Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Feds tell Web firms to turn over user account passwords
Cnet ^ | 25 July, 2013 | Declan McCullagh

Posted on 07/25/2013 3:49:38 PM PDT by Errant

The U.S. government has demanded that major Internet companies divulge users' stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed.

If the government is able to determine a person's password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user. Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused.

"I've certainly seen them ask for passwords," said one Internet industry source who spoke on condition of anonymity. "We push back."

(Excerpt) Read more at news.cnet.com ...


TOPICS: Constitution/Conservatism; Crime/Corruption; Extended News; Government
KEYWORDS: benghazi; computers; cyber; fastandfurious; impeachnow; irs; loadurgunsboys; nsa; passwords; security
Navigation: use the links below to view more comments.
first 1-5051-100101-150151-184 next last
No Comment... I'd be banned for life if I said what I'm thinking about our so-called "representatives" in "FREAKING" Washington DC who are letting this CRAP happen...
1 posted on 07/25/2013 3:49:38 PM PDT by Errant
[ Post Reply | Private Reply | View Replies]

To: Errant

I will say it: folk off


2 posted on 07/25/2013 3:50:40 PM PDT by yldstrk (My heroes have always been cowboys)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Errant

Oh hell NO!!!!!!!!!!!!!!!!!!!!!!


3 posted on 07/25/2013 3:51:13 PM PDT by svcw (Stand or die)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Errant

So they can pull child porn down into anybody’s account and then prosecute them. Proving the government did it, would be next to impossible.

Of course, if they wanted to do that, it would probably be hard to stop them password or not.


4 posted on 07/25/2013 3:52:00 PM PDT by DannyTN
[ Post Reply | Private Reply | To 1 | View Replies]

To: Errant

Any company I do business with turns my pass word over to the FEDS will lose my business.........FOREVER!


5 posted on 07/25/2013 3:52:02 PM PDT by svcw (Stand or die)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Errant

Go to biometrics on the local host. Nothing stored on the remote server.


6 posted on 07/25/2013 3:54:09 PM PDT by Ben Mugged (The number one enemy of liberalism is reality.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Errant
But a [Google] spokesperson said the company has "never" turned over a user's encrypted password.

So they decrypt it first?

7 posted on 07/25/2013 3:56:16 PM PDT by NonValueAdded (Unindicted Co-conspirators: The Mainstream Media)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Errant

Idiots,

Passwords are not stored in a modern system. A one way cryptographic hash is stored instead. In reality, passwords are not checked directly. They are run through a complex hashing program that CAN NOT BE REVERSED and the output of the hash is stored.

To verify a password, the submitted password is put through the same hash and the output is compared to the stored hash. If they match then the proper password has been submitted.


8 posted on 07/25/2013 3:56:36 PM PDT by taxcontrol
[ Post Reply | Private Reply | To 1 | View Replies]

To: butterdezillion

Ping.


9 posted on 07/25/2013 3:57:54 PM PDT by SatinDoll (NATURAL BORN CITIZEN: BORN IN THE USA OFCITIZEN PARENTS)
[ Post Reply | Private Reply | To 1 | View Replies]

To: DannyTN

ya , people going to be setup big time


10 posted on 07/25/2013 3:58:25 PM PDT by molson209
[ Post Reply | Private Reply | To 4 | View Replies]

To: NonValueAdded

The passwords are not encrypted, they are hashed. The difference being that an encrypted password can be “reversed” using a key. A hash CAN NOT BE reversed.


11 posted on 07/25/2013 3:58:31 PM PDT by taxcontrol
[ Post Reply | Private Reply | To 7 | View Replies]

To: Errant

This proves the Feds are even stupider than I thought. Any good system does not store passwords, it stores a hash of the password. You can give the hashed value to anyone and it does not give them access. When you enter your password, that value is encrypted and then compared to the hash value.


12 posted on 07/25/2013 3:59:00 PM PDT by Flick Lives (We're going to be just like the old Soviet Union, but with free cell phones!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Errant

Hmmmm, with your password, a government agent could use your account to establish a search history of any sort they may so desire.

In court they could make you look like any sort of monster that fits a narrative.


