CBP officer gave me a stern warning that my laptop shouldn't have ripped DVD/Blu-ray
May 15, 10, 11:11 am
#76
FlyerTalk Evangelist
Join Date: Sep 2002
Location: LAX/TPE
Programs: CO Platinum 1K, United 1K, SPG LT Platinum, National Executive Elite, Platinum TSA Hater
Posts: 35,918
Originally Posted by mre5765
Good luck breaking 256 bit AES encryption.
May 15, 10, 11:35 am
#77
FlyerTalk Evangelist
Join Date: Sep 2007
Location: SJC, SFO, YYC
Programs: AA-EXP, AA-0.41MM, UA-Gold, Ex UA-1K (2006 thru 2015), PMUA-0.95MM, COUA-1.5MM-lite, AF-Silver
Posts: 13,437
Originally Posted by bocastephen
Considering what the government did to the creator of PGP, I'd almost guarantee at least the NSA and CIA have a backdoor to the known commercial products, otherwise the product might still be labeled an illegal munition and illegal to use or export.
Under Clinton, the rules were relaxed. Bush did absolutely nothing to reverse that, and neither has Obama. You have to get an export license for sure, but except for certain classes of products (e.g. products that perform cryptanalysis) such licenses are relatively easy to get, and once obtained, exporters are allowed to "self certify" that minor updates to software products are in compliance with the scope of the original license. I've obtained many export licenses for products with encryption.
I've worked for two companies that legally export products with strong encryption, and I can guarantee you that my software did not and does not have a backdoor. I dealt with the NSA many times, and at no time was I asked to put a backdoor in, nor would I have agreed to do so (plan B would be to ship two versions of the product, one for the domestic market, and one for everywhere else, sans encryption).
For your reading pleasure: http://books.google.com/books?id=r68...ed=0CDwQ6AEwAw
Besides which most of the products being discussed in this thread are Open Source, so secret backdoors would be impossible.
Last edited by mre5765; May 15, 10 at 11:41 am
May 16, 10, 12:35 am
#78
Join Date: Sep 2009
Posts: 381
Originally Posted by mre5765
"Good luck breaking 256 bit AES encryption."
Originally Posted by bocastephen
"Agreed, but the idea was to show a less-than-technically astute customs inspector there is nothing for them to see so they leave you alone."
Last edited by Kiwi Flyer; May 16, 10 at 9:35 pm Reason: merge consecutive posts
May 16, 10, 1:13 am
#79
FlyerTalk Evangelist
Join Date: Aug 2005
Location: Chicago
Posts: 11,196
Originally Posted by Alpha
Did I miss the memo? I didn't realize that they were allowed to search files on your laptop. Are they allowed to do that even if you don't give permission? I travel with a lot of legal docs under federal protective order, among other things, and would be pretty miffed if someone insisted on nosing through my HD.
May 16, 10, 5:32 am
#80
FlyerTalk Evangelist
Join Date: Sep 2007
Location: SJC, SFO, YYC
Programs: AA-EXP, AA-0.41MM, UA-Gold, Ex UA-1K (2006 thru 2015), PMUA-0.95MM, COUA-1.5MM-lite, AF-Silver
Posts: 13,437
Originally Posted by QUERY
Shortcut attacks target some aspect of the encryption algorithm to recover the key or plaintext in less time than a brute-force attack would take on the same algorithm. The NSA has resources to employ both. Since they would have the pax's laptop, they would have possession of the encrypted data and possibly some plaintext with which to deduce some or all of the cipher text.
http://www.schneier.com/blog/archive...tack_on_a.html
We also expect that a careful analysis may reduce the complexities. As a preliminary result, we think that the complexity of the attack on AES-256 can be lowered from 2^119 to about 2^110.5 data and time.
2^110 / ( 10^9 * 3600 * 24 * 365.25 *10^15) = 41 quadrillion years.
Now let's say the NSA has spent $10 trillion to buy enough computers to build a massively parallel key cracker. Let's say each cracker costs just $10. So the NSA has one trillion computers to crack keys. So instead of41 quadrillion years, the NSA takes a mere 41 thousand years.
