Join 3,564 readers in helping fund MetaFilter (Hide)


Dreaming of password combinations sucks
February 12, 2013 8:41 PM   Subscribe

Password Cracking AES-256 DMGs and Epic Self-Pwnage
posted by unliteral (42 comments total) 11 users marked this as a favorite

 
Realistically, while my brazilian jiu-jitsu black belt certainly helps in many situations, it can be utterly useless in other real-world encounters.

I hate this guy already.
posted by empath at 8:50 PM on February 12, 2013 [17 favorites]


Couldn't he have just gotten the pw of the hardware keystroke recorder the CIA installed months ago?
posted by Damienmce at 8:55 PM on February 12, 2013


it can be utterly useless in other real-world encounters

...and that is why I now cannot come within 100 meters of any DMV office.
posted by jaduncan at 8:59 PM on February 12, 2013


So while reading this, I started thinking about having two-factor authentication enabled for situations in which you're compelled to provide your password (border crossing, evidence discovery, etc), but I couldn't think of a way that would make the second factor secure from the same type of coercion. Then he provided a suggestion in the last paragraph: what if you sent the thing-you-have to your lawyer? Would that prevent anyone else from legally coercing you into decrypting the drive? They could force you to give up the password, but it wouldn't do any good without the token protected by attorney-client privilege.
posted by Ickster at 8:59 PM on February 12, 2013


That privilege makes it so that the attorney cannot be compelled to reveal the info. It doesn't protect you from being compelled to reveal it.
posted by Chocolate Pickle at 9:02 PM on February 12, 2013 [2 favorites]


Clearly the solution is to not know it.
posted by unSane at 9:04 PM on February 12, 2013


Suppose the second factor is a specific USB drive that needs to be inserted? One with a randomly generated 40000-character string on it? There's no way you could be compelled to give up something you couldn't memorize if you tried. In this case, only your attorney could access the info.
posted by Ickster at 9:07 PM on February 12, 2013


To avoid this, I usually just store my new master admin password somewhere publicly visible on the internet 1n_Plain_$ight so that I know where it is but where no one else will ever think to look.
posted by Homeboy Trouble at 9:15 PM on February 12, 2013 [17 favorites]


Clearly the solution is to not know it.

Not necessarily out of the question, if it's important enough! To access the data you need a bit of info from your lawyer (which, since you can't know it and just tell it to him, he has to generate according to some secure method that is coordinated with your security mechanism), and a bit of info only you know. So every time you want to access it, you have to arrange to get the info from your lawyer.
posted by kenko at 9:15 PM on February 12, 2013


That all pretty heavily depends on what authority we're talking about. I doubt that, say, Iran's government would have any issue compelling your legal representation to relinquish the second factor. I can even imagine that many legal systems might treat a physical object given to your lawyer (USB stick, bloody murder weapon) differently from things you say to your attorney.
posted by axiom at 9:15 PM on February 12, 2013 [1 favorite]


Here we are in 2013 and still, pwnage.
posted by angerbot at 9:17 PM on February 12, 2013


I'd think the best way around coercion would be to have a second password that ostensibly grants access but deletes sensitive information on the system for which it's used. Whether that's viable is another matter.
posted by solarion at 9:23 PM on February 12, 2013 [1 favorite]


That was hilarious and terrifying. Paper backups are the way to go. By the way, not being able to decrypt your data is a terribly risky strategy. You may end up being mutilated by some non-crypto-savvy thug who's convinced that you can stop the ticking time bomb. Only worth it if it's life or death for others.
posted by Wrinkled Stumpskin at 9:28 PM on February 12, 2013


Attorney-client privilege is generally limited to legal advice or information provided for the purpose of obtaining legal advice. You can't, e.g., have your lawyer distribute your financial statements so that they're safe from subpoena. Not that people haven't tried, of course. I suppose the rules might be different in other jurisdictions, but it would be a very obvious loophole if they were.

On the other hand, suppose you visit a random lawyer and say "here is a letter, which you are not to give to anyone other than myself." You pay cash for his (entirely legal) cooperation; there's no paper trial linking you. Who's going to find the letter? Who's going to look for it?

