Teen Jailed for Refusing to Give Up His Password

[fracture]

[citation][nom]bunga28[/nom]How did you know that he's a pedophile? That is a blatant charge! This is a typical bush-league, crazy, stupid, mob mentality (when are you going to be a leader?). Whatever happens to innocent until proven guilty. Even the police can't prove that. This proves that you are the arm chair, lazy ass. Lord knows, and I hope to God not, you will be innocently charged with something similar and your rights are not protected. How do you feel?I think that he deserves a jail time for braking the UK law that he should cough up his password (though, I personally think it's a stupid law that should be repealed - 2 judges in the US & Canada ruled that kind of laws are unconstitutional in the US & Canada). We & Scotland Yard don't know anything of what is he's storing in his HDD so I think we shouldn't be speculating and honor his human rights.[/citation]

That's what 9/11 was for. To change the "innocent until proven guilty" to "guilty until proven innocent."

 

[NuclearShadow]

Do to the nature of the crimes he is accused of I hope that they
break it and he is convicted.

 

[lashton]

[citation][nom]Thorkle[/nom]Have you ever heard of the patriot Act? I'm an American, and we certainly aren't "free". The patriot act is used mostly for offenses not tied to terrorism. I like living here, but that's about it. America certainly has horrible policies, and that's why we "need" the largest military that has ever existed to protect us.[/citation]
fail there you no longer have the largest military

 

[bv90andy]

[citation][nom]decode[/nom]The child porn isn't proven... yet?The fact of the matter is he could actually be holding even worse, more secret information. goverment secrets... virus coding, botnet controllers etc... so yes, i'd go to jail rather than give up my password. I support this person wholly(except for the child porn)[/citation]
Or he may just have video of himself faping to transsexuals and he does not want others to see it.

 

[jellico]

[citation][nom]mattclary[/nom]It sounds like you are more in line with the "mob" here. "Yay for the hella-cool techno geek!!11! SCREW the cops!"If the authorities have a WARRANT, he should have to divulge the password. If it is some random stop on the highway, yeah, I agree, screw the cops.Here in the states, a judicial decision was made that forcing the surrender of a password was the equivalent of self incrimination because the key is stored in your head. By that same logic, if I have a mechanical safe with a combination lock, the same rule should apply. Perhaps I should ditch my house key and put a combination lock on my house so those jack-booted thugs can't find the dungeon I keep my kidnap victims... I mean "guests"... in.[/citation]
Actually, that would probably be upheld assuming your safe and house are impenetrable by any known means other than the combination. That is exactly the situation with current encryption technology. Assuming you are using a thoroughly scrutinized piece of encryption software (such as True Crypt) and not one from a questionable source, then your encryption is military-grade and is impenetrable by any existing technology. That is why stupid laws like the one in the UK exist. They can't access those files otherwise. Perhaps someday the technology will exist... but it doesn't exist today.

Oh, and anyone who says that there are probably backdoors built into these encryption protocols, or that some agency like the NSA has super-advanced encryption breaking technology that would allow them to easily decrypt something like AES is just demonstrating their ignorance of how symmetric key encryption works.

 

[sykozis]

They really should make lack of proper editing a crime. The topic of the article is bad enough, but the errors in the article make it even worse. Does anyone edit these articles before they're posted???

 

[Guest]

That information will never get cracked.

Some organizations should take example of this kid's security. You could not imagine the holes there are in your everyday use of technology: credit cards, ATM machines, online purchases, etc...

You wants to generate a random 50 character password though? Way too much effort for me.

 

[eddieroolz]

I swear that not giving away passwords, even under threat is a right held by the accused. At least I believe this is so in Canada and perhaps the United States.

Being jailed is absolutely ridiculous.

 

[wortwortwort]

There`s no way they could bruteforce it. With a standard keyboard, that leaves 453,307,265,607,291,900,093,893,524,017,969,378,495,921,663,609,353,280,195,500,520,148,471,896,610,338,590,954,561,957,187,813,376
possible combination.

That`s a lot.

 

[Scott2010au]

What people forget is that any length of password will typically hash or HMAC out to a set length.

Of course, 'a', 'b', 'c', '1', '2', '3', ' ' and the like defeat the purpose of having such strong encryption.

Nowhere in the articles does it state that a 50 character password was used, it is just a famous quote added at the top of it!

 

[tommysch]

He was probably protecting his CP but who cares. I would like to see a gov trying to unlock my TCed ( 3 layers of 256-bit encryption with a 30 char passphrase ) volume.

