Print 66 comment(s) - last by jamesd1234.. on Feb 22 at 9:23 AM

Ramona Fricosu's attorney says she may have forgotten the password

Last month, a Colorado woman was ordered to decrypt her laptop in order to help prosecutors obtain evidence in the bank fraud case against her. Now, Ramona Fricosu's attorney is saying that the defendant may have forgotten her password, further prolonging the case and getting prosecutors nowhere with the hard drive.

"It's very possible to forget passwords," said Philip Dubois, Fricosu's attorney. "It's not clear to me she was the one who set up the encryption on this drive. I don't know if she will be able to decrypt it. The government will probably say you need to put her in jail until she breaks down and does what she is ordered to do. That will create a question of fact for the judge to resolve. If she's unable to decrypt the disc, the court cannot hold her in contempt."

Davies said Fricosu has not said in any court documents that she has forgotten the password. They are waiting to see what position she takes in court.

Fricosu was accused of bank fraud in 2010, and had her laptop seized by authorities for investigative purposes. When attempting to search her hard drive, authorities found that it was encrypted using full disk encryption, which prevents unauthorized access to data storage. The option can be found in operating systems like Mac OS and Windows, and if authorities tried to crack it themselves, they could damage the computer.

Colorado U.S. District Judge Robert Blackburn then ordered Fricosu to decrypt her hard drive and return it to the court so prosecutors could use the files against her in the bank fraud case. Fricosu tried using the Fifth Amendment to protect herself, arguing that it protects her from compelled self-incrimination.

However, Blackburn concluded that "the Fifth Amendment is not implicated by requiring production of unencrypted contents of the Toshiba Satellite M305 laptop computer." Assistant U.S. Attorney Patricia Davies backed Blackburn's decision, saying that encryption cannot be a sure way for criminals to bypass the system.

Source: Wired

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Is this actually necessary?
By Varun on 2/7/2012 2:34:48 PM , Rating: 4
If you can do 2^56 guesses per second (that is a lot) it would still take you:
256 bit key:

50,955,671,114,250,072,156,962,268,275,658,377,80 7,020,642,877,435,085 years


RE: Is this actually necessary?
By bug77 on 2/7/2012 3:45:55 PM , Rating: 3
Yes, but they could use the Amazon cloud and divide that by 10!

RE: Is this actually necessary?
By Lifted on 2/7/2012 5:31:47 PM , Rating: 2
Wouldn't that be a lot less?

RE: Is this actually necessary?
By SlyNine on 2/7/2012 10:13:59 PM , Rating: 2
I don't think an Amazon cloud can do 2^56. In fact according to Toms Hardware, in regards to cracking WPA, said

"Each GPU cluster instance is armed with a 10 Gb Ethernet link, restricting bidirectional traffic between the master and nodes to 1.25 GB/s. This is what bottlenecks the cracking speed. Remember that a single ASCII character consumes one byte. So, as you start cracking longer passwords, the master server has to send more data to the clients. Worse still, the clients have to send the processed PMK/PTK back to the master server. As the network grows, the number of passwords each additional node processes goes down, resulting in diminishing returns. "

So having 4 Tesla GPUs is faster than renting an Amazon virtual computer.

Now lets say they have 100 570s, 2 of them can do 1.5billion passwords a second ( again according to tomshardware), so 1500000000x50=75 billion. So 75 billion Tries per second is about the Max amount of computer power they can through at it.

I believe to reach the Max security on AES 128 you need 32 characters. 64 for AES 256. But lets use 128 for example. You have 94 characters in a full ASCII character set. So you take 94 possibilities in every character of a passphrase. So if you have 2 characters in your password that's 94x94 or 94^2, If you use the full strength that's 94^32= 1.38067454 × 10^63 or 13 with 63 zeros behind it. That number looks like this 130000000000000000000000000000000000000000000000000 00000000000000 + possible combinations. So lets take 130000000000000000000000000000000000000000000000000 00000000000000/ 75000000000 Which takes you 1.84089939 X 10^52 Seconds to complete. That number looks like that
1800000000000000000000000000000000000000000000000 00000 So lets divide that by 60 and than by 60 again to get us to hours, and than by 24 to get to days, and than by 365 to get to years, than lets Divide by 10 again figureing they will find the phrases after trying 1/10 the possibilities. That number is 5.83745367 × 10^43 or 58000000000000000000000000000000000 years.

So it would take 58000000000000000000000000000000000 years to complete, now if you want to divide that by a million, or billion, you will still get a number that's to big to worry about.

No you are not brute forcing AES 128 with conventonal means. Not in our lifetimes anyways. Probably not with in the lifetime of the universe.

RE: Is this actually necessary?
By SlyNine on 2/7/2012 10:21:56 PM , Rating: 2
I screwed up, it should be 1.3 with 64 zeros behind it. But since the calculations were done using the scientific numbers the calculations are still correct. Just knock off a zero on each one of the non scientific numbers.

RE: Is this actually necessary?
By SlyNine on 2/7/2012 10:23:37 PM , Rating: 2
LOL oops again. But if you don't understand what I mean elementary algebra will show you.

RE: Is this actually necessary?
By Flunk on 2/7/2012 5:00:08 PM , Rating: 2
That's not actually how brute force attacks work. They work by comparing the hashes of likely passwords (dictionary attacks often work). If you did a dictionary attack, starting with low numbers of characters and working up it would be very unlikely that you wouldn't get the actual password much sooner than that.

RE: Is this actually necessary?
By SlyNine on 2/7/2012 9:23:47 PM , Rating: 2
Sorry but you're wrong. Any DECENT password will never be solved by a dictionary attack, for example use 3 random key files and a password using characters like / numbers and caps. Your dictionary hack in that case would be a complete waste of time and resources.

Further since this was full disk encryption she most def. Had a good passphrase.

"We can't expect users to use common sense. That would eliminate the need for all sorts of legislation, committees, oversight and lawyers." -- Christopher Jennings

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki