Secret Services Cracks Encrypted Evidence

Found on Slashdot on Monday, 28 March 2005

The Washington Post offers this writeup about how the U.S. Secret Service uses a Distributed Network Attack program to crack encryption on computers and drives seized as evidence. How can brute force still succeed with 256-bit encryption, you ask? Customized password dictionaries from the seized computer's email files and browser cache: People still use non-random passwords.

Good to know. And hooray for passphrases with more than 30 characters (which aren't only alphanumeric of course) and Blowfish-448. The weakest point is always the user; eliminate the user, eliminate the weakness.

Oh, and on a side note: I was planning to link directly to the Washington Post, but getting bombed with cookies and a forced registration doesn't win my sympathies. So this link goes to Slashdot instead.

Browse all articles« Previous « » Next »