Easy peasy to remember 50 character passwords.......
The first 50 characters from a favourite book,
The first 50 characters from pi,
Combine the 2,
You dont need to know the key just how the key is created....
Youth jailed for not handing over encryption password
A 19-year old from Lancashire has been sentenced to 16 weeks in a young offenders institution for refusing to give police the password to an encrypted file on his computer. Oliver Drage, from Naze Lane, Freckleton, Lancashire was arrested in May as part of an investigation into child sexual abuse images. His computer was …
-
-
Thursday 7th October 2010 09:34 GMT Steven Jones
Rather too easy to guess...
"The first 50 characters from a favourite book"
I'd make it a bit more complicated than that. There is a finite number of books and it's easily a small enough number to try many variations on the characters at the start of a book as a standard cracking tool. You might want to try combinations from different books, or maybe at different starting points.
-
-
Thursday 7th October 2010 09:03 GMT Anonymous Coward
ghost filing
real encrypted data is disguised I bet.
If I was bin laden, and I needed to send out my secret instructions or whatever...
I would, were I doing it, for instance, take something like
mp3 or jpeg encryption, and in the lsb parts put my data in.
Then the secret files could only be extracted by the right software
with the correct password.
This type of data hiding would be transparent.
Here the file in clear. Yes its some Hungarian nose flute music. Why don't you like
Hungarian nose flute music ????
-
Thursday 7th October 2010 09:03 GMT Anonymous Coward
ghost filing
real encrypted data is disguised I bet.
If I was bin laden, and I needed to send out my secret instructions or whatever...
I would, were I doing it, for instance, take something like
mp3 or jpeg encryption, and in the lsb parts put my data in.
Then the secret files could only be extracted by the right software
with the correct password.
This type of data hiding would be transparent.
Here the file in clear. Yes its some Hungarian nose flute music. Why don't you like
Hungarian nose flute music ????
-
Thursday 7th October 2010 14:10 GMT Steven Jones
Steganography
What you describe is called steganography, and anything as crude as using the LSBs is readily detectable. GCHQ would just love it if that was what terrorist cells used. hat said, there are tools to do it properly such that it cannot be so easily detected, although it's not easy. However, you can combine it with encryption as well.
Indeed you might argue that the Truecrypt second level hidden partition encryption is actually a type of steganography in that it hides data in, apparently, areas randomised as part of secure data deletion process
-
-
Thursday 7th October 2010 09:03 GMT Neil Stansbury
Freedom of Speech?
I still don't see how this doesn't fall completely under freedom of speech.
You and I make up a language and have a chat.
The language is known only to ourselves.
The Police demand to know what you and I were talking about.
We tell them to f* off and mind their own business.
I would suggest that using coercion to force us to reveal our conversation is an infringement our freedom of speech.
I don't see I am any more obliged to reveal to the Police the meaning of a verbal conversation they don't understand than I am obliged to reveal a written conversation they don't understand. The medium is irrelevant, as is the reason they don't understand it.
-
Thursday 7th October 2010 14:10 GMT Vic
Freedom of Speech?
> I still don't see how this doesn't fall completely under freedom of speech.
*What* freedom of speech?
We have no Bill of Rights in the UK. We have convention, which permits freedom of speech, but precious little legislation to back that up.
> I would suggest that using coercion to force us
> to reveal our conversation is an infringement our
> freedom of speech.
I would suggest that the freedom you espouse is illusory.
However, the Police have no specific authority to force you to decode your made-up, verbal language, so you could do this (and this is, apparently, the source of Cockney Rhyming Slang).
In the case of digitally-encrypted data, though, there is a significant difference: RIPA 2000 is enacted legislation that grants certain people the authority to require you to hand over your decryption keys. Failure to do so is a criminal offence.
> The medium is irrelevant, as is the reason they don't understand it.
This is not true (even if it ought to be).
Vic.
-
Thursday 7th October 2010 23:18 GMT david wilson
Freedom of Speech?
>>"I still don't see how this doesn't fall completely under freedom of speech."
...
>>"I would suggest that using coercion to force us to reveal our conversation is an infringement our freedom of speech."
An infringement of *privacy*, possibly, or of a right or desire to avoid self-incrimination, but I can't see any connection with *freedom of speech*.
Freedom of speech is about the extent to which you can or can't be prevented from expressing yourself in public, or have action taken against you for past self-expression.
For instance, in many jurisdictions, "telling a police officer to f* off" is something that is likely to be considered as taking self-expression a bit too far.
