messing with the power connection



Actually I am unclear what shutting the machine off would do to that data in the first place, particularly if you just pulled the plug.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Sun, 17 Feb 2008 19:37:54 -0500 snipped-for-privacy@aol.com wrote:
| |>Transporting a running drive full |>of irreplaceable data (eg forensic computer evidence) is riskier than |>transporting a parked drive and that risk can generally be avoided. | | Actually I am unclear what shutting the machine off would do to that | data in the first place, particularly if you just pulled the plug.
When a whole drive is encrypted, or just a partition, to access that data it is necessary to first enter a passphase that decrypts a random bit array, or is the seed to generate one. After that is done, it is used to decrypt the data on the disk. But the key itself is only stored in RAM. If the machine is shutoff, the key is lost and the entry of the passphrase must be repeated. By taking the machine in its running state, the opportunity exists to examine the drive contents while the decryption is still active.
--
|---------------------------------------/----------------------------------|
| Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 18 Feb 2008 06:17:56 GMT, snipped-for-privacy@ipal.net wrote:

If the drive is "opened" when they sieze it, why not just copy the data right there? In real life guys like the FBI and NSA can crack just about any encryption with minimal effort. I know a guy who works in that arena and he has a tool that broke the IBM encryption on my laptop in about 5 minutes.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
snipped-for-privacy@aol.com wrote:

With 500+GByte disks household items these days - it can take quite a while copying the data off - even presuming a police officer was present who knew how to do it and had enough USB drives with him to do it.
Whilst many encryption algorithms are easily breakable, MS Word springs to mind, others are a challenge - even for the NSA. The advantage of getting hold of a computer which has the suspect still logged in, is that a lot of encrypted stuff is available en clair - whilst that user is logged in. All this kit does is keep the computer in that state. Why spend (expensive) time and effort breaking encryption, when the stuff is available, unencrypted?
Plus, it is possible to set up computers to run with no hard disk at all. They boot from the network and load their operating system from the network - into RAM. From a server that could be in another juristiction, or even on a different continent. Lose power and there is absolutely no evidence left to analyse. However, if someone has gone to the trouble of setting up a computer like this, for less than honest reasons, he is probably going to take a few more precautions, too*.
*Which you will excuse me for not going into.
-- Sue
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
| snipped-for-privacy@aol.com wrote:
|> |>> When a whole drive is encrypted, or just a partition, to access that data |>> it is necessary to first enter a passphase that decrypts a random bit |>> array, or is the seed to generate one. After that is done, it is used |>> to decrypt the data on the disk. But the key itself is only stored in |>> RAM. If the machine is shutoff, the key is lost and the entry of the |>> passphrase must be repeated. By taking the machine in its running state, |>> the opportunity exists to examine the drive contents while the decryption |>> is still active. |> |> If the drive is "opened" when they sieze it, why not just copy the |> data right there? |> In real life guys like the FBI and NSA can crack just about any |> encryption with minimal effort. I know a guy who works in that arena |> and he has a tool that broke the IBM encryption on my laptop in about |> 5 minutes. | | With 500+GByte disks household items these days - it can take quite a | while copying the data off - even presuming a police officer was present | who knew how to do it and had enough USB drives with him to do it. | | Whilst many encryption algorithms are easily breakable, MS Word springs | to mind, others are a challenge - even for the NSA. The advantage of | getting hold of a computer which has the suspect still logged in, is | that a lot of encrypted stuff is available en clair - whilst that user | is logged in. All this kit does is keep the computer in that state. Why | spend (expensive) time and effort breaking encryption, when the stuff is | available, unencrypted?
Ideally, do a RAM dump, and see if you can grab the buffered key. If the computer is in a state it can continue to decrypt disk contents, capturing that state itself is precious.
| Plus, it is possible to set up computers to run with no hard disk at | all. They boot from the network and load their operating system from the | network - into RAM. From a server that could be in another juristiction, | or even on a different continent. Lose power and there is absolutely no | evidence left to analyse. However, if someone has gone to the trouble of | setting up a computer like this, for less than honest reasons, he is | probably going to take a few more precautions, too*. | | *Which you will excuse me for not going into.
Yeah, it's off topic for this group. These things are frequently discussed on various software related groups.
--
|---------------------------------------/----------------------------------|
| Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Mon, 18 Feb 2008 02:07:40 -0500 snipped-for-privacy@aol.com wrote: | On 18 Feb 2008 06:17:56 GMT, snipped-for-privacy@ipal.net wrote: | |>When a whole drive is encrypted, or just a partition, to access that data |>it is necessary to first enter a passphase that decrypts a random bit |>array, or is the seed to generate one. After that is done, it is used |>to decrypt the data on the disk. But the key itself is only stored in |>RAM. If the machine is shutoff, the key is lost and the entry of the |>passphrase must be repeated. By taking the machine in its running state, |>the opportunity exists to examine the drive contents while the decryption |>is still active. | | If the drive is "opened" when they sieze it, why not just copy the | data right there?
They could do that. But maybe there is not attachment means to make a copy, or make one fast enough. Ever tried to copy a 1TB drive via USB?
| In real life guys like the FBI and NSA can crack just about any | encryption with minimal effort. I know a guy who works in that arena | and he has a tool that broke the IBM encryption on my laptop in about | 5 minutes.
Wishful thinking. Commercial encryption also tends to be weak.
--
|---------------------------------------/----------------------------------|
| Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
snipped-for-privacy@aol.com says...

