How to Cripple the FBI

by comfreak  (comfreak@gmail.com)

Watching cable news in October, I saw the story of Joseph Duncan, a man who confessed to the murder of two adults and a teenager in Idaho.  For more info see Google News and have yourself a merry time searching.

However, the crux of the story caught when I heard the FBI had his laptop and could not crack the encryption without his password.

The news reporter asked aimless questions such as, "How hard is it to encrypt a laptop?" and, "Why is the FBI having such a hard time cracking this laptop?"

Of course, news commentators are clueless on how easy it is to encrypt a drive and subsequently leave even the federal government apparently helpless.

It got me wondering just what kind of encryption this me be that the FBI went public with the information.

Surely, they would not want to embarrass themselves unless they truly needed this guy to give up his password.  I heard on the same TV program one of the officers garble something about, "It's called Pretty Good Program."  I assume he is speaking of Pretty Good Privacy (PGP) at pgpi.org) so it just got me thinking more and asking some questions.

Can it really be just that simple to encrypt files beyond the power of the federal government?  If it really is so strong beyond the cracking power of the FBI, then clearly all security comes down to the quality of your password.

The commercial version of PGP features an option to encrypt an entire drive or create an encrypted virtual drive within you drive.  That makes it very easy to keep an encrypted section and just sent things that are of a "sensitive" nature to it.  It could be the only thing between you and a jail cell depending on your specific issue with the law.

Whether the federal government can crack it or not doesn't matter if your password is something simple like fluffy or 12345

Perhaps something more obvious like your initials or your kids name(s).  For further illustration of the absurdity of people's passwords I'll point to a family member of mine who shall remain nameless.  They use the same password for everything from their email to their financial data to their Windows password.  The punch line comes in the fact that the same password phase is also used as their license plate number.  I couldn't make that up if I tried.

The bottom line I found from this story is that you really need to take passwords seriously.

Unfortunately, most people don't like to write down/remember more than one or two simple passwords.  Of course, if for "some" reason you find yourself in a situation where you wish you set better passwords, it will be too late.  For example, let's say you find yourself on the wrong side of the law and some computer equipment is seized.  Perhaps there is "information" on that equipment which could get you in more "trouble."  You could end up compounding a simple problem.

However, if you are using strong encryption and a string of tough passwords, you will be safe.  If this laptop sent to the FBI is secure, your local crime lab will be even more helpless.

There are some excellent password generators I found just doing a simple search:

More advanced generators and downloadable programs:
Return to $2600 Index