-
-
Thursday 7th October 2010 09:15 GMT miknik
Hmmmm
While I think a law like this is wrong, I can't help thinking that if I were under criminal investigation on child sex charges and I had an encrypted volume which I knew I could unencrypt and prove beyond any doubt that I didn't have any child porn on there then I would run from my moral highground and decrypt my drive quicker than anything rather than be tainted by the paedo brush, so unless his defence is "I forgot the password" you have to question why he won't decrypt it...
-
Thursday 7th October 2010 10:11 GMT Anonymous Coward
@miknik
Or perhaps he just has something else on there which he doesn't feel like sharing with anybody?
Say, some home-made videos of himself shagging his 70 year old boyfriend?
There are many reasons to keep perfectly legal things private - just because you can't think of any yourself doesn't mean it's the only explanation. Perhaps because it's the only thing you can think of you must have something to hide. Perhaps it's you who has a touch of the "paedo brush"...
-
-
Thursday 7th October 2010 09:34 GMT Tom 7
I'f I make a recording of static
then how can anyone prove that is not an encrypted file?
Or for that matter any file - what looks like a list of phone numbers could in fact be an index for a bomb making recipe that refers to pages/chapters in a certain book.
I'm sure if you keep trying to decrypt almost any file for long enough you can generate anything from child porn to, god forbid, a Steps CD.
You can only truly prove a file is encrypted if you did it yourself.
-
Thursday 7th October 2010 09:41 GMT Mad Mike
Missing the Point
People here seem to be missing the point. Consider the following:-
Case 1. Person is arrested and tortured (pulled finger nails, waterboarding etc.) to reveal information. Basically, give me the information or we'll do something unpleasant. That's called torture and is banned and every government is against it....they claim.
Case 2. Person is arrested and asked for his password (information). He refuses. So, they invoke RIPA and say they'll do something unpleasant (jail). This is called justice and the government is for it.
What's the difference? Both are demanding information in exchange for not doing something unpleasant.
Second point.
People keep talking about documents in safes being the equivalent in the paper world......wrong. If the police seize a written document you have encrypted using some method of another, are they entitled to force you to decrypt it? No. They have every right to seize it and go through any lock to do so, but they can't enforce you to decrypt it. So, an encrypted file is basically the same thing, yet they can force decryption.
-
Thursday 7th October 2010 14:19 GMT Vic
Not Missing the Point
> People here seem to be missing the point
No, they aren't.
> What's the difference? Both are demanding information
> in exchange for not doing something unpleasant.
The difference is that RIPA2000 is enacted legislation. It is entirely lawful for the authorities to send you down for a long time because you refuse to hand over your decryption keys.
This should not be the case. It is awful legislation. But it is the law. It protects us all from Terrrrrists, apparently.
> So, an encrypted file is basically the same thing, yet they can force decryption.
Yes, they can.
And the only way we're going to get out from the stranglehold that the last bunch of oppressors put us in is to get our elected representatives to repeal this law - or at least parts of it. A fragile coalition is a good target for pressure from the electorate...
Vic.
-
-
Thursday 7th October 2010 09:43 GMT Seven_Spades
Double trouble
In reality he can't be convicted twice for the same offence, but he can be convicted for committing the same offence twice.
The most likely action is that the judge will him for the password and return him to jail for contempt until he relents.
Many journalists have been jailed for contempt for refusing to name sources but the courts always give up in the end.
-
Thursday 7th October 2010 10:02 GMT Jerry
I'm a bit late - but
Being convicted for not disclosing a password (or more accurately not helping investigators look at your stuff) is a major change in common law.
In my view this is a bad thing.
If they wanted to open a safe and wanted the combination they wouldn't have a leg to stand on. You can refuse without penalty.
In my jurisdiction you also have the problem that you have to prove you don't know a password. It's not enough that it's innocent until proven guilty. Now - in this scenario - you are guilty until proven innocent. You also can't use a defense of self-incrimination ( usable in common law )
Overall Big Brother wins. Your right to privacy loses, your right to innocent until proven guilty loses. Your right to avoid self-incrimination loses.
I speak this as someone who works as an officer of the court (expert witness) and who has current cases where this is an issue and will result in conviction or probably innocent parties.
-
-
Thursday 7th October 2010 10:11 GMT Anonymous Coward
The full story / more details...
From: Lancashire evening post: http://www.lep.co.uk/news/teen_locked_up_after_failing_to_give_police_computer_code_1_1811470
Teen locked up after failing to give police computer code
Published on Wed Oct 06 08:27:54 BST 2010
A teenager has been sentenced to 16 weeks in a young offender’s institution after withholding his computer password from police.
