Secret Service Using Distributed Computing to Break Encryption

The Washington Post has an interesting story about how the Secret Service is using 4,000 of their computers in a Distributed network attack. The attack is to break passwords on encryption keys. We all know that getting software to encrypt our computers is simple and the software is powerful. Breaking into the encryption itself is not simple but the Secret Service has found that the real Achilles Heel of a suspect’s encrypted computer is their passwords. The Secret Service has found that by using all the emails and plain text documents they find on the suspect’s computers, they can create a brute force word list that will normally find the password for the encryption in no time at all. Lesson learned? Create strong passwords unrelated to anything on your computer. Here is more from the article…

Hansen said AccessData has learned through feedback with its customers in law enforcement that between 40 and 50 percent of the time investigators can crack an encryption key by creating word lists from content at sites listed in the suspect’s Internet browser log or Web site bookmarks. “Most of the time this happens the password is some quirky word related to the suspect’s area of interests or hobbies,” Hansen said.

Hansen recalled one case several years ago in which police in the United Kingdom used AccessData’s technology to crack the encryption key of a suspect who frequently worked with horses. Using custom lists of words associated with all things equine, investigators quickly zeroed in on his password, which Hansen says was some obscure word used to describe one component of a stirrup.