Suspected Killer, Child Molester Encrypts Key Evidence on Computer:
This is a week old, but I missed it the first time around. The Associated Press reports:
  Joseph Duncan III is a computer expert who bragged online, days before authorities believe he killed three people in Idaho, about a tell-all journal that would not be accessed for decades, authorities say.
  Duncan, 42, a convicted sex offender, figured technology would catch up in 30 years, "and then the world will know who I really was, and what I really did, and what I really thought," he wrote May 13.
  Police seized Duncan's computer equipment from his Fargo apartment last August, when they were looking for evidence in a Detroit Lakes, Minn., child molestation case.
  At least one compact disc and a part of his hard drive were encrypted well enough that one of the region's top computer forensic specialists could not access it, The Forum reported Monday.
  According to the article, Duncan is a suspect in a number of murders, several of them children. State investigators have now passed on the computer to the FBI, which will see if it can crack the encryption. (Hat tip: Bruce Schneier)
Patrick McKenzie (mail):
He sounds like a sociopath. No matter, even without a detailed journal they'll be quite capable of locking him up. Breaking the encryption is entirely unnecessary except to feed his macabre fantasies -- anyhow, if he didn't screw up while doing it (and lets not give the guy too much credit -- encrypting your hard disk requires the ability to search Google, download software written to do it for you, and hit "Go") the most likely way is by convincing him to give you the password or encryption key. Just tell him that you're not particularly interested in the data and that it would be going into storage and never looked at again, and wait until the psychopath's desire to be somebody important wins out.
8.17.2005 3:11am
Anyone know what he used? I'd guess PGPDisk or similar, although he also sounds a little technical, so he might have been capable of using a loopback+EFS trick, or something.
8.17.2005 3:56am
Stephen Aslett (mail):
Unless he left his key lying around somewhere, it'll be a long, long time before we know what he encrypted.

Internet credit card transactions take place at 128 bit encryption. That's 128 places to hold a 1 or 0. That means there are 2^128 potential keys, or 3.40282367 × 10^38.

To put that huge number into perspective, if we liberally estimate that the universe has been around for 20 billion years and multiply that by the 31,556,926 seconds in a year, we end up with roughly 6.3113852 × 10^17 seconds. (And no, I'm not accounting for leap seconds.)

Of course, computers can perform many calculations per second. But even the best clusters or single supercomputers can only do so much. Assuming you had a supercomputer that tested 10 trillion keys per second and started doing so at the time the universe began, it would have only completed 6.3113852 × 10^30 keys by now.

That sounds like alot, but it's only 1.85474941 × 10^-6 percent of the total keyspace, or .000185474941%. Ouch.

It's true that computer processing power has so far increased exponentially. But even if your computer calculated tested 10 quadrillion (that's 16 zeros) keys per second and ran from the time the universe began, you'd still only have tested 6.3113852 × 10^33 keys, or 1.85474941 × 10^-5 percent of the keyspace. In other words, .00185474941%. Much better, but nowhere close to realistically breaking the encryption.

And 128 bit encryption is only the standard. Paranoid folks can and do use higher bit keys. Add just one digit to your key—129 bit encryption—and you've got 2^129 keys, or 6.80564734 × 10^38. That's twice as strong as 128 bit! You can imagine how large the keyspace is for 256 bit or 500 bit or 1,000 bit encryption.

The folks over at are trying to crack a 72 bit key with the help of computers all over the world. That's a paltry 4,722,366,482,869,646,000,000 to search. With almost 8,500 computers cranking out 138 billion keys per second and almost 3 years of work, they're not even 1% of the way through the keyspace.

Even with sophisticated algorithms and programs to cut down the time, I'm still skeptical that they can discover the guy's key before the sun goes nova if he used 128 bit encryption or anything higher.

Then again, people don't go around having memorized a 128 string of 1s and 0s. They usually protect their key by storing it in a program that protects it with a regular, user-chosen password. And thankfully most folks aren't smart enough to use a random password.

We can only hope this guy was sloppy or gets the urge to confess.

P.S. If you're curious about why bank websites and paypal require your password to be 8 characters long, take a quick look at this article.
8.17.2005 4:18am
Is decryption even necessary for a conviction? If this guy won't give up the key, don't they have a great case against him for the local equivalent of obstruction of justice? And even in a murder case, if the prosecution has some other circumstantial evidence, I bet a judge would instruct the jury that they could draw an inference of guilt from his refusal to decrypt.
8.17.2005 8:10am
Frank J. (mail) (www):
If Duncan was just slightly smart, he would have used something impossible (by which I mean implausible) for the government to decrypt (with current technology, as was mentioned). As Aslett said, it's doubtful Duncan memorized a 128-bit (16 Byte, 32 Hex digit) random key.

In computer security, the encryption algorithm is often the strongest link and the human the weakest (in the form of a passphrase chosen in place of a random key). If the FBI are smart, they have a good chance of breaking this.
8.17.2005 8:26am
Ah let's not confuse bits with bytes. An 8 character alphanumeric password contains 8 bytes, each byte contains 8 bits.

So all you need is a good passphrase to give yourself a impossible to crack pw: "We alL do N0 end of fee1ing, and we mistake it For thinking!"

would be quite long and un-crackable when converted to bits. Not too hard to remember either.
8.17.2005 9:06am
Frank J. (mail) (www):
Actually, an eight character password is even less secure than you say. I think there are 96 characters available on the common keyboard, so that's 96^8 possibilities. Except, the password is not going to be random, so that reduces it significantly.