Oliver Drage, 19, told the jury at Preston Crown Court he had “forgotten” the password, when officers investigating another offence asked him to surrender it.
However, the jury found him guilty of failing to disclose the password when he was lawfully required to do so.
Drage’s computer was seized in May last year. But by December police still did not have access to it.
Janet Ironfield, defending, said it was not known whether the computer was subsequently sent off to an expert bureau for analysis or whether it had simply sat on a shelf throughout the seven month period.
She added: “This man lost a great deal by the fact the police came to arrest him.
“He lost his reputation in the community.”
She said Drage, formerly of Naze Lane, Freckleton, now of Westminster Road, Liverpool, had moved house to avoid bringing shame on his family and had lost his job.
Judge Heather Lloyd said: “This was a deliberate flouting of a court order compounded by your continual denial of guilt.”
-----------------------------------------------------
With these stories tech magazine only seem to get just some details, but not all.
So the two worrying things about this particular case....
First is that he tried the 'I have forgotten the password...' defense and the jury still found him guilty.
Second is that this was a jury case just to decide about whether he was guilty under the RIPA law. So a jury of his peers gave the RIPA law the thumbs up. According to some reports taking only 15 mins to think about it. This is the most worrying thing to me. Just because a government put's in a law I disagree with does not mean that I will support it by finding someone guilty of it when on a jury. To me even though he is guilty to the letter of this law, if the law this is stupid then he is not guilty.
Why do I not support this law, because in the way it is put together there is potential that it will put in prison people who are otherwise innocent (just because you don't give up a password does not mean 100%, you have another crime you are covering up). I will never support a law like this even if it means some guilty people get away.
With law's, you can make them so that they guarantee that all guilty people will go to jail, but to do so you have to sacrifice some innocent people into prison as well. To me, laws that are made should guarantee that no innocent person goes to prison even if it means that some guilty people escape as well. But I am sure other people think differently including this jury.
I also find it interesting that when looking for more news on this through Google news search, the amount of non English places reporting this. Another reason British people cannot hold their heads high in the world any more....
-
Thursday 7th October 2010 10:27 GMT Malcolm Boura 2
Was it really photographs of child abuse?
It quite likely was not. The law in this area is so incredibly vague, and so much wider than most people imagine, that it may have been nothing more than a photograph of a nude toddler playing on the beach. However due to the secrecy inherent in this legislation we just have to take the word of the people in the "justice" system. People who make a career out of using, or sometimes abusing, this law.
A law which is badly defined and almost invariably described as being much narrower that it actually is makes a travesty of justice.
Increasingly we can not trust the authorities when they describe someone as a paedophile because they were convicted of having child porongraphy. It is quite likely that it was not pornographic.
It is also likely that the convicted person assumed that legislation described as applying to pornography only applied to pornography. There is no way to distinguish between people who genuinely possessed child pornography and use the lack of clarity as a smokescreen to minimise their culpability and those convicted of posessing non-pornographic photrographs who genuinely thought that they were legal.
It is a complete mess and far too much of my time is wasted on trying to minimise the harm caused but legislatve failings that could easily be fixed.
-
Thursday 7th October 2010 11:26 GMT Anonymous Coward
Child pron
If this guy or any other person is guilty of involvement in child pornography in any way whatsoever, I hope he rots in one of the world's more hellish jails. I understand the conundrum over freedom to keep at least some things private and away from the eyes of the law and the gummint, but I find it tough to draw lines when it comes to the kind of low-life that gets his or her sexual jollies from diddling with kiddies or seeing images of some other piece of crap doing it.
The powers-that-be think we're all potential terrorists and perverts anyway.
-
Thursday 7th October 2010 15:42 GMT Anonymous Coward
If Only Things Were That Simple...
...But they ain't. I'm not sure you understand what the police here in the UK consider CP or 'indecent' imagery these days. How about a semi-nude seventeen year-old boy or girl posing 'provocatively'..? People have gone on to the Sex Offenders Register for less, courtesy of our wonderful coppers. Or how about fully-clothed twelve year-olds posing 'suggestively'..? Ditto.
We seem to be living in a very scary madhouse. Children - yes, even 17 year-old 'children' - are to be feared by adults everywhere. Do not go near. Do not speak to. NEVER, EVER TOUCH. If you transgress, you can look forward to the six o'clock knock, to being rudely awakened by the sound of the standard issue kicking in your door and your life - as you knew it - being ripped apart before your very eyes. Best of all, as far as the morality police are concerned, there will be NO rehabilitation, no coming back from this. You will be damned forever. Even if you are just 19 years old.