And I've been extremely generous in my over estimation of the resources the NSA has. I suspect that it takes at least a microsecond, not a nanosecond, to try to decrypt some ciphertext and compare to the known plaintext. I suspect the NSA has spend closer to $100B on its key cracking hardware. And I suspect a key cracker node is closer to $100. So the number is likely closer to 41,000 * 1000 * 100 * 10, or 41 billion years to crack a key.
As I said, good luck with that.
May 16, 10, 11:36 am
#81
FlyerTalk Evangelist
Join Date: Mar 2008
Location: DFW
Posts: 18,370
Originally Posted by QUERY
I would not make that assumption. CBP is a large organization. It would be safe to say that they have a unit of their own to deal with these situations. If they retain possession of the laptop because the pax was noncompliant, they have the time to work on the problem. I'm not saying that's right but we know that it happens. You can learn a lot about someone from what's on their computer. Unless they are using a drive encryption utility, which encrypts the entire drive, there will be plaintext files on the computer with which to work with.
Seems like a job failure to me!
May 16, 10, 12:41 pm
#82
Join Date: Apr 2009
Location: FrostByte Falls, Mn
Programs: Holiday Inn Plat NW gold AA gold
Posts: 2,157
Originally Posted by mre5765
Makes no difference.
http://www.schneier.com/blog/archive...tack_on_a.html
We also expect that a careful analysis may reduce the complexities. As a preliminary result, we think that the complexity of the attack on AES-256 can be lowered from 2^119 to about 2^110.5 data and time.Let's focus on time. Let's lower that to 2^110 for simplicity. Let's say with the plaintext the NSA can attempt one decryption operation in one nanosecond (one billionth of a second). Then to find the key takes:
41 quadrillion years, the NSA takes a mere 41 thousand years.
And I've been extremely generous in my over estimation of the resources the NSA has. I suspect that it takes at least a microsecond, not a nanosecond, to try to decrypt some ciphertext and compare to the known plaintext. I suspect the NSA has spend closer to $100B on its key cracking hardware. And I suspect a key cracker node is closer to $100. So the number is likely closer to 41,000 * 1000 * 100 * 10, or 41 billion years to crack a key.
As I said, good luck with that.
http://www.schneier.com/blog/archive...tack_on_a.html
We also expect that a careful analysis may reduce the complexities. As a preliminary result, we think that the complexity of the attack on AES-256 can be lowered from 2^119 to about 2^110.5 data and time.
2^110 / ( 10^9 * 3600 * 24 * 365.25 *10^15) = 41 quadrillion years.
Now let's say the NSA has spent $10 trillion to buy enough computers to build a massively parallel key cracker. Let's say each cracker costs just $10. So the NSA has one trillion computers to crack keys. So instead of41 quadrillion years, the NSA takes a mere 41 thousand years.
And I've been extremely generous in my over estimation of the resources the NSA has. I suspect that it takes at least a microsecond, not a nanosecond, to try to decrypt some ciphertext and compare to the known plaintext. I suspect the NSA has spend closer to $100B on its key cracking hardware. And I suspect a key cracker node is closer to $100. So the number is likely closer to 41,000 * 1000 * 100 * 10, or 41 billion years to crack a key.
As I said, good luck with that.
May 16, 10, 2:41 pm
#83
Join Date: May 2009
Location: DCA
Programs: AA Gold
Posts: 50
Originally Posted by AngryMiller
Pretty good numbers. If your key phrase is short then that significantly reduces the time it would take to open the encrypted hard drive. Quite often that is the weakest link in encryption. A long phrase is hard to remember but strong. A short phrase is easy to remember but susceptible to brute force cracking. Picking up a foreign novel and taking the first letter of every page and using that as a key would make that pretty secure against brute force attacks.
Good crypto is hard and unintuitive. One mistake can trip you up. And a "rubber hose" attack can defeat even the most technically perfect cryptosystem.
I rather expect that anyone who fails to submissively divulge any requested pass-phrase to the CBP will find themselves on a lifetime "secondary them hard" list; thanks to ubiquitous, secret, unaccountable and unappealable traveler information databases, it's easier than ever for a CBP officer to capriciously and arbitrarily inflict lifelong extrajudicial punishment upon you.
