can be determined simply by the lack of required file-system data structures and the “randomness” of the content, but its content is opaque.
Most people have a problem with the huge numbers because they only read what media writes. That’s why they think their use of 256-bit encryption will take the bazillion years to brute force through as a properly used and implemented 256-bit encryption theoretically could take.
The amount of CPUs is moot today, it is the amount of cores in each CPU that counts and how many thread each core can process. The ancient old, 2008, IBM Roadrunner had 116,000+ cores, and did one+ Peta Flop.
But to put this is relative terms, my newest, sub $1000, laptop can do 900-1200 passwords per second on average with four cores@1.8GHz and two threads per core on a 32bit system, to up to nine character length passwords. An similar but optimized system can do twice+ in 64-bit mode. That would be up to some 2000*116000 passwords per second for an ancient system such as the 2008 IBM Roadrunner. That’s like all the words stored in a library per minute.
Enter 2011 and Fujitsu’s 10.5+ Peta Flops of super computing power.
But, enter the human mind and the not so random choosing of passwords…where brute forcing a password gets easier the more you know about the person and the password, but of course that is all moot when the police interrogator, sorry interviewer, enters the room, then pretty much everyone gives up their passwords in the end, for the simple reason of one or both parties being nice so that all can go home in time for dinner, so to speak.
If you’re a traveling salesman, or what not, traveling all over with your computer and, or, information on memory sticks, then encrypt it pronto, but for the sole reason of misplacing it, dropping it, having it stolen. But to encrypt your files because you fear the police might get a hold of it? If you’re not living in a western world democracy, fine, for fear the communists, but in a western world democracy that same information might as well set you free.
re post by: Richard111 says: December 17, 2011 at 12:20 am
You may have been picked up by an automated plate reading system, rather than a bored policeman. These were apparently first developed in the UK, at least according to the nortoriously unreliable but far too convenient wikipedia: http://en.wikipedia.org/wiki/Automatic_number_plate_recognition There are apparently existing systems that can now handle relative speeds of 200 mph, and automatically read and check databases for several thousand vehicles an hour (a minute??). They’re becoming more and more common all over the place, and for various uses – along with use of unmanned aerial drones even, which can also use cameras to check license plates.
I live in the USA, and not long ago had a policeman appear at my door. He wanted to know why I had a vehicle, parked on private property mind you, with old license plates from another state. I told him right off because the vehicle isn’t driven, and then thought to ask if there was some problem with that. He told me that I should remove the plates… with a little more discussion, turns out that isn’t a legal requirement at all, even tho from his initial wording most would jump to that conclusion. I asked him why in the world he took the time (and our tax dollars, although I didn’t say it) to actually come and check on a totally legal situation (and don’t police have far better and more important things to do, although I sure didn’t say THAT either!). He said someone had reported that there was a vehicle with out of state plates. Of course, no way he’d tell me who or why, but did inform me that they regularly check to see why someone hasn’t registered vehicles with out of state plates in the state. That while they’re checking reported ones, they’ll keep an eye out for others that aren’t and check on those too.
So I had a perfectly legal situation, yet taxpayer money and police time and effort was wasted chasing it down (courtesy of Fed. Stimulus funds perhaps, allowing areas to keep on more police that can be used to intimidate the law abiding public in this fashion?). So why do the police even bother checking out of state plates? Only thing I can figure is it must be a nice revenue raiser for the area.
In retrospect I wish that I’d had the piece of mind to start the conversation, rather than replying directly to his question, with a question of my own “is there any legal problem with out of state plates on a vehicle parked on private property?” Then to deflect any further questions once he said no… I think the majority of folks have the exact tendency I do, however, which is to answer directly exactly what was asked, and to be helpful where ever possible. Politely deflecting inappropriate questions by legal authorities just doesn’t come to mind – which is why the video I linked to above is so meaningful.
Being honest and forthright with police is all good so long as the police are doing what they ought to be doing, checking on ILLEGAL things, and if one assumes there is no corruption or bad moods etc. on the part of police officers. Or unless someone happened to let registration slip until 31 days after moving the vehicle into the state (or whatever your local area requirements are), at which point admitting that mistake will automatically cost you hundreds of dollars in fines. And just who are the ‘kind’ people who would report an out of state plate anyhow, for heavens’ sake? (and no, the vehicle is not any sort of eye sore, not that even that would have justified a report to the police & only nasty sorts of people would do that sort of thing… worst that could be said about the vehicle is that it could stand a wash perhaps)
With all due respect to ‘Smoking Frog’ and others, the likelihood of discovering a long, easily remembered pass phrase by law enforcement officials is going to take an inordinate amount of time, even with today’s advanced silicon, non-quantum, technology. Unless blind luck happens or the law enforcement officials determine the password from social engineering, the potential length of time to discover the password is astronomical – it just becomes unfeasible.