Perhaps this is what the government means by a 'terror alert'. Fear is a powerful weapon.
-
Friday 8th October 2010 06:31 GMT Keith T
Sedition is a worse crime
There aren't many crimes worse than kiddie porn, but sedition is one that is.
If we give up our country and our human rights, turn our country into a police state where police can wreck your life at will, we will have suffered much more damage than child porn can inflict.
-
-
Thursday 7th October 2010 11:27 GMT Anonymous Coward
Damned if you do...
Think of this as being like other laws. For example, if you are stopped by the police on suspicion of drink driving you can refuse to provide a sample for testing, but if you do you can (and usually will) be prosecuted for refusal to provide a sample.
Quite why they need something specific for this under RIPA I don't know, surely it's just like any other case of withholding evidence.
-
Thursday 7th October 2010 11:27 GMT Neil Gardner
Guilty until proven innocent
During the normal course of my duty as anti-paedo enforcement officer in West Tesco Town Shopping Centre, I spotted an suspicious-looking gentleman paying undue attention to a 4 year-old male child inside a Postman Pat van while fumbling his camera phone. I approached the said individual and demanded immediate access to his mobile phone. The "customer" did not collaborate and bleated something about having to attend a job interview and needing his mobile for urgent business calls. At that juncture I had no alternative but to terminate the customer's existence by deploying my newly issued instant-justice laser gun in silent mode. I have reassured all carers of children within 6 kilometre radius of said incident of the elimination of another potential criminal.
On a related note, I will complete my report on the feasibility of installing hidden anti-rape CCTV cameras in all public toilets.
-
Thursday 7th October 2010 11:29 GMT Anonymous Coward
Surely "forgotten" is the best defence?
Forgotten is the accused word against the police. If the accused was previously of good character, forgotten simply reduces guilt/innocence to a 50/50 bet. I good defence lawyer should be able to argue effectively that a probability of 0.5 is an awful lot of reasonable doubt........
-
Thursday 7th October 2010 13:12 GMT Steven Jones
Insufficient
Stating that you;'ve forgotten the password is not necessarily sufficient. This guy made exactly that claim in court, but the jury didn't believe it. Where it can be shown that you've previously had access to the password and it can be shown, beyond reasonable doubt, that you still know it, then you can be found guilty. As to what reasonable doubt is? Well, that's up to the jury to decide.
-
-
Thursday 7th October 2010 12:18 GMT Anonymous Coward
One option ...
I believe a few people have missed something. RIPA doesn't actually require you to hand over the password, but it does require you to make the data available in unencrypted form. So it would be legal for you to enter the password for them rather than hand it over.
However ...
How about putting the password on the same drive, in plain view - but not marked as being a password. Or on a piece of paper in plain view but also not obviously a password.
Plod takes computer, asks for password, you tell them that you do not have the password and it is in their possession - but you give them no further information as to where in all the seized stuff (papers and computers) it is.
When asked, your answer is simply :
The password was not memorable and written down, it is probably in amongst materials you have seized. It is therefore no longer in my possession, and you (the Police) are in possession of all information you need to read the files.
If it was written on a piece of paper, then all you would be able to tell them would be "it was in the pile on my <insert description> shelf". Chances are, in their process of seizing paperwork, they won't be able to associate that description with any single large bag of paper now in their possession.
In my case, I could tell them "it was on my desk" - and I could be quite certain they wouldn't know which bit of paper it was even if I told them "immediately to the right of where I put my laptop".
But like others, I could also be in trouble because, like others, I'm in IT and I often make up temporary passwords - /dev/urandom is a good source. I may write it down, or put it in a text editor window that doesn't get saved. Once the job is done, there is no record of the password. If i miss a file when cleaning up, then I'm screwed.
-
Thursday 7th October 2010 13:12 GMT tony2heads
noise
In Very Long Baseline Interferometry we record digitised noise from the sky, (so it is really
random gaussian noise with embedded timestamps). At one stage these were recorded
to VHS videotapes and customs people had a hard time crediting that we were not up to
something funny. You could only use it when you correlate one set of tapes with another
set from another radio telescope.
Now we send it over the net
-
This post has been deleted by its author
-
Thursday 7th October 2010 15:47 GMT Anonymous Coward
The full horror of RIPA
someone here made a comment about data for national security being encrypted ...
RIPA specifically makes NO EXCEPTIONS for the purported nature of the data to be made available. It trumps doctor-patient privilege, client-solicitor privilege, and (for those that mentioned the catholic church) priest-penitent privilege.