Given that the US has granted its border agents the kind of unaccountable power more typical of a police-state, the only way for an ordinary citizen to truly win the border checkpoint data-privacy battle is by declining the fight; carry no data with you. But you can still win the war by using the Internet to send your encrypted data across borders.
May 17, 10, 9:33 pm
#85
Join Date: Sep 2009
Posts: 381
Originally Posted by mre5765
"Makes no difference.
http://www.schneier.com/blog/archive...tack_on_a.html
We also expect that a careful analysis may reduce the complexities. As a preliminary result, we think that the complexity of the attack on AES-256 can be lowered from 2^119 to about 2^110.5 data and time.Let's focus on time. Let's lower that to 2^110 for simplicity. Let's say with the plaintext the NSA can attempt one decryption operation in one nanosecond (one billionth of a second). Then to find the key takes:
41 quadrillion years, the NSA takes a mere 41 thousand years.
And I've been extremely generous in my over estimation of the resources the NSA has. I suspect that it takes at least a microsecond, not a nanosecond, to try to decrypt some ciphertext and compare to the known plaintext. I suspect the NSA has spend closer to $100B on its key cracking hardware. And I suspect a key cracker node is closer to $100. So the number is likely closer to 41,000 * 1000 * 100 * 10, or 41 billion years to crack a key.
As I said, good luck with that."
http://www.schneier.com/blog/archive...tack_on_a.html
We also expect that a careful analysis may reduce the complexities. As a preliminary result, we think that the complexity of the attack on AES-256 can be lowered from 2^119 to about 2^110.5 data and time.
2^110 / ( 10^9 * 3600 * 24 * 365.25 *10^15) = 41 quadrillion years.
Now let's say the NSA has spent $10 trillion to buy enough computers to build a massively parallel key cracker. Let's say each cracker costs just $10. So the NSA has one trillion computers to crack keys. So instead of41 quadrillion years, the NSA takes a mere 41 thousand years.
And I've been extremely generous in my over estimation of the resources the NSA has. I suspect that it takes at least a microsecond, not a nanosecond, to try to decrypt some ciphertext and compare to the known plaintext. I suspect the NSA has spend closer to $100B on its key cracking hardware. And I suspect a key cracker node is closer to $100. So the number is likely closer to 41,000 * 1000 * 100 * 10, or 41 billion years to crack a key.
As I said, good luck with that."
May 17, 10, 10:27 pm
#86
FlyerTalk Evangelist
Join Date: Jan 2005
Location: BWI
Programs: AA Gold, HH Diamond, National Emerald Executive, TSA Disparager Gold
Posts: 15,127
Originally Posted by QUERY
You are implying that Schneier is somehow the only expert in cryptology and that the methods he used were the only ones that could be used(which he doesn't elaborate on). The NSA probably have some of the best cryptographers working for them. Also, if they have access to the laptop and if a hard drive encryption utility was not used, they will have access to many plaintext files as well. In addition, they have the owner's identity and personal info on him as well.
AES is expected to protect TS until at least 2030 with the 256 bit implementation. If you want to tell if AES is getting closer to being broken sooner for start looking for NIST competitions sooner than that and for NSA's Suite B to be updated before then.
May 18, 10, 11:54 am
#87
Join Date: Dec 2009
Location: LAX
Programs: CX MPC SL
Posts: 63
Originally Posted by QUERY
Very interesting idea except that OS accounts can be enumerated from the Registry and the GUI(Windows OS). Also, while TrueCrypt is a good encryption program, don't underestimate the decryption capabilities of the Federal Government. If warranted, they need only get the NSA involved.
May 18, 10, 1:26 pm
#88
Join Date: Apr 2008
Location: United States
Posts: 1,438
more on cracking NSA's crypto from the man who did it, sued US govt re crypto export
Originally Posted by mre5765
Originally Posted by bocastephen
Originally Posted by mre5765
Good luck breaking 256 bit AES encryption.
Under Clinton, the rules were relaxed. Bush did absolutely nothing to reverse that, and neither has Obama. You have to get an export license for sure, but except for certain classes of products (e.g. products that perform cryptanalysis) such licenses are relatively easy to get, and once obtained, exporters are allowed to "self certify" that minor updates to software products are in compliance with the scope of the original license.