While your secure passphrase idea works well, there is no way you can train a workforce to do that.

Let's hope Duncan wasn't smart with his password/passphrase.
8.17.2005 10:24am
roy solomon (mail):
As various law enforcement agencies continue to lobby for and win legislation granting them far reaching authority to search and sieze digital data, I expect this sort of technique to expand dramatically.
8.17.2005 10:26am
Paul Gowder (mail):
Yea, this guy must've stored the key somewhere. Of course, the FBI could always just ship the disk to Ft. Meade and, a week or two later, "oops, we found the key lying around on a post-it note, because of course the NSA doesn't have backdoors/isn't 20 years ahead of everyone else..."
8.17.2005 11:00am
I get a laugh about this guy being described (by the reporter or by the "authorities," it isn't clear which) as a "computer expert."

So he knows how to blog and how to encrypt files. Big deal.

It sounds like they're trying to make this sick loser into some kind of supercriminal.
8.17.2005 12:09pm
Actually, using the: alt+3 digit code from keypad, method you can use all 256 ASCII characters (on a PC). ╚ for example (alt+200). Of course an 8 character password is never secure, common hacking tools can crack those running on a single pc eventually. That's why pass phrases are now being advocated by some security wonks.
8.17.2005 2:07pm
Adam (mail) (www):
Finally, my published Comment comes in handy. (1996 U Chi Legal F 495):
Is decryption even necessary for a conviction? If this guy won't give up the key, don't they have a great case against him for the local equivalent of obstruction of justice? And even in a murder case, if the prosecution has some other circumstantial evidence, I bet a judge would instruct the jury that they could draw an inference of guilt from his refusal to decrypt.

I don't believe you can bring an obstruction of justice charge, or any negative inference, based on a defendant's lawful exercise of his Fifth Amendment rights. It's no different from asking a defendant from revealing the combination of his wall safe, which you just can't do. See US v Hubbell (2000), Doe v US (1988), regarding the prohibition against forced revelation of "the contents of one's mind".
8.17.2005 3:36pm
WHOI Jacket:
Can we beat the key out of him? A la "Mississippi Burning"?

/only half-joking.
8.17.2005 4:00pm
Somewhat more than half joking:
Well, looks like computer prison programs are over. Don't teach the crims how to do neato tricks like this. . .
8.17.2005 4:41pm
Cheburashka (mail):
I just wanted to point out that an alphanumeric character has 7 bits, not 8. The amount of entropy (randomness) in a byte of English text, even if you play the t@lk l1k3 Pr1nc3 game, is far less. I seem to remember it being 3 bits per character on average, but maybe that's wrong.

Its an interesting problem here, really. Most of the ways to break keys that are more efficient than trying all of them tend to require observation of encryptions - encrypting known texts, timing how long it the encryption takes, and so forth.

Then again, algorithms come and algorithms go. I don't think its such a bad bet that in 30 years, decrypting a PGP key will be routine.
8.17.2005 4:51pm
Well no, upper and lower ASCII sets take the full 8 bits as I demonstrated with the ASCII 200 character above. √ or this one which is ASCII 251. The upper ASCII characters are available for use in Windows passwords IIRC which also can be up to 126 characters long.

8.17.2005 5:09pm
Cheburashka (mail):
First, those aren't alphanumeric characters, agesilaus.

Second, you're forgetting that passwords aren't entirely random at least if they're memorable. What we're interested in measuring isn't the size of the data, but the amount of entropy contained within it. Since languages follow simple patterns, the amount of entropy in any linguistic password, even with letter-symbol substitution, isn't much. In English, about 3-bits per character (again, that's from different memory).
8.17.2005 5:58pm
So if he used the built-in encryption in Windows/NTFS, where is the key stored ?

Does Microsoft provide a backdoor for government agencies ?
8.17.2005 6:39pm
TM Lutas (mail) (www):
There are ongoing code breaking contests, one of the most famous being held by cryptographic solutions company, RSA. Previous key challenges of 56 bits and 64 bits have already been broken, with the current contest running for a 72 bit key. You can see contest stats here.

I think you are all missing the boat on encryption, though. It could be much easier or much harder to break than most might think. If he knew he was about to be caught, he could have fired off a script that encrypted his data so that even he doesn't know the key. That makes cracking the encryption very hard. On the other hand, he could be dumb enough to have just overwritten his plaintext file once. At that point, the FBI boys won't even bother to try to crack it. They'll just recover the old state of the drive by taking the drive apart in a clean room and using a special drive reader that can recover the previous bit states of a magnetic medium.

It's easy to make practically uncrackable encryption. It's much harder to actually secure data as the pathways to data compromise are varied.
8.17.2005 10:37pm
I have a feeling that if this was happening in North Korea, he'd "cough up the key."
8.18.2005 1:23am
The Dude:
Has anyone read Takedown or the opposing Kevin Mitnick book?

In one of the two books it describes how hackers sometimes like to encrypt random junk content just so law enforcement agencies waste resources attempting to decrypt it.

If this guy actually liked to "boast" about his abilities, wouldn't this seem to be a likely occurrence?
8.18.2005 10:02am
michael parker (mail):
Random alphanumeric passwords *are* memorable, you just have to repeat them a few times. Anybody that can remember a centenary of baseball trivia can remember a password like "Q*1Ix!o4" after typing it in a dozen times or so.

I agree that it's much more likely that there's a plaintext version in the freespace on that drive.
8.18.2005 10:44am