Hacker News new | past | comments | ask | show | jobs | submit login

Here's how it works: When the gov wants to crack a password, they gather all of your digital life (phone, computers, thumb drives, etc.) and basically run "strings" on all of the hard drives / data they have of you.

They then use that strings output as input into the password cracking rig. They are happy to let it churn for months / years (because the case is working through the system).

So its far more likely this individual hibernated his PC with the password in memory or reused the password elsewhere than it was cracked.




> They are happy to let it churn for months / years (because the case is working through the system).

Is that the case? I would be surprised. I would assume success ratio does not change much by checking say 10^4 more combinations (it's either a simple combination of these strings and common prefxies/suffixes or if it's complex then the amount of combinations grows so fast that you are unlikely to get a hit)


No. Resources are always limited. Forensic investigators will not be running things on server farms for years. People who think such things really do not understand how many cases are "in the system" at any one time. Even for something relatively serious like CP, drug smuggling or lower-end terrorism, there are literally thousands of cases in-the-system. The server farms infrastructure (ie hiring cloud capacity) would be reserved for national security, foreign intelligence and stopping Magneto. The contents of your laptop are not worthy of such treatment.


Not sure how it's done in the US but an effort to crack it like this would happen only on very high profile cases in France which is not the case of this one.

I'm betting on the second option, he reused the same password somewhere else or they just got lucky and seized the computer already unlocked


[flagged]


...on LUKS? Are you sure Apple and Google had this guy's local encryption password on hand? Unless of course he reused his password (highly likely), which is the actual flaw in his security


>Prove me wrong. Show me in their source code of the OS you're running that they don't do this.

https://github.com/torvalds/linux

https://gitlab.gnome.org/World/Phosh/phosh/


These days, most consumer and commercial machines are running multiple operating systems under Linux below ring 0. Same goes for hardware components with full access to memory and CPU time running their own OSes. Linux is mostly to completely unaware of their existence and can't do much if anything about them.


Ahh yes the classic "prove a negative".


Do you have any legal cases where this occurred?

While it is technologically possible, I have never heard of a case of this actually happening.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: