To all fellow INTJ and NT's and anyone else who cares, here's an interesting tidbit:

To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts.

Gen. summary: currently we don't know how the law will hold out on random searches on our laptops and other electronic devices. The specifics are too many to list. What I do know that is usually in airports at the borders etc, we have zilch in terms of general rights against searches and seizures.

Hence, any suggestions? And I did ask a professor, if I use a program that wipes out my comp with the entry of a specific password, they probably could detain me for a more extensive search and seizure, and probably plays into individualized suspicion, which I do not want (not a US citizen, perm res etc, so I have zilch rights after that).

But beyond that, what else can we as normal residents in this country do?

The government crossed the line on this many, many moons ago. Search and seizure without probable cause is, if I understand it correctly, expressly prohibited by the US constitution, is it not? I know similar search protections exist in Canada too.

I guess the only way to ensure that your data stays completely private is to never travel by plane with it. Since that's not realistic or practical for most people, it poses a big problem.

This is unconscionable. Its still unwarranted search and seizure...isn't there something about this in the constitution?

For instance, that woman who hasn't gotten her laptop back... who's to say the officer didn't "confiscate it" so he could sell it?

pavman added to this post, 3 minutes and 8 seconds later...

Old dead guy quote time:

They who would give up an essential liberty for temporary security, deserve neither liberty nor security. - Benjamin Franklin

Old live guy quote time:
We can't be so fixated on our desire to preserve the rights of ordinary Americans. - Bill Clinton, USA Today, March 11, 1993

The government crossed the line on this many, many moons ago. Search and seizure without probable cause is, if I understand it correctly, expressly prohibited by the US constitution, is it not?

The US PATRIOT Act signed into law on October 26, 2001seriously degraded many of the rights we were afforded in the US Constitution such as protection against illegal search and seizure, unlawful detention, the right to Habeas Corpus, etc. To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts.

As I recall the US PATRIOT Act was passed in an emergency session of the US Congress. The problem was that the document is over 300 pages long and congressional staff had no time to review it in its entirety. The sad reality is that most members of either the House or Senate do not actually read proposed legislation themselves prior to voting. Due to the sheer amount of legislation that is proposed every year they have to rely on their staffers to do the analysis. So the members of the House and Senate had to vote on the US PATRIOT Act without a thorough understanding of the legislation. Unfortunately, they were understandably under a lot of pressure to “do something” about terrorism after 9/11.

I am in no way suggesting that nothing should have been done to address the threat of terrorism, I am merely suggesting that the rush to judgment was misguided.

[/QUOTE]I guess the only way to ensure that your data stays completely private is to never travel by plane with it. Since that's not realistic or practical for most people, it poses a big problem.[/QUOTE]

The only thing that you can do to protect yourself when traveling is not store anything that could be construed as dangerous or incriminating is to store it on CD or flash drive and leave it at home. But this will not protect you if your place of residence is searched.

Why dont you just make sure all the files on your terrorist network, your spies and operatives etc are encrypted or even double encrypted. There are so many ways to do this. They cant do a thing.

Thod, you think your files are protected because you put a password on them? Wow, is that ever naive!

There's no technological solution to a technological problem. Encryption exists, ergo decryption exists. As encryption gets more sophisticated, so does decryption. If the government wants to see your files, they will.

Actually,

The latest and greatest approved by the US government is AES. This is virtually uncrackable, unbreakable in its original form. It would take basically the equivalent of 2^126 universe-sized time to break the encryption.

Also known as Rijndael, it was created by two Belgian cryptographers.

...according to the National Institute of Standards and Technology, it would take about 149 trillion years to break an AES key using usual methods)

To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts.

