No, you nailed it he must've used weak passwords or had multiple copies of
the same container of different versions.

The container within a container concept is plausible because there are 2
separate keys if I understand the concept correctly.

You want to secure encryption you don't use password/passphrase, you use
randomly generated 1KB key files on a thumbdrive like ironkey. Container on
hdd needs keys from ironkey container to be mounted.

Weak link is the ironkey passphrase but it can properly enforce 10 attempts
= wipes data,  no reset or end run around it. No keyfiles, no accessing the
hdd container data this millennium short of a sideline attack like multiple
copies of the container to compare or fragment of keydata laying around.
 On Nov 30, 2011 12:04 PM, "Thane Sherrington" <
[email protected]> wrote:

> At 03:54 PM 30/11/2011, Winterlight wrote:
>
>> Last weekend I was watching a American Greed on CNBC. It was about a
>> hacker with a CS degree and a IT job, in the bay area who was stealing
>> credit card numbers.  The FBI eventually caught him but what was
>> interesting was when he was interviewed in prison he said the FBI broke in
>> through his front door and arrested him. He thought he had, in his words,
>> three bricks for computers, because they were encrypted. He thought that
>> all the FBI had gotten was three useless bricks. Apparently, the FBI
>> encryption lab was able to decrypt the computers. He never said what kind
>> of encryption, but a hacker with a undergraduate degree in CS would know
>> how to use strong encryption.  I did not think such a thing was possible
>>
>
> He might have used weak passwords.  The good criminals don't actually get
> caught (and these guys do exist), so I'm thinking that since he was caught,
> he probably isn't as clever as he thinks he is.
>
> Or maybe Truecrypt isn't as secure as Gibson likes to say. :)  I seem to
> recall an episode where he claimed you could create an encrypted Truecrypt
> volume, then drop another encrypted volume inside of it that would be
> invisible unless you knew it was there.  Thinking about this, I find that
> hard to believe, so I'll have to look that up again.
>
> T
>
>

Reply via email to