13 posted on 07/25/2013 3:59:34 PM PDT by null and void (You don't know what "cutting edge" means till you insult Mohammed.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: svcw

This is all creating a HUGE opportunity for some smart geek to start a Spy Free version of Facebook, Gmail..etc

The old established outfits are forever tainted in the public’s mind now.

To keep feds at bay locate offshore and store no data that is unencrypted and make certain only the user has the keys.


14 posted on 07/25/2013 4:01:05 PM PDT by Bobalu (It is not obama we are fighting, it is the media.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: taxcontrol

If any company is storing passwords in the open or even in encrypted form, they are going to get sued for doing this. We store customer passwords as one-way hashes exactly so these types of requests can never be complied with.


15 posted on 07/25/2013 4:02:05 PM PDT by vbmoneyspender
[ Post Reply | Private Reply | To 8 | View Replies]

To: Errant

If the evil thug in our White House and his supporters want to do this lawfully, they need individual warrants, based “upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized”.

Instead, the general strategy for these data and just about everything else has been to collect everything on everyone and sort through our lives at leisure. The far left very obviously don’t care about freedom, the law, or the Constitution, so it comes down to just how brutal their forces are willing to get and just how firm decent people are willing to be in resisting tyranny.


16 posted on 07/25/2013 4:02:54 PM PDT by Pollster1 ("Shall not be infringed" is unambiguous.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: taxcontrol
It's INCONCEIVABLE that a hash code could be reversed.


17 posted on 07/25/2013 4:03:09 PM PDT by null and void (You don't know what "cutting edge" means till you insult Mohammed.)
[ Post Reply | Private Reply | To 11 | View Replies]

To: Flick Lives; taxcontrol

There are ways around it. If you have access to the database, you don’t need the frontend.


18 posted on 07/25/2013 4:03:28 PM PDT by Errant
[ Post Reply | Private Reply | To 12 | View Replies]

To: Errant

19 posted on 07/25/2013 4:03:33 PM PDT by TurboZamboni (Marx smelled bad & lived with his parents most his life.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Errant

Considering the feral government’s attitude toward our privacy, I wonder why it’s so concerned about its privacy. Is it trying to hide things?


20 posted on 07/25/2013 4:04:19 PM PDT by Standing Wolf
[ Post Reply | Private Reply | To 1 | View Replies]

To: taxcontrol

The point is Google qualified their statement and with the parsing lessons I received from Bill Clinton via the MSM, I find that suspect.


21 posted on 07/25/2013 4:04:28 PM PDT by NonValueAdded (Unindicted Co-conspirators: The Mainstream Media)
[ Post Reply | Private Reply | To 11 | View Replies]

To: Flick Lives

The Feds are forcing them to create a second working password for the accounts...that way even if the user changes their password the Feds still have a working one.

No trick to have two passwords to open a single account....just a line or two of code.


22 posted on 07/25/2013 4:04:30 PM PDT by Bobalu (It is not obama we are fighting, it is the media.)
[ Post Reply | Private Reply | To 12 | View Replies]


Defeat Tyranny!
Start Here!

Donate here!


23 posted on 07/25/2013 4:05:33 PM PDT by RedMDer (When immigrants cannot or will not assimilate, its really just an invasion. Throw them out!)
[ Post Reply | Private Reply | View Replies]

To: Bobalu
Oh, I wish I could do that.

I should have gone into tech and not psych in college.

psst I think you are correct.

24 posted on 07/25/2013 4:06:21 PM PDT by svcw (Stand or die)
[ Post Reply | Private Reply | To 14 | View Replies]

To: Errant

More and more it looks like time to water the tree of liberty.


25 posted on 07/25/2013 4:06:21 PM PDT by MeganC (A gun is like a parachute. If you need one, and don't have one, you'll never need one again.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: null and void

Yep, in a few hours, they could create enough on you to lock you away for several lifetimes. Perhaps disappear you into indefinite detention until you’re forgotten about.


26 posted on 07/25/2013 4:06:42 PM PDT by Errant
[ Post Reply | Private Reply | To 13 | View Replies]

To: null and void

Anyone that doesn’t know that our government is corrupted beyond repair, doesn’t know much.