Related information from the home page of John Gilmore, who led the team that cracked NSA's cryptography:
Encryption is secret writing. Codes and ciphers. Spies. Encryption was originally used by military and diplomatic organizations; Julius Caesar invented an encryption scheme. In the last century, electronic communication (telegraphy and radio) made it widely useful, and computerization has made it extremely cheap. Widespread public networking has made it useful to everyone, for everything from putting "envelopes" around your email for privacy, moving money around the net safely, to proving that you're really you when you're halfway around the world.
The US government is deathly afraid of its own citizens (and non-US-citizens) having access to good encryption. This fear extends all the way up to the Vice President and the head of the FBI, who personally get involved in creating encryption policy. Everyone in government refuses to tell us why, saying it's classified and the national security is at stake. Rubbish! The security of the nation is already gone when its government violates the basic rights of its own citizenry, as these agencies do every day. They are "burning the Constitution in order to save it". (My own belief is that what's really at stake is a wiretap-based power base that J. Edgar Hoover and the classified spy agencies have built up for their own benefit.)
The most Byzantine set of laws, regulations, policies, departments, and practices you've ever heard of are employed by the National Security Agency and three or four other Executive Branch departments in an attempt to keep good crypto from bad guys. Unfortunately, they have also succeeded in keeping good crypto from good guys who have Constitutional rights. I instigated a lawsuit to correct this, with Dan Bernstein as plaintiff and the Electronic Frontier Foundation backing him up. I was a technical advisor to the lawyers in the case. On December 6, 1996, Judge Patel decided that the export regulations are unconstitutional. The government appealed, and on May 6, 1999, the 9th Circuit Court of Appeals agreed with her. The government appealed to an 11-judge panel in the 9th Circuit (an "en banc review"), which was granted, and then the government "voluntarily" changed the encryption export regulations so that most free software and academic research, and a lot of proprietary encryption software as well, can be easily published from the US. The "en banc review" of the old regulations became moot, and the case has been handed back down to Judge Patel, who ultimately ended it. The new regulations are even more complex than the old ones, and carry the same old harsh penalties for inadvertent violation. They need to not just be "reformed" but scrapped.
The government claims to retain the right to change those rules whenever it wants, and restrict encryption software again if it chooses. Congressman Judd Gregg announced support for doing so in the week of hysterical reaction after the World Trade Center was destroyed by hijacked airliners, but was shouted down by the people who'd spent a decade fighting this battle before he could gather any political support.
I have had an interest in encryption since childhood, and have spent a lot of time working on crypto export control issues.
I led the team that built the world's first publicly announced DES Cracker, a machine that finds the secret key used to encrypt messages in the government's favorite encryption scheme, the Data Encryption Standard (DES). The National Security Agency intervened when the scheme was being standardized in the early 1970s, shortening the secret keys so that they could build their own DES Crackers. But they spent the next 25 years lying to us about how secure the scheme is, to encourage everyone to use it -- and we did. This left NSA able to secretly eavesdrop on anyone who used DES, which includes the entire financial community, and most computer and network security systems. Technology has advanced to where anyone with $200,000 can break the code, leaving all of our DES-protected infrastructures at risk. Thanks NSA! By 2002 much of the older DES-based software has been replaced, though there are numerous places that still use it, and its use is an option in many new protocol implementations even though it is known to be insecure. NIST has standardized a new algorithm with much longer keys, which has not been studied nearly as long as DES, but which has resisted all attacks so far. Smart people have stopped designing DES into new systems. Triple-DES or AES seem to be the preferred replacements.
The US government is deathly afraid of its own citizens (and non-US-citizens) having access to good encryption. This fear extends all the way up to the Vice President and the head of the FBI, who personally get involved in creating encryption policy. Everyone in government refuses to tell us why, saying it's classified and the national security is at stake. Rubbish! The security of the nation is already gone when its government violates the basic rights of its own citizenry, as these agencies do every day. They are "burning the Constitution in order to save it". (My own belief is that what's really at stake is a wiretap-based power base that J. Edgar Hoover and the classified spy agencies have built up for their own benefit.)
