FBI hackers fail to crack TrueCrypt

Open source encryption on Brazilian banker’s hard drive baffles police dictionary attack The FBI has admitted defeat in attempts to break the open source encryption used to secure hard drives seized by Brazilian police during a 2008 investigation. The Bureau had been called in by the Brazilian authorities after the country’s own National Institute of Criminology (INC) had been unable to crack the passphrases used to secure the drives by suspect banker, Daniel Dantas.
cipav cipav

Brazilian reports state that two programs were used to encrypt the drives, one of which was the popular and widely-used free open source program TrueCrypt. Experts in both countries apparently spent months trying to discover the passphrases using a dictionary attack, a technique that involves trying out large numbers of possible character combinations until the correct sequence is found.

Brazilian reports mention that the authorities had no means of compelling the makers of TrueCrypt to help them though it is hard to see how its creators could have helped.

If a complex passphrase has been used – a random mixture of upper and lower case letters with numbers and special ASCII characters throw in – and the bit length is long, formidable computing power and time would be required to chance upon the correct passphrase.

TrueCrypt also uses what is termed a ‘deniable file system’ approach to encrypting whole hard drives. Under this design, the existence of the encrypted partition will not be obvious to anyone examining the drive allowing the individual using such encryption to plausibly deny its existence.

The logic is persuasive. If an encrypted partition or files is detected by investigators is puts the person using the encryption in the difficult position of having to refuse to disclose the passphrase, a potentially incriminating stance.

By interesting coincidence, around the time of the arrest of Daniel Dantas in 2008, a team including encryption celebrity Bruce Schneier found weaknesses in Truecrypt 5.1’s implementaion of the technology that could compromise the plausible deniability design.

Although ‘data leakage’ of the sort noted by the team examining TrueCrypt would not allow investigators access to the encrypted files it is possible that this flaw betrayed the fact that encryption had been used by the defendant.

Computerworld, UK