27 posted on 07/25/2013 4:08:48 PM PDT by editor-surveyor (Freepers: Not as smart as I'd hoped they'd be)
[ Post Reply | Private Reply | To 13 | View Replies]

To: null and void

It can be cracked - but not reversed. By that I mean that someone can brute force guess at the password and possibly get it right. Given enough resources, it might even be possible to build a database of passwords and their corresponding hashes. I believe IBM holds the patent for that very concept.

It is even possible to intercept the password by a man-in-the-middle attack or by some other social engineering method.

However, there is no mathematical way to take a hash and apply a program to that and end up with the original text. Thus, technically, it can not be reversed.


28 posted on 07/25/2013 4:10:17 PM PDT by taxcontrol
[ Post Reply | Private Reply | To 17 | View Replies]

To: Bobalu

Freebook - For freedom lovin’ folk.


29 posted on 07/25/2013 4:11:13 PM PDT by Army Air Corps (Four Fried Chickens and a Coke)
[ Post Reply | Private Reply | To 14 | View Replies]

To: Errant
Given the revelations about the NSA and the Government's incursions into our privacy on a daily basis - it is rapidly becoming time for all right-thinking American's who are concerned about their privacy, their freedom of expression, freedom of speech, and freedom from unrestrained search and seizure (which is NOT limited to physical property!) to start planning on removing their Facebook, Google, and Webmail based accounts from the internet.

In short: The Federal Government is using your internet access to spy on you, collect information about you and PROFILE you. Develop your exit plan now - that means deleting accounts, deleting Facebook history, etc.. and learning to use the internet ANONYMOUSLY.

TOR. Accessing the Internet using public WiFi Access on an untraceable device. The capabilities are there, google is your friend.

30 posted on 07/25/2013 4:12:00 PM PDT by usconservative (When The Ballot Box No Longer Counts, The Ammunition Box Does. (What's In Your Ammo Box?))
[ Post Reply | Private Reply | To 1 | View Replies]

To: Errant
No Comment... I'd be banned for life if I said what I'm thinking about our so-called "representatives" in "FREAKING" Washington DC who are letting this CRAP happen.

If I said what I was thinking at this very moment (oh hell ... what I'm thinking most of the time!) the least of my worries would be being banned from FR.

31 posted on 07/25/2013 4:12:57 PM PDT by usconservative (When The Ballot Box No Longer Counts, The Ammunition Box Does. (What's In Your Ammo Box?))
[ Post Reply | Private Reply | To 1 | View Replies]

To: taxcontrol
Yeah, and the Japanese didn't think the Purple code could ever be cracked.

How did that work out for them, hmmm?

32 posted on 07/25/2013 4:15:29 PM PDT by null and void (You don't know what "cutting edge" means till you insult Mohammed.)
[ Post Reply | Private Reply | To 28 | View Replies]

To: Army Air Corps

I don’t know how big the net pipes are going into and out of Iceland but that would be an excellent place to host a service.

Russia has big pipes and a trusted name like Kaspersky could open a new service.

At this point I trust Russia before the US with my data...what a twisted world we are living in.


33 posted on 07/25/2013 4:16:15 PM PDT by Bobalu (It is not obama we are fighting, it is the media.)
[ Post Reply | Private Reply | To 29 | View Replies]

To: usconservative

:)


34 posted on 07/25/2013 4:16:16 PM PDT by Errant
[ Post Reply | Private Reply | To 31 | View Replies]

To: taxcontrol

You don’t need the keys to the toy box if you can take the back off with a Phillips head screwdriver.


35 posted on 07/25/2013 4:18:01 PM PDT by Errant
[ Post Reply | Private Reply | To 28 | View Replies]

To: Errant

This is another reason the cloud should not be used for personal storage.

It’s your data. Don’t you want to control it?


36 posted on 07/25/2013 4:20:05 PM PDT by upchuck (To the faceless, jack-booted government bureaucrat who just scanned this post: SCREW YOU!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: usconservative
The capabilities are there, google is your friend.

GOOGLE???

Seriously? You're going to let GOOGLE know you are trying to figure out how to avoid having the government spy on your every move?

