The FBI has failed to decrypt files (http://g1.globo.com/English/noticia/2010/06/not-even-fbi-can-de-crypt-files-daniel-dantas.html) of a Brazilian banker accused of financial crimes by Brazilian law enforcement, after a year of attempts. Five hard drives were seized by federal police (http://translate.google.com/translate?js=y&prev=_t&hl=en&ie=UTF-8&layout=1&eotf=1&u=http%3A%2F%2Fwww1.folha.uol.com.br%2Ffolha%2Fbra sil%2Fult96u447378.shtml&sl=pt&tl=en) at the apartment of banker Daniel Dantas, in Rio de Janeiro, during Operation Satyagraha in July 2008. (The link is to a Google translation of the original article (http://www1.folha.uol.com.br/folha/brasil/ult96u447378.shtml) in Portuguese.) The article in English mentions two encryption programs, one Truecrypt and the other unnamed. 256-bit AES was used, and apparently both the Brazilian police and the FBI tried dictionary attacks against it. No Brazilian law exists to force Dantas to produce the password(s).




SOURCE:
http://yro.slashdot.org/story/10/06/26/1247201/White-House-Unveils-Plans-For-Trusted-Identities-In-Cyberspace

http://imgs.xkcd.com/comics/security.png

Always encrypt your hard drives. They can't break that stuff and don't have any reason to do so.

Use TrueCrypt to encrypt your harddrives and don't talk to the cops. Even the NSA and the DoD can't crack that encryption.

where is a link that explains in layman terms what encryption is, how to do it, etc.

Be aware that it's not enough to just encrypt a hard drive. You have to keep the system in question powered down at all times it's not being used... trivial off the shelf hacks have been demonstrated where computer duster is sprayed on RAM to cool it off (and keep the data around for longer without power), and then the RAM is hot-swapped into another system to dump any encryption keys that might have been stored away.

I've also seen devices to clamp a power cable and replace a computer's power feed with a battery, without shutting it off.

where is a link that explains in layman terms what encryption is, how to do it, etc.

http://www.truecrypt.org/

install and use...
donate if you like it...

there is a beginner tutorial link on the left with screenshots to get you set up...

LOL, it appears Truecrypt uses PGP encryption. I've been using that for quite a few years.
When PGP first came out, the U.S. government told them it could not be exported outside of the country and thus could only be downloaded within the United States. They solved that problem by putting another server outside of the country so everybody could download it.

I do like how Truecrypt has made it easier to use PGP encryption though.

Be aware that it's not enough to just encrypt a hard drive. You have to keep the system in question powered down at all times it's not being used... trivial off the shelf hacks have been demonstrated where computer duster is sprayed on RAM to cool it off (and keep the data around for longer without power), and then the RAM is hot-swapped into another system to dump any encryption keys that might have been stored away.

I've also seen devices to clamp a power cable and replace a computer's power feed with a battery, without shutting it off.

Can't one just dismount the volume and leave the machine turned on?

LOL, it appears Truecrypt uses PGP encryption. I've been using that for quite a few years.


Truecrypt supports a whole lot of different encryption algorithms.

On the subject at hand, it is also possible they did break into his drives but didn't find the information they were looking for. In which case it might be easier to just say they didn't manage to break into them. Just saying.....

Truecrypt supports a whole lot of different encryption algorithms.

On the subject at hand, it is also possible they did break into his drives but didn't find the information they were looking for. In which case it might be easier to just say they didn't manage to break into them. Just saying.....

There was actually a case where TSA agents found child porn on a guy's laptop while he had his files unencrypted. Then they shut off his laptop and sent it to the FBI. They needed his password to mount the TrueCrypt partition since they couldn't crack after years of trying. He just pleaded the 5th and the judge dismissed the case.

So basically if everyone encrypts their information it will make the job of FBI really hard and next to impossible if they start violating people's rights?

Can't one just dismount the volume and leave the machine turned on?

That should be sufficient, so long as your encryption software is smart enough to make sure the keys have never been written to swap and get zeroed on exit.

So basically if everyone encrypts their information it will make the job of FBI really hard and next to impossible if they start violating people's rights?
Pretty much.

Will encryption cause loss of data, quality (like pictures and vids) or cause date to degrade or anything else negative?

There was actually a case where TSA agents found child porn on a guy's laptop while he had his files unencrypted. Then they shut off his laptop and sent it to the FBI. They needed his password to mount the TrueCrypt partition since they couldn't crack after years of trying. He just pleaded the 5th and the judge dismissed the case.

Can't do that anymore. One of the laws passed in recent years gives the govt the right to force you to turn over your password. If you don't, you will stay in jail until you do.

which is why the truecrypt hidden partition with plausible deniability is such an awesome feature.

Will encryption cause loss of data, quality (like pictures and vids) or cause date to degrade or anything else negative?

Nope. If you lose your password however it will all be lost permanently.

Chase is giving good advice in this thread. Except the idea that the system should ever be online.

The problem is that Microshaft and other OS's are like Swiss cheese. "other means" like keystroke monitors are used for password recovery.

RE PGP: I know Phil Zimmerman. He was introduced to me by a NSA gal (PhD). I'm mentioned as a primary source in one of her more famous papers. He offered to teach me fast mathematics in C, I need to look him up on that and make him follow through... Bit operations...

One of my professors was working on trying to reduce the search space by a third of one bit a few years ago... In cooperation with a gvmt cryptographer... The keys are encrypted with a different algorithm - IDEA - that may not be as secure, but seems to be holding up last I checked.

-t

ps: DES has problems and ALL Microshaft crypto routines are cracked! The companies that sell decryption software insert loops into their programs so the password doesn't pop out like INSTANTLY!

http://imgs.xkcd.com/comics/security.png

There's a way around that problem. Encrypt stuff so that it doesn't look encrypted. Then nobody knows to beat you over the head for the password.

There's a way around that problem. Encrypt stuff so that it doesn't look encrypted. Then nobody knows to beat you over the head for the password.
Have a decoy drive with just random "noise" on it so that they spend forever trying to decrypt it when in reality there is nothing there. :);)

Have a decoy drive with just random "noise" on it so that they spend forever trying to decrypt it when in reality there is nothing there. :);)

Hmmm....I hadn't thought of that. I was thinking more in terms of steganography. You can hide incriminating data in innocent looking files by spreading the bits across.

http://lifehacker.com/230915/geek-to-live--hide-data-in-files-with-easy-steganography-tools

For the life of me I don't know why more people don't use this. A combination of steganography and PGP would be pretty unbreakable I would think.

http://imgs.xkcd.com/comics/security.png

Matt Collins! oh my! the Gov'ts rarified line of demarcation
between our most secretive NSA and our more worldly CIA!

LOL, it appears Truecrypt uses PGP encryption. I've been using that for quite a few years.
When PGP first came out, the U.S. government told them it could not be exported outside of the country and thus could only be downloaded within the United States. They solved that problem by putting another server outside of the country so everybody could download it.

I do like how Truecrypt has made it easier to use PGP encryption though.


After the end of WWII... the ENIGMA machines Germany developed, were allowed usage by other nations, because the US stated they have their own encryption system and no need for the German system. So many 3rd world nations and others used the ENIGMA, thinking their communications were secure, when in fact, the US/UK intentionally let distribution/usage, so they could monitor ENIGMA encrypted communications by others.

http://www.pgp.net/pgpnet/pgp-faq/pgp-faq-security-questions.html

The true gist, never believe the Misinformation/Disinformation of the Imperial Empire machine and THEIR press releases.

BTW... The NSA is the world's largest user of Data Storage.