Those suggesting otherwise should accept my ‘Smoking Frog’ password challenge, which can be found here: http://www.c3headlines.com/smoking-frog-password-cracking-challenge.html.
Okay, “crack” this easily remembered password phrase for the two encrypted files located at the ‘C3’ page. Claim the glory and educate all of us that we need to be much better at security. And, let’s see how long a massive, parallel PC effort takes to ‘crack’ a simple but long password phrase. Let the zombie-infected PC farms rip!
BTW, Steve Gibson, the well known expert on information security suggests that the simple password phrase used in the ‘Smoking Frog’ challenge would take 65 trillion trillion trillion centuries to discover using today’s super-duper technology. Time to prove him wrong also, don’t ya think?
Check out Steve’s site (https://www.grc.com/haystack.htm) and test your own password or pass phrase as to how strong it potentially is.
“Jeremy says: December 16, 2011 at 5:09 pm
A note, however, I believe law enforcement warrants compel people to divulge keys/keycodes. You would essentially be in obstruction if you used hardware encryption to keep information away from the law.”
You give them a password and they enter it and nothing happens. You look at them aghast and say “you typed it in wrong and now it has self destructed”. Prove otherwise. I don’t know about these particular devices but TrueCrypt (my personal fav) has that option. You just need to be a real good typist or you will ruin your own day 🙂
Jeremy December 17, 2011 at 9:30 am
Smoking Frog December 17, 2011 at 5:05 am
I don’t think that’s true. Based on what I’ve read, AES-256 is unbreakable, at least for some years to come, and it might be unbreakable, period.
Jeremy
That isn’t stated correctly. What you mean is that properly implemented AES-256 that only allows brute-force attacks is essentially unbreakable as no computer exists that would take less than the age of the universe to brute-force the key. The problem with your statement is that brute-force attacks are not the only way to attack encryption.
never forget: http://xkcd.com/538/
It is stated correctly. At present, there seems to be no known attack on AES-256 that is sufficiently superior to brute force to matter, and there might never be.
C3 Editor December 17, 2011 at 10:20 am
Smoking Frog, yes indeed the data encryption is different than the password. I was just assuming that a full strength encryption of data was being used, and was really only speaking to password strength. I also assumed this password would not be transmitted (intercepted) in clear text, but would only be used in the encryption of a hard disk or USB file.
The assumption was not evident in what you wrote, and it’s not evident in the webpage that you linked. Besides, there’s no guarantee of what constitutes “full strength.” For example, someone might find a feasible attack on AES-256 tomorrow.
If it is “trivial” to break a 36-character pass phrase like the one I suggested, why don’t we run a a little test? You can download an encrypted file from my site with a similar type of password. Go ahead and try to “discover” the pass phrase. There will be a secret message inside that you will discover once this trivial pass phrase has been broken by you et al. Let me know what the secret message is and I will then give you the opportunity on my site to explain how you did it, if Anthony isn’t interested in posting the result of your success.
Let me know if you want to carry out this test. I’d seriously like to find out how vulnerable this type of password is.
It’s trivial with a weak encryption method. I once wrote a program to crack passwords for the XOR cipher I described, but I don’t have it anymore. I can’t accept your challenge, because I don’t know the cipher you’d be using, I don’t have the resources to try to discover it, and I don’t have the skill for many ciphers. I am not a cryptanalyst. I was only pointing out that the difficulty of breaking a cipher depends on the cipher, because what you wrote would lead a person to believe that almost everything depends on the strength of the password.
I could indicate the method of breaking that XOR cipher, but it would be too much writing.
davidmhoffer December 17, 2011 at 11:59 am
But from a practical perpsective, 256 bit encryption is vulnerable to sophosticated methods other than brute force, in particular when they are combined with supercomputers. 10,000 cpu’s working in parallel changes the odds considerably. And you’d be surprised how many facilities that large or larger exist.
No, that’s not true. C3 Editor presented a 36-character password. First consider brute force, and suppose the alphabet size is 70 (upper and lower case, numerals, and some other stuff), so there are 36^70 possible 36-character passwords, which is on the order of 10^108. Divide that by 10,000 and you have 10^104 possible passwords for each of the 10,000 computers. How about a trillion computers, which is about 1,000 times the number of computers in the world. That gives you 10^96 passwords per computer. You’ve accomplished nothing.
Now consider “sophisticated methods.” Based on what I’ve read, the strongest known attack on AES-256 reduces the problem by far less than 10,000, but it could reduce it by far more and still be useless.
