Friday, July 26, 2013

passwords, Feds want 'em.

Declan McCullagh news.cnet

Feds tell web firms to turn over passwords.

Marks an escalation in Internet surveillance.

To log into accounts and peruse correspondence, even impersonate the user.

Plus encryption.


Said one Internet industry source who spoke on condition of anonymity. 
"We push back."
So there's hope!

Microsoft won't say.

Google declined to disclose

Yahoo would not say

Apple, Facebook AOL, Verizon, AT&T, Tie Warner Cable, and Comcast did not respond.

FBI declined to comment, politely, no doubt. 

Patriot Act used to demand database dumps.

The rest is codes, algorithms, costs, lengths of passwords, more costs, cracking codes, Sen Ron Wyden warns, "government authority limitless," law, legal issues, specific cases. 



11 comments:

ndspinelli said...

Well, My passwords are all profane.

AllenS said...

My password is kinda long, but if it helps with national security, what the hell. It's fuckyoumotherfucker

Chennaul said...

If the Feds knew my passwords then at least someone would remember them.


--Igoy the Cub

rhhardin said...

If they got encrypted passwords it's not as helpful as you might think.

The attack is encrypt a dictionary and look for matching encrypted passwords.

But you don't get to choose the user you crack.

Most systems store encrypted passwords, not passwords that you type in.

They encrypt what you type in and see if it matches, is all.

rhhardin said...

The trouble with the government knowing passwords, or installing break-in kits on your machine, is that then they can plant evidence.

Say on opponents.

rhhardin said...

The counter is not allowing any electronic evidence in court.

rhhardin said...

Or any evidence of delivery of online orders.

It gets pretty deep.

rhhardin said...

It pretty much disables the legal system.

Michael Haz said...

I fear we are losing our democracy to the dictatorship of an all- powerful state.

Methadras said...

If my password is in ascii, does that count?

edutcher said...

Good for Wyden, one somewhat honest Demo.

Methadras said...

If my password is in ascii, does that count?

Convert it to hex.

Octal if you're feeling frisky.