Complex passwords saved the criminal from prison: the police conducted 175 million unsuccessful attempts to match

Brother

Professional
Messages
2,590
Reaction score
518
Points
83
A clear example of how cybersecurity can preserve freedom.

The Supreme Court of Ontario, Canada considered an application by the Ottawa police to extend the storage period of three mobile phones of the suspect for 2 years. The phones were seized in October 2022 under a warrant based on information about a Google user who uploaded images of child pornography. The problem was that the devices are protected by complex alphanumeric passwords.

According to court documents, investigators tried to hack the phone, using about 175 million passwords. However, the judge found that there are more than 44 nonillions (10 to the power of 30) of potential combinations of alphanumeric passwords for each phone. From the court's point of view, the police were trying to find a needle in a huge haystack.

As a result, the judge rejected the request to seize the phones and ordered them to be returned or destroyed. The judge added that the investigation can continue without a phone, since the Ottawa police have already officially requested additional data about the suspect from Google. The judge said that the chances of finding the password to the phone over the next two years are almost zero.

Complex alphanumeric passwords can only be obtained through brute force. This is exactly the method that forensic experts tried to use. The method involves using specialized software and a password dictionary that combines words with numbers, as well as using "leet speak" — a modified spelling system in which letters are replaced with corresponding numbers or special characters. This system is popular among gamers and hackers, and changes "alert" to "@lert" and "fear" to "f34r". More advanced leet Speak replaces all letters of a word with numbers or symbols.

The court learned that it takes about 8 days to test 30 million passwords from an existing dictionary. However, success depends on whether the desired password is included in the dictionary. All attempts by the Ottawa police to hack into the suspect's phones were unsuccessful, and the judge considered this sufficient reason for his decision. The judge also noted that the court should balance the property rights of a person and the legitimate interests of the state in preserving evidence during the investigation.
 
Top