As of 2006, the only successful attacks against AES implementations have been side channel attacks. The National Security Agency (NSA) reviewed all the AES finalists, including Rijndael, and stated that all of them were secure enough for US Government non-classified data. In June 2003, the US Government announced that AES may be used for classified information:

"The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths. The implementation of AES in products intended to protect national security systems and/or information must be reviewed and certified by NSA prior to their acquisition and use."[5]

This marks the first time that the public has had access to a cipher approved by NSA for encryption of TOP SECRET information. Many public products use 128-bit secret keys by default; it is possible that NSA suspects a fundamental weakness in keys thiss short, or they may simply prefer a safety margin for top secret documents (which may require security decade into the future).

The most common way to attack block ciphers is to try various attacks on versions of the cipher with a reduced number of rounds. AES has 10 rounds for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys. By 2006, the best known attacks were on 7 rounds for 128-bit keys, 8 rounds for 192-bit keys, and 9 rounds for 256-bit keys.[6]

...Even if breaking a Rijndael-enciphered text using the XLS method was, say, one billion times faster than a brute force attack, it would still take millions of years to break the cipher. From a practical point of view, there really is no difference between breaking a cipher in a million of years or in a billion of years.

If I find the original article I read on it, I'll post the link. The original article went into the mathematics behind the algorithm, and illustrated how long it would actually take with modern computers...

A bad password/passphrase, however, is priceless.

pavman added to this post, 20 minutes and 3 seconds later...

To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts.

Interesting... it goes into LEAF, a secret NSA key that can decrypt any AES encrypted algorithm...

This gives you more of a clue of how long it would take to brute force:
Brute force search of 2^128 keys at 1 Trillion keys/second would take 10^19 years (10^9 * age of universe) ... 256 bit geometrically increases the time it would take. Not a math guy...so bear with my limited mathematical vocabulary.

O.o Ok, so I was a little off ;o), but I remembered it was an astronomically huge amount of time. Even astronomically sounds a bit too small in this case... nearly infinite? hmm.

Thod, you think your files are protected because you put a password on them? Wow, is that ever naive!


Lol. After you have been involved with IT security as long as I have nobody can call me that.

The difference between cracking a password to say gain entry to a system and a document is knowing when you have cracked it. With the system you are let in and know you have the code. With a document there is no such affirmation. You try each combination and then must assess if what you have is sensible english. This is very difficult for a machine to do. When you double encrypt you can have the correct key, bu tall that does is give you another encrypted document. There is no way to tell that is the correct key. The 2nd encryption algorythm is producing a random set of bytes.

Now i recall about 20 years ago random number generators that have long repetition sequences than there are particles in the universe. You are not going to crack them. Nobody can crack any NP complete problem.

Then there is the case of even recognising encryption. There was the ronald reagan speech encrypter. It would encrypt your documents using parts of reagan speechs. The result was sensible english. Anyone reading it would not know it was encryped.

Suppose I tell my agent that I will send him a message by sending him numbers. The numbers will pick out the words in the latest harry potter novel. You can do all the cryptology you wish, you want break it because there is no cipher to crack. Every agent gets a different book and I can talk to them all with total security. You need to know what book I am using for that agent, the key, and you dont.

You assume I am naive because you dont know anything about my history in the IT industry or my knowledge in the this area. I can assure you that I am absolutely confident that the government cannot break encryptionion. Even if they could they would need to spend years of supercomputer time to get nothing in return. Dont believe everything you read about govenments the maths does not care.

Dont believe everything you read about govenments the maths does not care.

What about LEAF?! :)

Good post, Thod. Me Likes.

. . .

Hence, any suggestions? And I did ask a professor, if I use a program that wipes out my comp with the entry of a specific password, they probably could detain me for a more extensive search and seizure, and probably plays into individualized suspicion, which I do not want (not a US citizen, perm res etc, so I have zilch rights after that).

If you want to hide certain files on a laptop in that kind of situation, you could try looking into To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts. (or another encryption program). From TrueCrypt's site:
Provides two levels of plausible deniability, in case an adversary forces you to reveal the password:
1) Hidden volume (steganography).
2) No TrueCrypt volume can be identified (volumes cannot be distinguished from random data).

I'm not sure what I'd do about hiding data on cell phones or other portable devices though. :/