surrendering one's passphrase to authorities

Atom Smasher atom at
Wed Mar 4 00:04:33 CET 2009

On Tue, 3 Mar 2009, David Shaw wrote:

>> This article caught my eye. One of the things that I gleaned from the 
>> article is that it's obvious that law enforcement (at this level) does 
>> not have the ability to brute-force crack PGP encrypted data. Instead, 
>> the courts are attempting to force the surrender of the passphrase.
> Well, maybe.  It's also possible that law enforcement does have the 
> ability to get into the encrypted data (by some means - I doubt brute 
> force), but does not want the knowledge of that ability to be made 
> public.

i would think the FBI (presuming that they're involved) would be able to 
brute-force a pass-phrase in less than a year. they have the disk, so in 
all likelihood the weakest link in the chain is the pass-phrase (and 
that's assuming that there's no cache/tmp files that are not encrypted). 
does anyone know details about PGPDisk's string-to-key algorithm(s)?

kid porn makes this an interesting edge case, because people (judges and 
juries included) are more likely to ignore the established protections of 
the 5th amendment (which, IMHO, should apply even to alleged scum or it's 
meaningless). my suspicion is that authorities have already decrypted the 
contents of the disk (unless the guy was using a *really* strong 
pass-phrase) and the case is being pushed to make a precedent out of 
"sometimes it's ok to ignore the 5th amendment".


  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808

 	"Religion is what keeps the poor from murdering the rich."
 		-- Napoleon Bonaparte

More information about the Gnupg-users mailing list