 

[tommysch]

[citation][nom]waxdart[/nom]Judging by the immensely immature posts on the /us/ board. That sort of password means you are: Guilty, hiding something and a pedo terrorist.I’m sorry your civil liberties and display of common sense means nothing to others.The UK teens crimes committed so far are: withholding passwords and obstruction of justice etc..The guy is not guilty of anything else, until proven otherwise. In X years time when they have the power to brut force open that file, they’ll be back knocking on his door.You may be right about his guilt, but until you can prove it, and convicted in court. He remain innocent.I like all the other posts about the police, using quantum computers and getting the NSA to crack the password. That sounds like a lot of money. They don't have it and I don't want to pay tax for it.[/citation]

You just cant brute force that kind of passwords at least not withing a few million years.

 

[tommysch]

[citation][nom]otacon72[/nom]yeah lets pat him on back. Let the NSA at it...use a super computer or two..be cracked in no time.[/citation]

You obviously dont understand anything about encryption.

[citation][nom]aje21[/nom]And they know his password is 50 characters how?"Hey, tell me your password!""No, it's 50 characters and you'll never guess it!"(Actually it's only 5 characters, but how are you guys going to know?)[/citation]

Giving the number of characters in the password is an extremely bad idea.

 

[lonechicken]

Have they checked Post-it notes on my desk?

 

[palladin9479]

People need to do some basic research on how encryption works. The length of the password has no bearing on the key used for the encryption. Passwords are just hashed to a binary number of a set length, typically 1024 to 2048 bits for high end encryption systems. There is no "master backdoor" for open algorithms like DES, AES and blow-fish. The only thing the length of password determines is how easy it is for someone to casually crack it through repetitive attempts and guessing. It is believed that a 12 to 16 character password consisting of at least 2 upper, 2 lower, 2 special and 2 numbers is sufficiently complex that no one will be able to deduce it or guess it.

Also there is a very large misconception about "military grade" encryption vs commercially available encryption. In the USA high encryption (128 bit or higher) is considered a weapons system and is relegated through arms control laws. Because of this you will rarely see encryption logarithms released to the commercial world. What is produced is usually sold to the DoD and other federal agencies and monitored / controlled by the NSA. All key production for these devices is also regulated and done by the NSA at their central COMSEC facility. The ciphers used by the US Military are classified TS SCI CRYPTO. The only encryption allows for classified DoD / NSA systems are type 1 encryption systems. Its a completely different level of protection then whats available on the commercial market.

In short they won't ever crack his encryption unless he left his PW in plain text somewhere or the key in an unencrypted file. Depending on the software he used it might implement weak controls on the key itself, in which cause they could crack the software to get to the key then use the key to get to the files. This is the biggest reason the US NSA insists on using hardware based encryption where the key is only decrypted inside the crypto processor itself.

 

[yrmoma]

[citation][nom]Thorkle[/nom]Have you ever heard of the patriot Act? I'm an American, and we certainly aren't "free". The patriot act is used mostly for offenses not tied to terrorism. I like living here, but that's about it. America certainly has horrible policies, and that's why we "need" the largest military that has ever existed to protect us.[/citation]

You're kidding, right? We don't, by any stretch of the imagination, have the largest military in existence. And the reason we need a large military isn't because we have horrible policies. That would mean we need a lot of police. Your argument is a total non sequitur. Or, to speak your language "your logic is fail".

Name one line from the patriot act without googling it. I can guarantee that. Please, shut up for your own sake. You know not of which you speak. The purpose of the patriot act is so that the whole Government, from the DoD, to the CIA, to the FBI, to local law enforcement, can all be on the same page intelligence wise. Information can travel between branches of the Government now in ways it couldn't before.

It doesn't violate your Constitutional rights. And if you think it does, go take it to court. You wouldn't be the first person to try and repeal a law, and you won't be the last. I truly and strongly encourage you to take it to court. See what happens.

 

[Guest]

The 5th amendment of the U.S. Constitution does not guarantee the rights of privacy, nor is 'privacy' mentioned anywhere in the Constitution. If authorities at any level produce a search warrant that is signed by a judge, that proposes that the police or FBI have probable cause, and the accused must abide by the warrant. The Patriot Act, on the other hand, gives authorities the ability to collect evidence with illegal search-and-seizure tactics that do not require a warrant. That is the dilemma U.S. citizens now face.