Or write it down somewhere, or in a bunch of somewheres. Paint it on walls, scratch it on sidewalks, carve it into trees. Do it in a town a long way from where you live. If you need your password you know where to find it; until then there's no connection between you and your code.
posted by Joe in Australia at 9:33 PM on February 12, 2013


I'd think the best way around coercion would be to have a second password that ostensibly grants access but deletes sensitive information on the system for which it's used.

I have no doubt that if I used this setup on my computer I would use the self-destruct password by mistake within a week. However, it does sound like the most effective way of protecting the nuclear launch codes I carry on my personal laptop.

(non-sarcastically, what sort of data does a person like you lug around that needs to be protected against border guards and evidence discovery?)
posted by justsomebodythatyouusedtoknow at 9:33 PM on February 12, 2013


(non-sarcastically, what sort of data does a person like you lug around that needs to be protected against border guards and evidence discovery?)

Me personally? None at all. And every time I read an article like this it reminds me to be glad of that fact, because if I did have to carry around any genuine secrets, it would be a royal pain in the goddamn ass.
posted by Now there are two. There are two _______. at 9:38 PM on February 12, 2013 [1 favorite]


Ars Technica story
posted by XMLicious at 9:40 PM on February 12, 2013


I'd think the best way around coercion would be to have a second password that ostensibly grants access but deletes sensitive information on the system for which it's used.

There are certain situations where intentional spoliation of evidence like that would be a very bad idea.
posted by The World Famous at 9:41 PM on February 12, 2013 [2 favorites]


(non-sarcastically, what sort of data does a person like you lug around that needs to be protected against border guards and evidence discovery?)

My thoughts exactly. Very few people have any truly sensitive information that warrants military grade encryption. From wiki leaks even the military doesn't seem to need military strength encryption. The worst most people have is a couple of naked pictures of themselves and works quarterly accounts. This smacks of hacker douche overkill.
posted by Damienmce at 9:54 PM on February 12, 2013 [5 favorites]


95% of the time the reason for security is egotism. In this case, 100%.
posted by Tell Me No Lies at 9:55 PM on February 12, 2013 [8 favorites]


> > have a second password that ostensibly grants access but deletes sensitive information

> There are certain situations where intentional spoliation of evidence like that would be a very bad idea.

Clippy says it looks like you're trying to invent a deniable cryptosystem. Would you like some help with that?
posted by sourcequench at 10:04 PM on February 12, 2013 [2 favorites]


So while reading this, I started thinking about having two-factor authentication enabled for situations in which you're compelled to provide your password [...] but I couldn't think of a way that would make the second factor secure from the same type of coercion.

Last year there was a scheme put forward by some researchers that uses implicit learning to store a password in your subconscious in a way that you don't have the conscious ability to recall it, but can do so when given the right cues (in the research project, it was a really boring-looking computer game).

This strikes me as not being completely resistant to "rubber hose cryptanalysis", but it's at least an improvement. An adversary could still put you in front of a terminal and put a gun to your head (or a power drill to your kneecaps) and tell you to log in or else. But it does prevent an offline attack, where you're locked up in a dungeon somewhere and the attacker extracts the password without giving you access to the system. (Though they could always use a mockup.)

Anyway, it made me think that a simpler way of doing rubber-hose-resistant authentication is to look at subconscious aspects of password entry. E.g., the speed and way that you type your password. Most people, once they've entered a new password a few times, do it from muscle memory. But I suspect that if someone were holding a gun to your favorite body part and threatening to give it a lead injection if you didn't log in correctly, you'd probably hit the keys in a very different way. Or more plausibly, someone who's entering a stolen password by reading it from a sheet of paper is going to type it in differently as well. A sophisticated password-entry system could analyze login attempts for unusual, non-subconscious password entry, especially when there hasn't been a password change recently. These logins could be allowed but flagged for review. My guess is there'd be a lot of false-positives, but that might be acceptable for very high security systems.

The more I think about that, the more obvious it seems; I'd be surprised if there aren't systems doing that today.
posted by Kadin2048 at 10:15 PM on February 12, 2013


The issue of crossing the border is solved without resorting to lawyers or clever password tricks: don't have anything on your laptop you don't want border guards to see. Corporations figured this out years ago: send people with laptops that are clean and freshly imaged, and have them download the spreadsheets they need after they're admitted. The personal version of this is an encrypted file you download once you're in your hotel.

