AES permits the use of 256-bit keys (but does not yet require it). Breaking a symmetric 256-bit key by brute force requires 2^128 times more computational power than a 128-bit key. A device that could check a billion billion (10^18) AES keys per second would require about 3×10^51 years to exhaust the 256-bit key space.

BTW, zfone is great and I would reccomend it to anyone traveling, especially overseas. The implementation is quite simple and assuming both ends of the call use some (non-skype) form of voip, which you probably do for cost anyways, is simple as pie. I have it tied in for my home PBX and the PBX I setup for my lab at school

@QUERY, there is that speculation anytime the NSA gets involved in any security. I have always felt their key escrow movement years ago was kind of an admission that they were really expecting to lose the ability to effectively decrypt in the long term. They were involved in the design of DES, but as far as I know their involvement in AES is kind of a myth. The problem is, they are in a contradictory roll of being the encryption experts, and also one of the groups most likely to benefit from the holes...they have been involved in the HSA-3 competition helping evaluate proposals for NIST. Then again, so is Zimmerman so that's quite an interesting set of bedfellows.

Yes, I know all of this (This is Vista Business FYI). However, if I am NOT THAT PERSON that has administrator access, how can I be forced to give access? Does this essentially mean that if you carry a laptop that you are NOT an administrator on that you share with other users (I am sure many small businesses do this), that has OTHER user accounts besides yours, you can have it seized based on failure to provide access to the USER folders of those other users?

I see your point. I doubt the CBP officer would. They are not in the trusting business. You only need to look at prior threads on this forum and you will see that they can confiscate laptops. What I would do in that situation would be to give the CBP officer the name and telephone number of a point of contact at your company who is able to provide that info. Many businessmen who travel with laptops have the company name and telephone info on them(business card taped to back-usually) in case they are lost or to differentiate them from another identical laptop. This would also work for a point of contact in a scenario such as this. I don't know what kind of info is on your laptop but if it contains intellectual property or info not meant for public dissemination, then you should NOT give out any usernames or passwords, period. Let the point of contact handle that. Your company should have an information security policy and procedures to follow regarding laptop use and information disclosures.

Yeah, that all sounds reasonable. Problem is we are very small with NO IT management of any kind. We just outsource the IT and really have no internal policy of any kind whatsoever.

It's just a scary thought, but I suppose since it's not my laptop, and I have no personal interest in it, I wouldn't care if it was just taken. It's more silly and annoying and ridiculous than anything.

And the NSA would admit to the world that it can break AES why exactly?

First, let me say it's this kind of crud that has led me to have a second "clean" hard drive for outside-the-US travel.

Or just delete them before returning through customs. Not great if you've got a long domestic connection, but it avoids the hassle.

No, just any major-studio one, and most others. I've bought unencrypted original DVDs - producers have to pay licensing fees to use the copy protection, and minor productions (and some large adult producers) will sometimes skip it to save cash[**}

[** while the older CSS optional on DVD, the formal standard for Blu-ray now requires the newer (AACS) encryption system, although I've seen some adult titles that are "out of compliance" and unencrypted. They won't play on some players. I don't remember if HD-DVD required AACS or it it was optional.]

An empty disk looks suspicious. That there's encrypted volume is obvious if you go looking for it. Customs is allowed to ask you for the key, and for random fishing the most likely thing they'll do if you refuse is to pass you through but refuse entry for your computer. Encryption is not a panacea, and how best to use encryption and at the same time avoid suspicion in the case of random fishing is left as an exercise for the reader.

There are better ways still, but this is a good start.

...is even better. Probably the best way that's reasonably convenient.

Normal, in-spec CDs don't have any copy protection; there were attempts (some of which led to some nasty public backlash, including the Sony rootkit) to add it later on. Since these were done by exploiting design defects and not part of the standard, I don't know if that makes any difference for the DMCA or not.

All of the name brand ones will either stop recording, or replace the video with a solid or warning screen, if they detect a protected (ie Macrovision) source.

It's normal for there to be some performance hit. How big a hit that will be depends on a lot of factors; with due respect to ArizonaGuy, the speed of the underlying drive is a relatively small one (the speed of your CPU, the choice of encryption algorithms used, how much memory you have, and what programs you run all matter more.)

Using swap on a truecrypt boot volume is usually particularly painful - having enough memory and minimizing swapping (or better still, disabling swap) would in general be the first thing I'd suggest.

With effective encryption, good luck to them - although a lot of encryption is badly done. Getting around a logon password for Windows by removing the drive and searching it directly, sure (indeed, I've been told they have facilities for that in-airport at some ports of entry)

They're very unlikely to do this (or look at the partitions) while doing a quick fishing search on-site.

They could. On the other hand, no matter what capabilities the NSA actually has to break strong encryption, I strongly doubt they'd be willing to risk leaking out information about what those capabilities are for non-national-security matters.

