http://www.theregister.co.uk/2010/10/06/jail_password_ripa/

I don't know much about the law but this seems very wrong to me. Whatever happened to innocent until proven guilty?

What if he claimed he'd forgotten the password? Could they still sentence him?

Presumably then, I can encrypt a random file, put it online without the key and get anyone who downloads it in trouble because they can't prove what it is.

He should have used a hidden volume, then he could give away the outer volume password and saved his privacy

Also


Good luck with that.

I don't know the laws over there, but wouldn't that be self incriminating?

It would be, yeah.

I suppose it'd technically count as impeding the course of justice or however the hell they word it?

I thought password cracking was easy with the right software (the kind law enforcement typically have access to)?

Still, 50 characters is hardcore.

Yeah, I'm sure the local lancashire police have access to the best software around.

Not all levels of hashing or encryption are created equal.

Is it easy to crack a simple, unsalted MD5 hash with a rainbow table? Yes.

Is it easy to crack Rijndael/AES? No.

I don't know where that is (Assuming UK considering the URL) so it must be a small town?



I'm not a security expert. My extent of knowledge for password cracking expired in early 2000s, when I used to steal people's User/Pass from places using software and password lists over proxies.

See you in 400 years!

In the time it took to type that question you could have googled it.

And Lancashire is a county.

A backward county >_>

Bloody pie-eaters.

Hey, now, you're assuming there is no technical progression. In twenty years we might have GPU-powered software capable of doing it in 2 years instead of 380

GPUs are not magical computing devices. Brute forcing AES takes an astronomical amount of computing power.

I didn't say they were, simply that they'd be fast enough to do it a great deal faster than 400 years, after 20 years of technological progression.

After all, today's computers could be seen as an "astronomical amount of computing power" compared to a computer in 1990.

At which point we'll have an even more complex encryption standard that will take 400 years for that hardware to brute force.

:P:P:P:P:P:P:P:P:P

People in this thread need their emoticon privileges revoked

**** you, emon

50 characters??!?!?!
seems a bit excessive, but I guess if you have a line from a movie or song memorized....

I wasn't really looking for an answer, or I would have.

Not sure what the problem is here. I don't see how it's any different from refusing to comply with a search warrant.

a friend of mine has a long password which uses a book

it uses the chapter numbers in reverse with the reverse chapter numbers being used to determine the letter used from the first page of each chapter

Haha. The kid serves the 4 months of time.

I wonder how long the cops will try to 'crack' the password after that. I wouldn't be surprised if those Brits formed a whole department for it and several people milked it their entire careers. "Don't bother us, we're doing important computer forensics."

Hmm...I don't know enough about the law (here or there) to know what to think of this. How do police usually handle search warrants and safes inside houses? I mean, it seems like making someone give up information that may lead to their incrimination is pretty wrong, even if GETTING that information is not wrong.

I don't think it would work in America. Seems covered by the 5th amendment. Forget safes, though. No safe is even remotely secure with enough time and expertise.

Well, the level of security isn't really comparable, but the situation is essentially analogous so as far as the law is concerned, I think that's what it SHOULD be based on (as far as how the authorities may access that information and the suspects rights concerning it). Now whether or not it actually IS based on that concept is...well, who knows, these days.

After a bit of research, this does look a little more complicated than I originally thought, at least in the United States. That's because giving the police the password is an act that's partially testimonial; it's basically an admission that he has control of the volume.

It still seems to me that it would be fair to have a rule requiring people to turn over their passwords, but making the fact that they did so inadmissible at trial. (I don't know if this is already done, either here or in the U.K.) I'll probably look into this a little more when I get home.

Edit: Wikipedia has information on a relevant case here.

What could possibly be the point of this?

Presumably, it would allow the police to access unprivileged evidence (the contents of the laptop) while preventing the suspect from being made a witness against himself at trial.

I was taught in Information Security 1 and 2 to start using really long simple passwords instead of short complicated ones, something about it being easier to remember and harder to crack

"You have the right to remain silent"... unless we ask you for your password.

Is that what this amounts to?

Incidentally, I am not sure how they know that the password is 50 characters long without knowing what the password is.

Considering the charges, he got away with a lot.

I'm pretty sure Miranda v Arizona does not apply to other countries....:v:

especialy when in the UK, you get told "you don't have to say anything, but it may harm your defense if you don't say anything now that you later rely on in court".

I know that the law isn't the same in the UK. I said that as a way of pointing out why I don't agree with this as a matter of principle.

Your way of pointing out why you don't agree with it is indirectly citing a US Supreme Court case?

You are an interesting person.

well...

ONLY AMERICA COUNTS

.

watch out DrkJedi82 hes going to attack with his sharp wit and spider legs!

This still doesn't cover "you have to speak when we ask for a password", though, does it? To me, at least, that phrase says "if you are going to say something in your defence, say it at the earliest opportunity or it will not carry as much weight".

I'm not saying anything about whether the phrase "should" cover this aspect of the law, just that it doesn't support it.



It seemed as good a way of referring to the right to silence as any. Especially as "ONLY AMERICA COUNTS" - it's a part of popular culture for whatever reason so people have actually heard that phrase before.

On another note, I expect there is more to the story - that's why I asked how they knew that the password was 50 characters long. Perhaps, for example, the guy gloated to the police that they'd never crack his encryption and mentioned how long the password was - which clears a lot of the ambiguity with possibilities mentioned in the first post such as him not actually being the creator of the encrypted volume/not knowing what the password was and being unable to comply with the request.



How dare you sir.