FBI fails to decrypt suspect’s hard drives – after 12 months of trying

After 12 months of failed attempts to crack the encryption that protects information held on 5 hard drives that belong to a Brazilian banker suspected of money laundering, the FBI has returned the drives to the experts of the Brazilian National Institute of Criminology (INC).

The contents of the drives – protected by a combined use of TrueCrypt (free open-source full-disk encryption software) and an unnamed algorithm though to be base on the 256-bit AES standard – are still a mystery. Both the INC and the FBI tried for months to break the encryption by using various dictionary-based brute-force attacks, since there is no law in Brazil that could be used to compel the suspect banker or the TrueCrypt Foundation to give up the access codes to the discs.

According to The Register, this unusual case illustrates beautifully “how care in choosing secure (hard-to-guess) passwords and applying encryption techniques to avoid leaving file fragments that could aid code breakers are more important in maintaining security than the algorithm a code maker chooses.”

The discs have been returned to the Brazilian federal authorities in April. Maybe the INC will have better luck this time around, since the first commercially available software to break TrueCrypt hard drive encryption without applying a time-consuming brute-force attack has been released at the end of March?