
TrueCrypt 'decrypted' by FBI to nail doc-stealing sysadmin? - aburan28
http://www.theregister.co.uk/2015/08/04/truecrypt_decrypted_by_fbi/?mt=1439013395779
======
phaus
Click-bait. The suspect had a plea agreement. I'm not sure why there's a
question whether he surrendered his password or not. He obviously did else he
wouldn't have an agreement anymore.

------
moepstar
Most probably a variant of this:

[https://xkcd.com/538/](https://xkcd.com/538/)

------
steeples
Without blindly claiming TC is backdoored, it does have an horrifically bad
RNG which is housed in the application, and uses frantic wiggles of the mouse
to generate seed values. Now depending on how much caffeine is in your system
at the time, the values generated can differ quite substantially, ranging from
super low (unsecure) entropy to 'fair game' entropy. Frankly I don't trust it
one bit. If you consider how much room a mouse can potentially move within a
typical desktop screen, the seed values are constrained within those params,
always and forever.

~~~
dogma1138
This really doesn't matter, the FBI nor anyone else will be dealing with
decryption by building probabilistic modules on RNG generation using various
given states and the average use of some one's mouse.

TrueCrypt like many other FDE's has 2 keys, your Data Encryption Key which is
generated by the software using random values, and your Key Encryption Key
which is generated from a pass phrase and no random data since it has to be
generated every time.

The KEK is generated using a key derivation function most commonly PBKDF2,
this is by far the easiest vector to attack because this vector is vulnerable
to 2 fairly easy attacks.

Brute force against the KDF which generated the KEK and brute force against
the user which generated the pass phrase.

Bad entropy or not the FBI will not be breaking AES anytime soon heck if AES
can be broken atm with entropy as bad as some rolling a D20 the US government
won't use it because you can be sure that some implementations of it in use by
the USG have probably even shittier pseudo random number generators than
that...

------
venomsnake
I kinda suppose they just obtained the key from somewhere. Could be a lot of
places - in memory attack, some form of forensics, backup flash drive hidden
somewhere or just deal with the prosecutors.

Why no one is wrapping their sensitive hardware in termite or booby trapping
them, I cannot understand.

~~~
dogma1138
Or it can be more likely a plea that he decrypts the drive on the condition it
will not be used to press new charges against him?

------
nickysielicki
Ahh, my favorite type of thread. Baseless speculation time!

There are really only three angles to explore here:

* The guy flipped. Open and shut case. This implies the world is boring. It's more fun to assume this isn't the case.

* Truecrypt has some fundamental state-planted problem. Though the post-closing audits found nothing particularly damning [1]. We really need a non-technical audit of Truecrypt though. Certainly _something_ happened there with a three letter agency. They wouldn't just shut down without any actual reason. Who is a tech-journalist I can send an email to? I'd like to reach out and ask them to try to get in contact with all of the Truecrypt top contributors. At least some of them have to be outside US jurisdiction. I feel like someone has to have already explored this angle, though. Can someone kindly link me to a full history of their VCM? A 5 minute google turned up short for me-- I could find a lot of mirrors of the latest source and binaries but none with the full history. Perhaps we're looking at the wrong place. Another angle is that Truecrypt itself was cryptographically sound (and thus an audit wouldn't find anything) but instead the developers found evidence that Windows itself was undermining encryption done through it. They privately reached out and got gagged.

* We collectively have underestimated the cracking abilities of the FBI/NSA. They hire amazing cryptographers. I'm too lazy to look up anything to back this up, but I would wager they even employ the majority of people in the US working on quantum computing (and thus quantum-crackers). Excluding universities this is almost certainly true. I was asking on ##crypto a few months ago about what was going on with bleeding-edge quantum computing and the people in the channel seemed to think that we weren't even close to 1024 qubbit quantum computers. But given that so much of the talent is under security clearances, I can't imagine we have a great idea of what's really going on in that field. Perhaps they can crack everything we currently do. An interesting project idea is for someone to implement some of the post-quantum algorithms [2]. Even if your implementation is faulty or the theory is incorrect, it would not hurt to use these and encrypt on top of what we're already doing. They probably won't make sense for day-to-day encryption for boring folk, but performance concerns are secondary for our journalists and whistleblowers.

My real guess on what happened here? A mix of the three. I would guess our
sysadmin messed up somewhere and left incomplete evidence of his keys, or that
truecrypt itself did this. I would guess FBI/NSA was able to use this and
their supercomputers to put the pieces together.

I want to read more about what is physically impossible with regards to
cryptography. When I took my discrete mathematics class a few years ago we got
into this, but I've honestly forgotten a lot of the details. Eg: If every atom
in the universe could hold 1tb and we had boundless computational power, could
we generate rainbow tables to defeat our current cryptography. Etc.

[1]: [http://istruecryptauditedyet.com/](http://istruecryptauditedyet.com/)

[2]: [https://en.wikipedia.org/wiki/Post-
quantum_cryptography#Algo...](https://en.wikipedia.org/wiki/Post-
quantum_cryptography#Algorithms)

~~~
xkiwi
Interesting.

I always wonder about this: in order to decrypt a file/volume encrypted by
TrueCrypt, user just need to type their NOT-SO-LONG password. With today's
capability such as EC2 or quantum computing as you mentioned, isn't that just
minutes away to crack a 12 digi password?

~~~
nickysielicki
Number of passwords ("126-31" coming from
[http://www.asciitable.com/](http://www.asciitable.com/)):

    
    
        >>> (126-31)**12
        540360087662636962890625
    

How many years would this take if you could test each password in
.0000000000001s?

    
    
        >>> (((126-31)**12)*.0000000000001)/60/60/24/7/365
        244.78151394444308

