Full-disk encryption is too good, say crime investigators.

[Salmon Trout]

New Scientist is carrying a story saying that full disk encryption schemes (such as Bitlocker, Truecrypt, etc) are making life hard for investigators.

"Full-disc encryption is good at keeping your computer secure. So good, in fact, that it's got digital CSI teams tearing their hair out. Computer security engineers, including a member of the US Computer Emergency Response Team, are complaining in a research paper this week that crooked bankers, terrorists and child abusers may be getting away with crimes because it is proving impossible for digital investigators to unlock their encrypted hard drives."

The US CERT team say that strategies that agencies should adopt include improved scene-of-crime procedures and better preparation of search warrants, but their conclusion is "somewhat hopeless" says New Scientist:

"Research is needed to develop new techniques and technology for breaking or bypassing full disk encryption."

New Scientist concludes:

"...Which kind of goes against the whole point of encryption, we would suggest."

The paper:

The growing impact of full disk encryption on digital forensics

Eoghan Casey, Geoff Fellows, Matthew Geiger and Gerasimos Stellatos

http://www.sciencedirect.com/science/article/pii/S1742287611000727

Having thought about this, I have installed Truecrypt and created a volume in which I have put my bank statements and sensitive financial information.

[BC_Programmer]

I find the idea that any form of encryption can be "too good" to be a somewhat silly statement. Maybe these investigators should look for a different job if their finding it difficult to break encryptions designed specifically to keep people out.

It would be like if door locks were improved, and suddenly the police are complaining that their jobs aren't as easy because they can't just kick the door in.

And really, I don't see how it really affects law enforcement. If they are trying to break encryption they are doing it wrong. When you have, say a suspects laptop and you have the legal precedence to try to decrypt it, you shouldn't waste your time constructing a million dollar distributed system in a futile attempt to crack their 4096-bit RSA. Instead the first response ought to be to Drug him and beat the person with a 5 dollar wrench until he gives them the password. Of course it wouldn't come to that, but I would still think that they are attacking the thick part of the wall. People are the weak part of the encryption.

[Geek-9pm]

Interesting. By the way, has anybody noticed this?

PGP Products | Symantec
http://www.symantec.com/business/theme.jsp?themeid=pgp
PGP and Symantec are now one company. We are currently in the process of migrating content and functionality from the Altiris websites, and have created this …

PGP was a hot issue years ago. For some of the same reasons given in the article the nOP quoted.
http://en.wikipedia.org/wiki/Pretty_Good_Privacy
There is The International PGP Home Page
http://www.pgpi.org/

[kpac]

They say they're "too hard to break", but who knows what technology, for example, the FBI and CIA have at their disposal?

"Research is needed to develop new techniques and technology for breaking or bypassing full disk encryption."

And if this is done, the same research will be used to develop stronger encrpytion.

[Geek-9pm]

They say they're "too hard to break", but who knows what technology, for example, the FBI and CIA have at their disposal?
And if this is done, the same research will be used to develop stronger encrpytion.

When two people already have a secure communication link, they can send each other information about how to make the link stronger. A cracker would need to have a archive of all their communications to find how they improved the encryption. The point is, with a good head start, you can keep your secrets for a long, long time. As BC mentioned, it becomes more feasible to use some other tacit.
The idea of make encryption illegal or restrained is a matter of concern. An not just for professional criminals.

The Ky and Lock analogy:
Recently I was asked to leave a key to my house in a secret place;  so the fire department could get into my house. Rather that making another key, I might just leave the doer unlocked while I am not at home,  and locked when I am in the house.

[Salmon Trout]

They say they're "too hard to break", but who knows what technology, for example, the FBI and CIA have at their disposal?

I am fairly confident there is no present technology that can break 256 bit AES encryption by brute force in a reasonable time. Breaking a symmetric 256-bit key by brute force requires 2128 times more computational power than a 128-bit key. A device that could check a billion billion (10 to the power of 18) AES keys per second (if such a device could ever be made) would in theory require about 3×(10 to the power of 51) years to exhaust the 256-bit key space.

FBI hackers fail to crack TrueCrypt
Open source encryption on Brazilian banker's hard drive baffles police dictionary attack

By John E Dunn | Computerworld UK | Published: 10:55, 30 June 2010

The FBI has admitted defeat in attempts to break the open source encryption used to secure hard drives seized by Brazilian police during a 2008 investigation.

The Bureau had been called in by the Brazilian authorities after the country's own National Institute of Criminology (INC) had been unable to crack the passphrases used to secure the drives by suspect banker, Daniel Dantas.

Brazilian reports state that two programs were used to encrypt the drives, one of which was the popular and widely-used free open source program TrueCrypt. Experts in both countries apparently spent months trying to discover the passphrases using a dictionary attack, a technique that involves trying out large numbers of possible character combinations until the correct sequence is found.

[Geek-9pm]

"Bless my cracked corn and ground bone mixture!" ejaculated the chicken fancier. - "Tom Swift And His Electric Locomotive"

That may be the phrase the FBI needed.
That is how real people can setup a hard code. They both have copies of the same book. Same edition. When the want to change a phrase used for encoding, they just refuter to the book by chapter, paragraph and sentence. But without the name of the book.
Like this: 8.12.4
Would mean chapter 8, paragraph 12, sentence 4.
A reference to a specific edition of a Tom Swift book by men who speak Brazilian Portuguese would be very unexpected.

[Salmon Trout]

That is how real people can setup a hard code. They both have copies of the same book. A reference to a specific edition of a Tom Swift book by men who speak Brazilian Portuguese would be very unexpected.

I'd use steganogaphy and hide messages in hi-res goat porn. Everybody the whole world over likes goat porn, don't they? Nothing suspicious there!