ClueByFour

Let's assume that the NSA has not broken AES yet, and that the Truecrypt implementation thereof does not have a flaw. In that case, the only way the "experts" are going to break it is by brute force. My passphrase and keyfile make the possibility of that happening in my lifetime pretty dim, unless the algorithm is broken.

If they want it that badly, take the laptop. I have backups.

The government, in any number of cases has to either get a warrant for a keylogger or, in the case of the child-porn bearing Canadian in Vermont, a warrant to compel the suspect to release the passphrase. Presumably, if they could break the encryption, they would not go to great lengths to get the passphrases.

ClueByFour

Having considered this strategy for awhile, here is my MO for dealing with the data theft/customs snooper problem:

1. Back all data up before leaving the country and ensure that work product produced abroad is also backed up over an encrypted network connection before returning.

2. Encrypt entire laptop. My work laptop has always been as such, and my personal laptop will be now that Truecrypt gives the ability to do so.

3. All saved data/work that I want to keep to myself goes into a hidden truecrypt volume. This volume (the hidden, not the external) has a passphrase and a keyfile. The keyfile is deleted (and by deleted, I really mean a Gutmann wipe) with a backup copy placed in a location that is free from the reach of US warrants, law enforcement, and such.

What this means:

1. First, they have to get you to put in the preboot passphrase to even get it to boot. I'd offer to let them have the disk at that point just so that I can go on my way. Failing that:

2. Laptop boots and silly customs guy goes poking around. Even should he find truecrypt volume:

3. Open it. Let him see my tax returns. The odds are very heavy that the inquisition stops here.

4. If it does not, and if they are somehow able to prove the presence of a hidden volume (all but impossible) I can honestly say under the penalty of perjury that I don't have the keyfile, and that it's not available to me or to them.

Now, if it came to it, you could devise a protocol where the individual with the keyfile would be instructed not to produce it to me without instructions from my attorney to that effect (thus prohibiting it's release while under duress). That's probably over the top.

5. What I'd really like to be able to do (going back to step 1 in the first sequence) is simply say "take the f'ing drive and let me go on about my business." Get home, restore, and keep right on moving. Bill the feds for the drive.

This is a bit extreme. Odds are very heavy that the hidden truecrypt volume with some "mildly juicy to the customs dweeb but legal in every way" data inside the outer volume solves this problem pretty easily.

mre5765

Stealing music is one thing, but of course we don't have to worry about CBP preserving corporate trade secrets.

mre5765

Assuming the encryption algorithm is not flawed, and assuming a randomly generated key, breaking 256 bit AES requires on average 2**255 trials.
Assuming each attempt takes one nanosecond (10 ** -9 seconds), that is
2**255 * 10**-9 = 5.78960446 × 10**57 seconds, or, 1.83587153 × 10**60 years. Even if the feds have one billion computers working in parallel to decrypt your laptop, that is still 1.83587153 × 10**51 years. For comparison, I believe the Universe is said to on the order of 10**10 years old.

The risk here is not you will deliberately download child porn. It is that malware might have done it without you knowing and you'll be convicted. Another risk is that trade secrets, or if you have a security clearance with your government, state secrets, are now exposed to some $10 hour government bureaucrat.

So TrueCrypt is in my future.

msb0b

If true, that CBP agent's behavior does not instill confidence in our public servants. They are no better than Geek Squad employees. The difference being I can easily avoid Geek Squad and others of the ilk, but must be subject to CPB inspection.

Loren Pechtel

No--it's quite possible to make the effort needed to break the encryption more than they can possibly apply.

msb0b

Back in the 90's, RSA ran some secret key challenge contests. It took the bovine team--one of the first distributed computing project--250 days to locate the 56-bit key and 1757 days to locate the 64-bit key.

While the encryption algorithm is different, the security and key length scales in the same way. Each additional bit in the key length will take twice as long to find. In theory, the 64-bit key should take 256 times longer than the 56-bit to go through all the combinations, in reality it took 7 times longer. It may be attributed to improvements in computing speed, increased number of participants and maybe a little bit of luck.

Unless there is an inherent weakness or backdoor in the encryption algorithm or implementation, the algorithms used TrueCrypt should be near impossible to brute force. Multi-pass encryption such as AES-Blowfish-Serpent should nullify the risk of weakness in implementation. It will be much faster for the adversary to get the key from you through interrogation or torture.

Loren Pechtel

Remember that public-key keys don't scale the same. IIRC it's 3 bits you have to add to them to double the time-to-brute-force.

In general, though, adding a bit to the key length has a linear effect on the calculation time and thus is normally not much of a factor at all.

GUWonder

Bumping this up because this is still a relevant thread to post the following (as it seems to indicate something about how this tool is functioning).

The British government is claiming that TrueCrypt was NSA-whistleblower Snowden's recommended friend/tool too. So far -- after about two weeks from seizure -- the UK claims to have only been able to get access to something like 0.375% of the encrypted files suspected to be sourced from Snowden. The British government suspects a global conspiracy involved in disseminating the whistleblowing docs -- just like suspecting there is a global conspiracy involved in trying to crack the encrypted Snowden-related docs seized by the UK.