Not impossible - just unlikely to remain secret unless very, very carefully done.

As long as you appear compliant, the frontline CBP guys are unlikely to keep the laptop for further search or to escalate it to someone with the technical skills to find well-hidden material.

What's scary to me is a company without an information security policy. That's a lawsuit waiting to happen, one that can bankrupt an organization or ruin its reputation, or both.

You didn't look at number 90 post I made. I stated the NSA would not publish such info if, in fact, they had broken AES. You quoted 1 paragraph of a larger post I made, out of context. Even the quoted paragraph does not state that. Next time you quote what someone has stated, include ALL of it so the viewers can decide for themselves in what context the statement was made.@:-)

Note I'm only responding to the opening paragraph and the ones where you quoted me.

Regarding your 1st paragraph, that's a good idea.

Regarding your 2nd paragraph, what if CBP sends it off to their cyber unit, a DHS cyber unit, or, like I stated before, to the NSA, for further inspection? Viable options, yes?

Regarding your 3rd paragraph, if you look at the paragraph you quoted, I stated, "If warranted...". There is no requirement for NSA to state any info regarding the confiscated laptop to the public. As I've already stated in post #90, the NSA would not broadcast that they had broken a code like AES.

Regarding your 4th paragraph, the presumption on this forum seems to be that CBP officers are not very bright. You can roll the dice with them at your own peril. Myself, I would never underestimate someone holding such a position, even if it's an Agricultural Specialist. What you need to realize is that they have contact with the public on a regular basis, both good and bad people. Attempting to employ subterfuge against a trained, experienced officer is not a wise course of action.@:-)

I suspect the CBP officer was jealous as he has not figured out how to do it. If they even think about touching my Amazing Race torrents they are in big trouble, guns or not !

First two are certainly viable options; the last doesn't seem very viable option unless you're suspected on something of a national-security rather than merely uncooperative or banally criminal nature - any assets

Going ahead with a conventional criminal prosecution on the basis of that kind of evidence would, I think, have the same net effect as broadcasting it. Clearly, if it's a case involving al-Qaeda or something, I'd imagine things work a bit differently. Joe Blow the drug mule, or John Smith the pedophile... not so much.

Not very bright? I wouldn't say that; the ones I've dealt with have tend to be a lot smarter - and frankly, a lot more courteous - than your typical TSA agent. But bright does not imply technical skillful, and even if technically skilled, people in that position have limited bandwidth and time for any given person.

Having had my laptop searched twice (both times in my presence, albeit with a relatively half-assed job of trying to keep me from looking) I've got a fair sense of what they do on a quick "fishing" job.

You miss my point, and indeed, what I hope would be the point of anyone in this thread. The goal is not to "roll the dice" or to get away with something - I certainly HOPE nobody in this thread is trying to get away with anything that customs should be looking for - but to avoid hassles and invasion of privacy when you are in fact doing nothing wrong, or at worst engaged in a gray area like the movies the original poster mentioned.

There is also the practical aspect to all of this. I very much doubt that NSA would go through the non-trival expense of getting into a traveler's laptop unless there was a darn good national security reason to do so. If I were the DIRNSA, I wouldn't touch this job unless I was 100% reimbursed by Nappy.

There are law enforcement agencies with decent encryption-breaking capability, but, this, too, is expensive. It's a lot easier and cheaper for a customs guy to manipulate or intimidate someone into spilling their guts than it is to confiscate the laptop and send it off somewhere.

If you use a Mac it is easy to make an encrypted DMG to store files, without using the system-wide file vault.

I'd try to play nice with CBP. While you may ultimately prevail on the privacy issues, they have pretty much unlimited authority to seize property entering the US.

Regarding your 1st paragraph, that is why I stated, "If warranted...".

Regarding your 2nd paragraph, point taken. Add to that they can ask the right questions to trip a pax up in his/her own lies.

So use a pass phrase.

As I noted before to break a 256 AES key now requires 2^110 brute force attempts. Thus one merely needs a pass phrase that is resistant to 2^110 attempts. Assuming a dictionary of 65,000 words, i.e. 2^16, one just needs to construct a pass phrase consisting of 110/16 = 7 random words.

I'm sorry I don't follow. If the password is all the end user uses to cause his data to be decrypted, how does a "keyfile" help here?

Actually, if you'd bothered to read the link, Schneier is quoting from the result of someone else.

You think?

So?

So?

Some BluRay disks come with a digital file that's expressly intended for viewing on your computer.

In any event, the law is complicated, and (most likely) the TSA agent is not an attorney. Since he was giving you legal advice, you should file a complaint against whoever licenses attorneys in that state, and consult an attorney to determine if you have the right to sue under state law.

For what it is worth, it is CBP officers that are being discussed. Good luck with that. Is that legal advice you are giving or is it your opinion?

FB