A border guard can deny you entrance to the country for any reason at all, and no matter how logically impossible it is for you decrypt your hard drive for them, all they hear and care about is "you can't look at my hard drive". Unless making a point is more important than your trip, sanitize your laptop before you get on the plane. There's no border guards between you and your secure server at home, is there? This has the added benefit of 1) having proper backups in place, and 2) making a lost or stolen laptop much less damaging.

Your machine and your sensitive information should never be synonymous entities.
posted by fatbird at 10:21 PM on February 12, 2013 [2 favorites]


I still have a encrypted DMG from nearly 10 years ago with some writing on it that I’ve never been able to open.
posted by bongo_x at 10:29 PM on February 12, 2013


Now, I couldn’t just share out my DMG for others to attempt to crack. Its enormous size basically precluded that. But even if I could, I wouldn’t. Given the sensitive nature of the data, I actually preferred the data lost than suffer any risk of a leak.

Subtitle: Things People Will Do To Protect Their Porn.
posted by phaedon at 10:33 PM on February 12, 2013 [8 favorites]


I'm trying to think of a file I could have on my machine whose exposure would be worse than, say, being beaten to a pulp to get me to give up the password. And imagining such a file belonging to an employer? hahahahahahaha.
posted by maxwelton at 10:40 PM on February 12, 2013 [6 favorites]


"(non-sarcastically, what sort of data does a person like you lug around that needs to be protected against border guards and evidence discovery?)"

Information that is not yours; or specifically is sensitive information that belongs to a client. In this case, the person guarding the information does security assessments on large corporations - he literally knows the unpatched holes that exist in the web presence of name-brand companies.

If he doesn't guard this information carefully, and ensure that it never falls in the wrong hands, his reputation and career is at serious risk.

So yeah, while most people don't need the amount of protection he uses, he most certainly does (and there are plenty of examples of security professionals being targeted by motivated formidable adversaries).
posted by el io at 10:40 PM on February 12, 2013 [8 favorites]


This smacks of hacker douche overkill.

While I agree that the author's article seems ... unpleasantly hacker-douchey (there's a lot of e-peen stroking going on, I guess to compensate for the fact that the dude forgot his goddamn password) it's not because of his specific choice of encryption parameters.

Using 256 bit AES isn't totally unreasonable: it offers some protection against certain kinds of (currently theoretical) attacks, in return for a moderate speed penalty that might not even be noticeable on modern hardware. If the speed penalty is tolerable, why not go for it? From the casual user's perspective it's all the same either way: if you lose your password, the data is gone; if anyone else has the data without the password, it's still secure. That's all that most people want.

By going with the strongest encryption available, the casual user doesn't increase security as much as they reduce the odds that they'll have to go through the hassle of reencrypting everything due to an advancement in cryptanalysis somewhere down the road. That's the real concern for most users: not what sort of crazy three-letter-agency adversary their data is secure against, but how long they'll stay secure against a more reasonable adversary without having to change their security posture.

Just as a practical example: when I first installed PGP, it was considered standard to create 1024-bit DSA keys. You could create longer ones, but 1024 was thought to be pretty decent. Unfortunately, a few years later it became clear that wasn't the case (due to implementation issues), and nearly everyone with those type of keys had to create new ones, a process that is a real pain in the ass. If you had eschewed the conventional wisdom that 1024-bit DSA was okay when you created your key in the first place, and instead went for some excessively paranoid option like 4096-bit RSA, then you were sitting pretty. Not because your paranoid fantasies necessarily had any validity in the real world, though.

Most users may not need "military grade encryption" (although that's not a particularly accurate description of anything), but in many cases it's not significantly easier to provide halfassed encryption as it is to do it right. So, do it right.
posted by Kadin2048 at 12:07 AM on February 13, 2013 [3 favorites]


(non-sarcastically, what sort of data does a person like you lug around that needs to be protected against border guards and evidence discovery?)

Well, I think I have a common use case.

Some things given to me for my work are legally privileged documents relating to client discussions. I would view myself as negligent if I kept them on an unencrypted volume; regardless of the likelihood of it in real life, my job is to protect the client against exposure of that information through unauthorised access to the data given to me.

The data concerned might or might not be important to a nation state, but that doesn't lessen my duty either way.
posted by jaduncan at 12:14 AM on February 13, 2013 [1 favorite]


non-sarcastically, what sort of data does a person like you lug around that needs to be protected against border guards

Source code, supplier info, and designs.

