No, you nailed it he must've used weak passwords or had multiple copies of the same container of different versions.
The container within a container concept is plausible because there are 2 separate keys if I understand the concept correctly. You want to secure encryption you don't use password/passphrase, you use randomly generated 1KB key files on a thumbdrive like ironkey. Container on hdd needs keys from ironkey container to be mounted. Weak link is the ironkey passphrase but it can properly enforce 10 attempts = wipes data, no reset or end run around it. No keyfiles, no accessing the hdd container data this millennium short of a sideline attack like multiple copies of the container to compare or fragment of keydata laying around. On Nov 30, 2011 12:04 PM, "Thane Sherrington" < [email protected]> wrote: > At 03:54 PM 30/11/2011, Winterlight wrote: > >> Last weekend I was watching a American Greed on CNBC. It was about a >> hacker with a CS degree and a IT job, in the bay area who was stealing >> credit card numbers. The FBI eventually caught him but what was >> interesting was when he was interviewed in prison he said the FBI broke in >> through his front door and arrested him. He thought he had, in his words, >> three bricks for computers, because they were encrypted. He thought that >> all the FBI had gotten was three useless bricks. Apparently, the FBI >> encryption lab was able to decrypt the computers. He never said what kind >> of encryption, but a hacker with a undergraduate degree in CS would know >> how to use strong encryption. I did not think such a thing was possible >> > > He might have used weak passwords. The good criminals don't actually get > caught (and these guys do exist), so I'm thinking that since he was caught, > he probably isn't as clever as he thinks he is. > > Or maybe Truecrypt isn't as secure as Gibson likes to say. :) I seem to > recall an episode where he claimed you could create an encrypted Truecrypt > volume, then drop another encrypted volume inside of it that would be > invisible unless you knew it was there. Thinking about this, I find that > hard to believe, so I'll have to look that up again. > > T > >