Absolute bullshit!

That's not "just about any encryption". It's meant to keep thieves from stealing your data, not the NSA. Sheesh!
--
Keith

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Most small time crooks won't have any encryption at all and all but the biggest master criminal will be running something these guys can crack. If you are just trying to hide some messages there are lots of ways to make it virtually uncrackable. I think Phil is talking about a drive running commercial software and transactional data, just using some commercial encryption.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 19 Feb 2008 04:34:16 GMT, snipped-for-privacy@ipal.net wrote:

Some kid with a PC cracked DES 32 bit encryption (the best the federal government would let you have in the Clinton administration) in about 15 hours with a pretty modest PC compared to a minimal Vista machine.
I still say if you buried data in a BMP file nobody would ever find it unless they had the algorythm you used to select the bytes you changed. Think about only using the 2 low order bits of each 8 bit color value in a 24 bit pixel you altered, group them up for a 6 bit BCD character. The slight shift in color would not be noticable and in some cases it might even come out the same. The only thing the decoder would need was the way you selected bytes. Simple would be one every (pick a prime number) tougher yet would be a more complicated algorythm. It would be like an enigma machine on steroids. To start with you would have to know which image had the message.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
snipped-for-privacy@aol.com says...

You're full of shit! DES has never had 32-bit keys. Even thirty years ago DES-64 (or DES-56, depending on how you count) was the standard. Double DES (two or three pass) is now quite common and quite unbreakable by a kid in his bedroom.

Bytes? Change LSBs. It will look like (digitization) noise to anyone who looks. Encrypt it while you're at it to make it look more like noise.

It's called "steganography" and has been known for as long as secrets have been kept. BTW, the Enigma machine had nothing to do with steganography. Enigma is a block cypher.
Don't invent cryptography. There is plenty of *strong* crypto publicly available and you will lose with your own.
--
Keith

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Whatever ... the fact still remains some european kid cracked it while our government was trying to say that was all they would let us use.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
snipped-for-privacy@aol.com says...

You're still full of shit. There is no "DES-32" and never has been. DES-64 (or more accurately DES-56) won't be "cracked" and certainly not by some kid in his bedroom. I can be busted exhaustively, but that's still a large problem. Double or Triple DES make that an impossibility today.
--
Keith

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
| snipped-for-privacy@aol.com says...
|> |> >> Some kid with a PC cracked DES 32 bit encryption (the best the federal |> >> government would let you have in the Clinton administration) in about |> >> 15 hours with a pretty modest PC compared to a minimal Vista machine. |> > |> >You're full of shit! DES has never had 32-bit keys. Even thirty |> >years ago DES-64 (or DES-56, depending on how you count) was the |> >standard. Double DES (two or three pass) is now quite common and |> |> Whatever ... the fact still remains some european kid cracked it while |> our government was trying to say that was all they would let us use. |> | You're still full of shit. There is no "DES-32" and never has been. | DES-64 (or more accurately DES-56) won't be "cracked" and certainly | not by some kid in his bedroom. I can be busted exhaustively, but | that's still a large problem. Double or Triple DES make that an | impossibility today.
True, there was no DES-32. However, there was a DES-40. That was trivial to crack. For a while, that was the only thing the US allowed to export.
--
|---------------------------------------/----------------------------------|
| Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
snipped-for-privacy@ipal.net says...

No, it wasn't "trivial" to crack. The so-called DES-40 was DES-56 with modified keys. It couldn't be "cracked" any more than DES-56 could be "cracked" and an exhaustive search isn't all that trivial either. DES-40 keys are still 56bit, though have an "effective length" of 40bits. An exhaustive attack isn't trivial, though certainly within the comfortable range of the black-hats. That said, DES-40 was never used for anything important and certainly never "all the Clinton administration would let us use". DES-40 was dead long before the the swear word "Clinton" was known outside Arkansas.
The point still stands. The story is bullshit.
--
Keith

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Are you familliar with the congressional hearings about this? It was definately during the Reno DoJ and Reno was a minor political hack in Miami when Clinton was in Arkansas.I suppose I could go find the information on Thomas.LOC but yoiu would say that was bullshit too. Have a nice life
BTW the same way you say distributing neighborhoods with one phase is bullshit and I can take plenty of pictures of that in SW Florida
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
snipped-for-privacy@aol.com says...