The border guards of some countries do industrial espionage. I've heard that Google treats any laptop an employee has taken to China as potentially compromised.
posted by zippy at 12:29 AM on February 13, 2013


But all laptops come from China originally.
posted by seanmpuckett at 3:20 AM on February 13, 2013 [2 favorites]


Preloaded with employer data?
posted by ardgedee at 5:32 AM on February 13, 2013


For those of you doubting the legitimacy of his using two layers of encryption, TFA gives the reason plainly - He travels a lot, border guards have an overdeveloped sense of noseyness, and the word "no" (when even locally-legal) will get you stuck in a "waiting" room for hours or days, possibly strip searched, while they literally dissect everything you have with you and hand the individual parts back to you in little plastic baggies.

Now, does he really have any data worth protecting to that level of paranoia? Y'know what? Not your call. Perhaps he does just want to keep his goat-porn fetish a secret. Not your call. Perhaps, as something of an author (and one associated with a field that at best borders on the questionably-legal) he wants to protect his contacts and sources, particularly from the local law enforcement in their home countries. Not your call. Perhaps he just thinks so highly of himself as to consider the most mundane of his emails a great work of art he doesn't want to share with the rest of the world. Not your call.


/ That said, "The douche is strong with this one!"
posted by pla at 6:09 AM on February 13, 2013


Or put another way - If we require people to justify their use of encryption, we've made the encryption itself prima facie (at least in the "court of public opinion" sense) for the worst crime possible given the medium. Child porn? Mass identity theft? Espionage? Pre-release of Spiderman 7? Just throw away the key, man, because we all know only criminals have something to hide.
posted by pla at 6:15 AM on February 13, 2013 [2 favorites]


For corporate travel purposes, why even bring a laptop? If companies are travelling with clean fresh OS installs, why bother? Bring an iPad to check mail with on the way and pick up a loaner laptop at your destination. It would eliminate the hassle of even having a laptop with you. At least until somebody decides that travelling without a laptop is suspicious behavior.
posted by COD at 6:37 AM on February 13, 2013


Interestingly, in living out this nightmare, I learned A LOT I didn’t know about password cracking, storage, and complexity.

And this guy is "Founder and Chief Technology Officer of WhiteHat Security"? I know who I'm not going to use next time I need consultants.
posted by xbonesgt at 6:41 AM on February 13, 2013 [4 favorites]


Paint it on walls, scratch it on sidewalks, carve it into trees. Do it in a town a long way from where you live. If you need your password you know where to find it; until then there's no connection between you and your code.

So "Bad Wolf" was just The Doctor's password?
posted by mikepop at 7:30 AM on February 13, 2013 [4 favorites]


Sounds like the problem was changing passwords.
posted by ckape at 11:28 AM on February 13, 2013 [1 favorite]


Realistically, while my brazilian jiu-jitsu black belt certainly helps in many situations, it can be utterly useless in other real-world encounters.

"I hate this guy already."

Why? A lot of people use the same excuse for avoiding foreplay.

I’ll of course resist giving up my admin password to the extent I’m able, but must assume I may have to “comply” at some point.

Not that everyone is into BDSM, but y'know.

...wait this is about technology? I thought “crack” this password
and hdiutil locks a DMG file when attempting to mount it, so crowbarDMG runs single threaded were some sort of innuendo.

Man, I should "take" a "computer" class.
posted by Smedleyman at 11:29 AM on February 13, 2013


"And this guy is "Founder and Chief Technology Officer of WhiteHat Security"? I know who I'm not going to use next time I need consultants."

Right, he is. And if you wanted to crack some crypto (or perhaps implement a crypto system) he wouldn't be the guy to go to. That's not what he does. If you wanted to protect your web application and the infrastructure it touches he's probably your guy (also, out of your price range).
posted by el io at 12:24 AM on February 15, 2013


don't have anything on your laptop you don't want border guards to see

"don't do that then" is one of those things that can fix any problem if you don't care about your values for "fixed"
posted by This, of course, alludes to you at 12:01 AM on February 16, 2013 [1 favorite]


Indeed. In other news, death cures everything.
posted by unSane at 4:18 AM on February 16, 2013


« Older First noticed by westerners in 1965, when the Gemi...  |  canyon.mid... Newer »


This thread has been archived and is closed to new comments