1DandyTroll December 17, 2011 at 2:07 pm
Most people have a problem with the huge numbers because they only read what media writes. That’s why they think their use of 256-bit encryption will take the bazillion years to brute force through as a properly used and implemented 256-bit encryption theoretically could take.
This is a case in which what they read in the media is correct, so far as the question of how much difference the amount of computing power could make goes. Read what I just wrote to davidmhoffer.
But, enter the human mind and the not so random choosing of passwords…where brute forcing a password gets easier the more you know about the person and the password, but of course that is all moot when the police interrogator, sorry interviewer, enters the room, then pretty much everyone gives up their passwords in the end, for the simple reason of one or both parties being nice so that all can go home in time for dinner, so to speak.
Anyone who really doesn’t want his encrypted stuff to be read, even by experts, won’t have picked a guessable password.
C3 Editor December 17, 2011 at 4:23 pm
Your challenge is absurd. Your “Smoking Frog” webpage misrepresents what I wrote here; it conflates weak encryption with strong encryption. I merely pointed out that a “strong” password is not strong with a weak cipher. I did this because what you had written could easily lead an uninformed person to believe otherwise. Weak ciphers really do exist, mind you. They exist in legacy software in businesses and government agencies, and uninformed persons use them.
Your SmokingFrog2 file shows several signs of being a WIndows executable, but you claim it is an encrypted file. Are you expecting me or someone else to notice that it seems to be an executable, and try to run it, with who knows what consequences? That’s called a “Trojan.”
Nice going.
To say the least, it is interesting to me as an AGW skeptic to learn that a well-known AGW skeptic (you, except your name) exhibits such attitude and behavior. Why should anyone trust you?
@Rational Debate
Yes indeed, the disk just continues to appear to you as normal. Encryption and decryption are done on the fly.
From their web page:
Main Features:
Creates a virtual encrypted disk within a file and mounts it as a real disk.
Encrypts an entire partition or storage device such as USB flash drive or hard drive.
Encrypts a partition or drive where Windows is installed (pre-boot authentication).
Encryption is automatic, real-time (on-the-fly) and transparent.
Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted.
Encryption can be hardware-accelerated on modern processors.
Provides plausible deniability, in case an adversary forces you to reveal the password:
Hidden volume (steganography) and hidden operating system.
More information about the features of TrueCrypt may be found in the documentation.
As was mentioned by several posters above, TrueCrypt’s Hidden Volume functionality is a good way to keep your data private even in the face of a warrant or other forms of coercion.
http://www.truecrypt.org/docs/?s=hidden-volume
Smoking Frog wrote:
No, that’s not true. C3 Editor presented a 36-character password. First consider brute force, and suppose the alphabet size is 70 (upper and lower case, numerals, and some other stuff), so there are 36^70 possible 36-character passwords, which is on the order of 10^108. Divide that by 10,000 and you have 10^104 possible passwords for each of the 10,000 computers. How about a trillion computers, which is about 1,000 times the number of computers in the world. That gives you 10^96 passwords per computer. You’ve accomplished nothing.
Actually, as I pointed out above, for the most secure AES-256 encryption, the number of keys that need to be checked is 2 raised to the 256th power. A large number, to be sure. But that number is completely independent of your “36 ^ 70” possible passwords, since the string you enter as a passphrase is run through a secure hash algorithm to produce a 256-bit (32-byte) key used by the AES algorithm to convert plaintext to ciphertext. Regardless of the length of your pass phrase (1 word or 100 words), the actual key used for the encryption is 256-bits (32-bytes) in length. The reason to use a long pass phrase is to prevent dictionary attacks, which are _not_ brute force.
Given the time required for a brute-force key space attack, most attackers and researchers concentrate on attacking weak implementations of the algorithms, or other flaws in the implementation. For example, a rather clever researcher discovered that one of the stream ciphers had a flaw in how the padding bits were handled, and by analyzing the padding bits in the chained blocks, the key could be recovered. low-bit-rate covert channels also leak information.
But as all attackers know, the weak spot in all crypto is the human. Something like 70% of computer users will give their password to someone who calls and claims to be from the IT department
As an example, here are some real AES keys and the corresponding passphrases:
Note that the 256-bit number (above represented in base-16) cannot be converted back into the corresponding pass phrase, this is a one-way (trapdoor) transformation. The probability of any two district inputs (pass phrases) to the secure hash algorithm producing identical output (AES keys) is vanishingly small.
