Passwords safe from FEDs?

For discussions about security.
Post Reply
Message
Author
User avatar
8-bit
Posts: 3406
Joined: Wed 04 Apr 2007, 03:37
Location: Oregon

Passwords safe from FEDs?

#1 Post by 8-bit »

According to an article on CNet, the FBI is requesting passwords and encrypting algorithms from internet sites such as google, facebook, Yahoo, etc.

So I guess now, if they got their way and were investigating someone and found nothing of interest, they could possibly plant whatever they wanted by logging on as that user.

Now that is scary!

I would provide a link. But I cannot figure out how to do it.
The article as I said is on CNet News Politics and Law and is called "Feds tell Web firms to turn over user account passwords"

It was also stated in the article that when bcrypt is used to encode a password it makes it a lot harder to crack.

User avatar
L18L
Posts: 3479
Joined: Sat 19 Jun 2010, 18:56
Location: www.eussenheim.de/

Re: Passwords safe from FEDs?

#2 Post by L18L »

8-bit wrote:I would provide a link. But I cannot figure out how to do it.
There are about 159,999 linking to it : https://www.google.com/search?q="Feds+t ... passwords" :wink:

User avatar
Barkin
Posts: 803
Joined: Fri 12 Aug 2011, 04:55

#3 Post by Barkin »

cnet.com wrote:One popular hash function called MD5, for instance, transforms the phrase "National Security Agency" into this string of seemingly random characters: 84bd1c27b26f7be85b2742817bb8d43b. Computer scientists believe that, if a hash function is well-designed, the original phrase cannot be derived from the output.
http://news.cnet.com/8301-13578_3-57595529-38/feds-tell-web-firms-to-turn-over-user-account-passwords/

md5(National Security Agency) is
a4e4c46a411d4f3433a880e4e2d614a5
not
"84bd1c27b26f7be85b2742817bb8d43b"
Attachments
md5decrypter,co,uk .png
Reverse MD5 on a4e4c46a411d4f3433a880e4e2d614a5 via http://www.md5decrypter.co.uk/
(15.54 KiB) Downloaded 467 times

User avatar
Barkin
Posts: 803
Joined: Fri 12 Aug 2011, 04:55

#4 Post by Barkin »

8-bit wrote:It was also stated in the article that when bcrypt is used to encode a password it makes it a lot harder to crack.
In that application bcrypt has to be used iteratively , thousands of repetitions , which slows a brute-force attack, (aka key stretching ).
Last edited by Barkin on Fri 02 Aug 2013, 16:44, edited 2 times in total.

User avatar
Barkin
Posts: 803
Joined: Fri 12 Aug 2011, 04:55

#5 Post by Barkin »

posted in error

User avatar
8-bit
Posts: 3406
Joined: Wed 04 Apr 2007, 03:37
Location: Oregon

#6 Post by 8-bit »

Evidently, the hash decrypting site you referenced does not allow a paste of an md5sum.
Every time I tried, the example screen would display and mess things up.
But it did bring up the thought of just how fast one could decrypt an md5 password hash!
But again, for testing the strength of a user defined password hash, it could prove valuable.

User avatar
Barkin
Posts: 803
Joined: Fri 12 Aug 2011, 04:55

#7 Post by Barkin »

8-bit wrote:Evidently, the hash decrypting site you referenced does not allow a paste of an md5sum.
Every time I tried, the example screen would display and mess things up.
that site does require a CAPTCHA to be completed every time you want to see if a reverse MD5 is possible, (it does allow batches of MD5 to be entered a once ).
8-bit wrote:But it did bring up the thought of just how fast one could decrypt an md5 password hash!
If people have added a long random salt ... md5(password+salt) ... then its very unlikely that a reverse MD5 is possible.

Iteration makes a reverse MD5 even less likely ... http://www.murga-linux.com/puppy/viewtopic.php?p=664755#664755

Bruce B

Re: Passwords safe from FEDs?

#8 Post by Bruce B »

8-bit wrote:So I guess now, if they got their way and were
investigating someone and found nothing of interest, they could possibly
plant whatever they wanted by logging on as that user.

Now that is scary!
Yeah and . . .

Cops have always been able to plant evidence and/or outright lie.

They have also been known to not disclose some evidence which
would cast doubt on one's actual guilt.

On this password topic, how about changing passwords regularly?
Maybe before breakfast, lunch and dinner each day.

~

User avatar
8-bit
Posts: 3406
Joined: Wed 04 Apr 2007, 03:37
Location: Oregon

#9 Post by 8-bit »

I figure that anything I do as to frequently changing passwords will only help a little.
But also in that act of changing passwords frequently, I think one would draw more attention to themselves.

If the Feds want to mess with you, I think they would find a way.

I could give an example of possible problems with my software collection.

I have, on my PC, a great number of game disk images for the outdated Atari 8bit computers.
A lot of it is commercial software that is no longer being made or sold by those companies.
So, does having all those disk images of games make me a pirate that can be jumped on by the Feds with say being charged for each piece of software I have?

Or am I relatively safe from prosecution since the material in question is so old that the only way one could get it would be from another collector that had the original commercial software for sale?

I am using my Atari collection as an example.
It could be expanded to include any software from any company including Microsoft.

And as an example of that, I have two Microsoft CDs that are their install Cds for Microsoft Office 97 (not copies) that I have installed one on my PC.
I bought them for a few pennies out of a Goodwill AS-IS store after having tried a copy of that software that I had bought also from the Goodwill store and really liking it.

Also, I have a slow internet connection that causes Youtube movies to halt or crash and use GTK Youtube Viewer to download them for viewing.
So at any time, I may have a few movie files on my PC that possibly could be held against me.

So what I am getting at is that in my case, having the Feds log on as me for the purpose of planting evidence does not worry me too much other than if they managed to upload a new release movie to my PC for use in a case against me.

musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

#10 Post by musher0 »

Hi, 8-bit.

I believe your Feds or ours (RCMP) would be out for much bigger fish than
you or me. I like to think that they have way more serious crimes to investigate.

Besides, at least here in Canada, the act of buying protects you, even "hot
goods". How the goods got to the shop is of no concern to you. You bought
those old programs in good faith from a non-profit. You didn't steal
them, you didn't pirate them, you bought them. AFAIK, buying any product
from a legitimate shop is legal!

My 2¢.

musher0
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

Post Reply