Yes, you are full of shit. There never has been any law against using any crypto you so desire. NEVER! There are export laws, that were easily gotten around by publishing crypto outside the US. ...and that was before Clinton. Give it up. You're hopelessly sans clue.

I can't help it if you live in the third world.
--
Keith

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
| snipped-for-privacy@aol.com says...
|> |> >"all the Clinton administration would let us use". DES-40 was dead |> >long before the the swear word "Clinton" was known outside Arkansas. |> |> Are you familliar with the congressional hearings about this? It was |> definately during the Reno DoJ and Reno was a minor political hack in |> Miami when Clinton was in Arkansas.I suppose I could go find the |> information on Thomas.LOC but yoiu would say that was bullshit too. |> Have a nice life | | Yes, you are full of shit. There never has been any law against | using any crypto you so desire. NEVER! There are export laws, that | were easily gotten around by publishing crypto outside the US. | ...and that was before Clinton. Give it up. You're hopelessly sans | clue.
The export laws prevented any software that _originated_ in the USA to be exported to any foreign country with a few exceptions. Software that was not originated in the USA was unaffected since it was not exported. But if the software come _in_ to the USA and was in any way repackaged, the law affected it. That's why we had, for a while, web browsers with poor security. One could go to an out-of-USA web site and get the browser with strong security. One could get the strong security software _in_ the USA with proof of USA citizenship or residency.
--
|---------------------------------------/----------------------------------|
| Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
snipped-for-privacy@ipal.net says...

That was the attempt. Didn't work. RSA was "reinvented" outside the US, therefore set "free" of export laws.

So don't. It really was that simple. The worms escaped and there was no way for the NSA to re-can them.

One could do an in-USA secure web browser too, just don't get caught "exporting" it (laptop). Since the Internet is "free", the whole thing wend down in flames, silly stories about kids in their bedrooms or not.
--
Keith

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
| snipped-for-privacy@ipal.net says...
|> |> |> |> >"all the Clinton administration would let us use". DES-40 was dead |> |> >long before the the swear word "Clinton" was known outside Arkansas. |> |> |> |> Are you familliar with the congressional hearings about this? It was |> |> definately during the Reno DoJ and Reno was a minor political hack in |> |> Miami when Clinton was in Arkansas.I suppose I could go find the |> |> information on Thomas.LOC but yoiu would say that was bullshit too. |> |> Have a nice life |> | |> | Yes, you are full of shit. There never has been any law against |> | using any crypto you so desire. NEVER! There are export laws, that |> | were easily gotten around by publishing crypto outside the US. |> | ...and that was before Clinton. Give it up. You're hopelessly sans |> | clue. |> |> The export laws prevented any software that _originated_ in the USA to be |> exported to any foreign country with a few exceptions. | | That was the attempt. Didn't work. RSA was "reinvented" outside | the US, therefore set "free" of export laws.
There was no "reinvention". It was a different implementation. It is the implementation that counted. The implementations made in the USA still could not be exported. For a USA company to be able to sell software with RSA or other strong encryption, it had to set up an office outside the USA (often in Israel) and "start over" with a new implementation of the same algorithm.
|> Software that was |> not originated in the USA was unaffected since it was not exported. But |> if the software come _in_ to the USA and was in any way repackaged, the |> law affected it. | | So don't. It really was that simple. The worms escaped and there | was no way for the NSA to re-can them.
It did happen as described above until the goverment saw the error of their ways (e.g. it destroyed the domestic crypto industry and allowed it to flourish outside.
|> That's why we had, for a while, web browsers with poor |> security. One could go to an out-of-USA web site and get the browser with |> strong security. One could get the strong security software _in_ the USA |> with proof of USA citizenship or residency. | | One could do an in-USA secure web browser too, just don't get caught | "exporting" it (laptop). Since the Internet is "free", the whole | thing wend down in flames, silly stories about kids in their | bedrooms or not.
Whatever. But it was not re-invented. It was re-implemented.
--
|---------------------------------------/----------------------------------|
| Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
says...
<snip>

To you intentionally compete in the Dimbulb competition, or do you come by it naturally?
--
Keith

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Polytechforum.com is a website by engineers for engineers. It is not affiliated with any of manufacturers or vendors discussed here. All logos and trade names are the property of their respective owners.