The contents of the drives - protected by a combined use of TrueCrypt (free open-source full-disk encryption software) and an unnamed algorithm though to be base on the 256-bit AES standard - are still a mystery. Both the INC and the FBI tried for months to break the encryption by using various dictionary-based brute-force attacks, since there is no law in Brazil that could be used to compel the suspect banker or the TrueCrypt Foundation to give up the access codes to the discs.
According to The Register, this unusual case illustrates beautifully "how care in choosing secure (hard-to-guess) passwords and applying encryption techniques to avoid leaving file fragments that could aid code breakers are more important in maintaining security than the algorithm a code maker chooses."
The discs have been returned to the Brazilian federal authorities in April. Maybe the INC will have better luck this time around, since the first commercially available software to break TrueCrypt hard drive encryption without applying a time-consuming brute-force attack has been released at the end of March?
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.