[Cryptography] how to put a password in an evidence bag?
Mattias Aabmets
mattias.aabmets at gmail.com
Sat Apr 4 13:43:42 EDT 2015
2015-04-04 1:40 GMT+03:00 ianG <iang at iang.org>:
> Many here will likely decline to follow the Bridges / Force arrests in
> USA, but in short, the two federal agents who were chasing the "Silk Road"
> website for bad stuff were also raiding the pot.
>
> http://techcrunch.com/2015/04/01/feds-nabbed-for-big-
> bitcoin-heist-involving-gox-and-silk-road/#BhiiWz:b5eO
>
> At one point, they arrested an employee of the website and got the admin
> password from him. They then proceeded to raid the value that was escrowed
> within (customer funds) and sell it through an exchange provider - Mt.Gox.
> Once they had extracted all the cash out via this exchange provider they
> proceeded to shut it down for running an unlicensed money transmitter ...
> you can't make this stuff up.
>
> But the crux of this particular theft was getting the password to the
> accounts on silk road. Now, passwords are "obviously" evidence that has
> been seized. But how do you protect the chain of custody? You can't
> exactly put it in an evidence bag ... or you can but that is not protecting
> it if one of the agents has copied it.
>
> Does anyone know how the cops secure the password? Or have they not yet
> begun to deal at this level.
>
> iang
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
Its possible to literally put passwords in an evidence bag, if they are
stored on a smart card.
This, however, requires a lot higher technical skill from the criminal to
implement, since he would
have to know how to write a JavaCard OS to a chip, how to program the
necessary java app, and
how to create and update the public keys in a secure manner on the card.
Or, the criminal could choose to implement a HSM, which can also be
literally put in an evidence bag.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150404/ca444ca4/attachment.html>
More information about the cryptography
mailing list