surrendering one's passphrase to authorities
atom at smasher.org
Wed Mar 4 00:04:33 CET 2009
On Tue, 3 Mar 2009, David Shaw wrote:
>> This article caught my eye. One of the things that I gleaned from the
>> article is that it's obvious that law enforcement (at this level) does
>> not have the ability to brute-force crack PGP encrypted data. Instead,
>> the courts are attempting to force the surrender of the passphrase.
> Well, maybe. It's also possible that law enforcement does have the
> ability to get into the encrypted data (by some means - I doubt brute
> force), but does not want the knowledge of that ability to be made
i would think the FBI (presuming that they're involved) would be able to
brute-force a pass-phrase in less than a year. they have the disk, so in
all likelihood the weakest link in the chain is the pass-phrase (and
that's assuming that there's no cache/tmp files that are not encrypted).
does anyone know details about PGPDisk's string-to-key algorithm(s)?
kid porn makes this an interesting edge case, because people (judges and
juries included) are more likely to ignore the established protections of
the 5th amendment (which, IMHO, should apply even to alleged scum or it's
meaningless). my suspicion is that authorities have already decrypted the
contents of the disk (unless the guy was using a *really* strong
pass-phrase) and the case is being pushed to make a precedent out of
"sometimes it's ok to ignore the 5th amendment".
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
"Religion is what keeps the poor from murdering the rich."
-- Napoleon Bonaparte
More information about the Gnupg-users