The House of Lords last year confirmed this was the intention of the act, and not an accident that they could remedy. The cases were of a doctor who was forced to divulge patient information, and a barrister who was forced to divulge client information - both made under RIPA.
-
Thursday 7th October 2010 18:35 GMT J Lewter
Child Porn
Wow, I have never seen so many people defend someone who was found downloading child porn..
While I do not subscribe to the idea that the state should control every aspect of our lives, I also dont subscribe to the idea that some pervert should be allowed to encrypt his illegal porn just to keep it from being used as evidence.
If I was to kill and chop up someone, cook them in a stir-fry and serve them up at my local chinease resturant.. Does that exclude me from being charged with murder?
-
Thursday 7th October 2010 23:18 GMT Jess--
Missed the point
You said "I have never seen so many people defend someone who was found downloading child porn"
if you read the article you would find that it says "he was arrested in May as part of an investigation into child sexual abuse images"
nowhere does it state that he was downloading images.
you have automatically assumed that he was downloading child porn and that the "encrypted file"* contains that porn.
* the file could just as easily be a corrupted file
-
Thursday 7th October 2010 23:18 GMT Paul_Murphy
You may want to read the article.
I don't recall that he had been found to have downloaded anything - only that he was being investigated.
'Innocent until/unless proven guilty' should still be a fundamental aspect of justice.
When he is actually found guilty of making/downloading child porn or indeed any other criminal act then by all means attack him, but until then bear in mind that the only thing that he has actually been found guilty of is not disclosing a password.
He is guilty under RIPA - which is a UK law, but he is not, so far, guilty of anything else.
The obvious question is why he has not decrypted the file himself to prove his 'innocence' - hence a lot of the above discussion, but that does not make him a child molester, or indeed any other sort of criminal.
Unless not disclosing a password also makes him a murder, speeder, bank robber and mugger.
ttfn
-
Friday 8th October 2010 06:27 GMT Anonymous Coward
erm
The exact point is that he wasn't found downloading child porn, he was suspected of it, but essentially refused to cooperate in the investigation of himself. The police couldn't prove anything, so they prosecuted him for not cooperating instead. They had no solid proof of any wrongdoing, only a file they couldn't interpret.
So he isn't "some pervert" encrypting his "illegal porn". He's a member of the public, with no criminal record, who has an unidentified encrypted file on his pc! Do you honestly believe that should be an offense punishable by up to 2 years in prison?
Yes, it comes across as a little suspicious that he would rather go to goal than reveal the contents, but it still doesn't actually stand up as a legal argument *for* anything.
-
Friday 8th October 2010 08:30 GMT Anonymous Coward
Um, since when
Does being under investigation mean he's guilty? As you already know (numbnuts), photographers are often "under investigation" for being a terrorist, does that make them terrorists?
I also see no evidence in TFA YFM (you foolish moron - substitute foolish for something more appropriate if you will) that he admitted owning the file, or any related evidence that the yobs had of him committing a crime.
So, in short, if I don't like you I can just put an encrypted file on your disk, drop a tip to the local Wanker of the Law office and you're fucked. Cool. Now, I have a cool file for you to download...
-
-
Thursday 7th October 2010 23:18 GMT Anonymous Coward
Forgotten passwords
Look at it this way: An encrypted file with a last accessed timestamp a few hours prior to the PC being impounded and the password requested (and no evidence that the date is incorrect) would likely dissuade a jury from accepting a plea of "I forgot the password".
However a protected zipfile from 2 years ago (again with no evidence of date based shennanigans) would probably be accepted as forgotten.
Although it is legally plausible that a person can be jailed for refusing to provide a password and then on release from prison have the password re-requested and a new jail sentence passed only a rabid anti-establishment conspiracy theorist would actually believe that would happen.
I am not a fan of this legislation, not by a long straw, but some of the armagedon scenarios posted here are not worthy of anyone who has the intelligence to use a computer
-
Friday 8th October 2010 08:31 GMT Keith T
Never refuse to answer questions in court
Do what legal system insiders and lawyers do when cross examined -- forget what the answer is.
I don't remember, it was a long series of numbers on a scrap of paper on my desk.
They can't send you to jail for not remembering. They can send you to jail for refusing to answer.
But when questioned by police in a manner that indicates you are a suspect, ask for a lawyer. Nothing you say to police can prove you innocent, not even a rock solid alibi. Always ask for a lawyer. That is what police do.
This topic is closed for new posts.
Biting the hand that feeds IT