The 256-bit number is then used to transform each 256-bit block of the plaintext in turn producing the corresponding ciphertext, or vice versa when decrypting.
re post by: PuterMan says: December 18, 2011 at 2:48 am
Thanks for the reply and info!
scott (December 18, 2011 at 12:44 pm):
I assumed a 36-character password to conform to C3 Editor’s presentation, including his use of Steve Gibson’s calculator. But let me ask you: Does a person who uses an idiotic password, such as “password,” get the same 256-bit key as everyone else who uses the same idiotic password? If not, how is the key generated?
to everyone: My description of the simple XOR cipher was wrong. The one I described is even easier to break than I intended – ludicrously easy, too easy to use as my example. What I actually had in mind was an XOR-based cipher that does something with overlapping text segments or overlapping repetitions of password. It’s been so many years that I forget how it goes, but the point is that even it is easy to break and can be broken in far less than one second, but has been used in the real world.
Smoking Frog asked:
Does a person who uses an idiotic password, such as “password,” get the same 256-bit key as everyone else who uses the same idiotic password? If not, how is the key generated?
The secure hash algorithm has the property that for any given input, A, there is one and only one distinct output A’. So yes, “password” always produces the same 256-bit key. That is one reasons why security professionals recommend against using the word ‘password’ as a pass phrase. An implementation may salt the passphrase (add something to it) before passing it to the secure hash algorithm, but in this usage, the salt would only make rainbow tables more difficult ) (and they are effectively impossible already for 256-bit keys, requiring billions of disk drives, and they do no good in this usage anyway since recovering A if you have A’ is pointless, just use the A’ you have to decode the message already).
That said, trying to brute force AES by varying the SHA256 input (A) rather than simply cycling through the universe of SHA256 A’ values may never actually crack the encryption since there is no guarantee that all possible A’ values can be generated by an infinitely large set of A values.
(one could pass the AR4 pdf to sha256sum and use that as a key, for example. Another property of SHA-256 is that the probability of two different A values generating the same A’ value is infinitely remote.)
If you have a linux system with the sha256sum command, you can play with it and see how unique A’ is for different 1-character A values.
scott December 19, 2011 at 1:16 pm
Your explanation doesn’t make sense to me. If the password is shorter than 256 bits, the 256-bit string that sha256sum produces from it is not “more unique” than the password in any relevant sense. If the password is a member of a set with fewer than 2^256 members, the search for it will be correspondingly shorter. For (extreme) example, if an attacker knows that you are using a 1-character password consisting of a single, upper-case letter of the alphabet, he will discover it in 26 or fewer probes. You may object that the attacker won’t know that you are using a 1-character password. Sure, but he may, for example, know that it’s a very good bet that you are using a password of 10 characters or fewer consisting of common words and letter combinations. If you are, the search space is far, far, far smaller than 2^256.
In my earlier reply to you, I forgot to point out that, although 70^36 is smaller than 2^256, it’s far too large to be something to complain about. It’s on the order of 2^245.
Looking at the specification I see nothing better than my own USB key with Truecrypt.
Autorun is normally disabled on any serious PC.
the password is limited to 16 chars, which is not enoug except if you use realy really really random one. Me I prefer to have very very very long passphrase (hackers can break 64-70bits, government nearly 90, and english language use 1 information bit per letter… so use a random sentence of more that 100 letters… nb: not a citation)
it provide complementary software (sweeper! antivirus?) usefull, but to be honnest I install all security software on my PC, and don’t trust others.
for security advices, read Bruce Schneier books (best ate “Beyond Fear” and … forget it, it is too technical), and consult his blog… he have the reasonable paranoia and the risk aware trust.
ps: I don’t fear climate police, but identity stealers that will copy my civil papers to steal my life…
note that if you want a real hardware solution for critical data, it should be qualified hardware,
qualified software, separate keyboard.
companies like Gemalto are selling asymmetric cryptographic smart-card, card reader with separate keyboard…
but as usual the risk is on the host computer.
my best advice is to have a separate computer, with truecrypt style encrypted disk, with USB asymmetric key token (and pincode)…
use a very simple navigator, mostly readonly disk, simple text editor (at most libre office, but avoid), and non administrator account. of course antivirus, firewall activated…
if you are serious, maybe use a pocket separate router+firewall to protect your pc , even if it is already protected by your DSL router…
don’t use tor for secret data.
use SSH/SSL, or good encrypter transport (S/MIME/PGP) for secret communication…
and first of all know what is secret and what is not, what is valuable and what is not…
and use your safe PC only for real safety needs…
don’t do game, porn, news reading, hobby foruming on the safe PC…
keep it for sensible application, like spying the evil climatologist, talking with the daemon (or with skeptics), making/scanning/keeping administrative of business papers, keeping the nudist photo of your spouse, and the awful baby playing with mud photo of your teen kids…
anyway, except if you host stolen data like climate gate, wikileaks, clear stream listing, your only asset to protect are :
– civil documents that could help to steal identity (of you or your business)
– private documents, image, video (home porn, ridiculous, shocking relations) that can ruin your reputation or social life, or the one of your loved ones.