The most Byzantine set of laws, regulations, policies, departments, and practices you've ever heard of are employed by the National Security Agency and three or four other Executive Branch departments in an attempt to keep good crypto from bad guys. Unfortunately, they have also succeeded in keeping good crypto from good guys who have Constitutional rights. I instigated a lawsuit to correct this, with Dan Bernstein as plaintiff and the Electronic Frontier Foundation backing him up. I was a technical advisor to the lawyers in the case. On December 6, 1996, Judge Patel decided that the export regulations are unconstitutional. The government appealed, and on May 6, 1999, the 9th Circuit Court of Appeals agreed with her. The government appealed to an 11-judge panel in the 9th Circuit (an "en banc review"), which was granted, and then the government "voluntarily" changed the encryption export regulations so that most free software and academic research, and a lot of proprietary encryption software as well, can be easily published from the US. The "en banc review" of the old regulations became moot, and the case has been handed back down to Judge Patel, who ultimately ended it. The new regulations are even more complex than the old ones, and carry the same old harsh penalties for inadvertent violation. They need to not just be "reformed" but scrapped.
The government claims to retain the right to change those rules whenever it wants, and restrict encryption software again if it chooses. Congressman Judd Gregg announced support for doing so in the week of hysterical reaction after the World Trade Center was destroyed by hijacked airliners, but was shouted down by the people who'd spent a decade fighting this battle before he could gather any political support.
I have had an interest in encryption since childhood, and have spent a lot of time working on crypto export control issues.
I led the team that built the world's first publicly announced DES Cracker, a machine that finds the secret key used to encrypt messages in the government's favorite encryption scheme, the Data Encryption Standard (DES). The National Security Agency intervened when the scheme was being standardized in the early 1970s, shortening the secret keys so that they could build their own DES Crackers. But they spent the next 25 years lying to us about how secure the scheme is, to encourage everyone to use it -- and we did. This left NSA able to secretly eavesdrop on anyone who used DES, which includes the entire financial community, and most computer and network security systems. Technology has advanced to where anyone with $200,000 can break the code, leaving all of our DES-protected infrastructures at risk. Thanks NSA! By 2002 much of the older DES-based software has been replaced, though there are numerous places that still use it, and its use is an option in many new protocol implementations even though it is known to be insecure. NIST has standardized a new algorithm with much longer keys, which has not been studied nearly as long as DES, but which has resisted all attacks so far. Smart people have stopped designing DES into new systems. Triple-DES or AES seem to be the preferred replacements.
Originally Posted by mre5765
Besides which most of the products being discussed in this thread are Open Source, so secret backdoors would be impossible.
May 18, 10, 8:51 pm
#89
Join Date: Jan 2003
Posts: 51
They don't have to break the 256-bit encryption key
Originally Posted by mre5765
Good luck breaking 256 bit AES encryption.
So the way to defeat that is to use not only a password, but also a keyfile. A keyfile is a file that gets combined with the password-generated key to create the decryption key. So now the brute force attacker needs to iterate not only over all possible passwords, but all possible keyfiles.
Good luck breaking that.
May 19, 10, 12:49 am
#90
Join Date: Sep 2009
Posts: 381
Originally Posted by armandov9
"We have a laptop at the office that we share when we go on business trips. I don't have access to other people's windows logins. I can only log on to mine. So all of the files in there under other people's login will not be accessible, nor can I make them accessible. The computer can be seized, then if I don't provide passwords and it can be seen there are other login accounts?"
Originally Posted by Superguy
"Chances are if they can break it, someone else can. They're paranoid enough that if it can be broken in a reasonable amount of time, published or not, it won't be used to protect TS data.
AES is expected to protect TS until at least 2030 with the 256 bit implementation. If you want to tell if AES is getting closer to being broken sooner for start looking for NIST competitions sooner than that and for NSA's Suite B to be updated before then."
AES is expected to protect TS until at least 2030 with the 256 bit implementation. If you want to tell if AES is getting closer to being broken sooner for start looking for NIST competitions sooner than that and for NSA's Suite B to be updated before then."
Last edited by Kiwi Flyer; May 19, 10 at 2:43 pm Reason: merge consecutive posts