What not just publish all your personal information in the NYT classifieds while you are at it‽

37 posted on 07/25/2013 4:21:46 PM PDT by null and void (You don't know what "cutting edge" means till you insult Mohammed.)
[ Post Reply | Private Reply | To 30 | View Replies]

To: null and void

Well, google (or bing) it from some anonymous account of course...


38 posted on 07/25/2013 4:22:26 PM PDT by HiTech RedNeck (Whatever promise that God has made, in Jesus it is yes. See my page.)
[ Post Reply | Private Reply | To 37 | View Replies]

To: Errant
The U.S. government has demanded that major Internet companies...

This brings to mind two questions:

1. What part of "the U.S. Government?"

2. Which, specifically, "major Internet companies?"

Vague reporting like that drives me crazy.

39 posted on 07/25/2013 4:23:03 PM PDT by upchuck (To the faceless, jack-booted government bureaucrat who just scanned this post: SCREW YOU!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bobalu

Think the worst and work backwards. How much do you with financial groups? And if this government want it to pay off the debt it will have access to your account. Black Swan?


40 posted on 07/25/2013 4:23:31 PM PDT by magua
[ Post Reply | Private Reply | To 33 | View Replies]

To: Bobalu

Well, I dunno whether Putin would want to peek... at this point if he did peek it might just be for amusement purposes.


41 posted on 07/25/2013 4:23:36 PM PDT by HiTech RedNeck (Whatever promise that God has made, in Jesus it is yes. See my page.)
[ Post Reply | Private Reply | To 33 | View Replies]

To: upchuck

If I had anything I wanted to protect, I’d never allow that data to ever be processed on any device that accessed the net. And any storage media used, that is no longer needed, physically destroyed.


42 posted on 07/25/2013 4:24:25 PM PDT by Errant
[ Post Reply | Private Reply | To 36 | View Replies]

To: upchuck
Vague reporting like that drives me crazy

Do the names Andrew Breitbart or Michael Hastings ring a bell?

43 posted on 07/25/2013 4:27:47 PM PDT by Errant
[ Post Reply | Private Reply | To 39 | View Replies]

To: Bobalu

It just occurred to me how useful it would be to them to simply change the passwords of people who they wanted to lock out of the internet. Do enough at the same time and a lot of dissent would come to a grinding halt.


44 posted on 07/25/2013 4:48:22 PM PDT by BenLurkin (This is not a statement of fact. It is either opinion or satire; or both.)
[ Post Reply | Private Reply | To 22 | View Replies]

To: null and void
Seriously? You're going to let GOOGLE know you are trying to figure out how to avoid having the government spy on your every move?

Yeah, the irony of that statement huh? Still, a simple Google search for "Tor" or "anonymous internet browsing" leads you to the rest (absent Google.)

45 posted on 07/25/2013 4:52:19 PM PDT by usconservative (When The Ballot Box No Longer Counts, The Ammunition Box Does. (What's In Your Ammo Box?))
[ Post Reply | Private Reply | To 37 | View Replies]

To: usconservative

I’d rather not hang out with the child pornographers at Tor


46 posted on 07/25/2013 4:53:18 PM PDT by GeronL
[ Post Reply | Private Reply | To 45 | View Replies]

To: GeronL
I’d rather not hang out with the child pornographers at Tor.

Seriously?! Damn, now I have to find a different anonymous browsing mechanism .... certainly don't want to be associated with that!!

47 posted on 07/25/2013 4:56:18 PM PDT by usconservative (When The Ballot Box No Longer Counts, The Ammunition Box Does. (What's In Your Ammo Box?))
[ Post Reply | Private Reply | To 46 | View Replies]

To: taxcontrol

Send the Obama morons the cryptographic hash data and let them spend the next several years trying to reverse them. Nitwits.


48 posted on 07/25/2013 5:01:12 PM PDT by COBOL2Java (I'm a Christian, pro-life, pro-gun, Reaganite. The GOP hates me. Why should I vote for them?)
[ Post Reply | Private Reply | To 8 | View Replies]

To: BenLurkin; COUNTrecount; Nowhere Man; FightThePower!; C. Edmund Wright; jacob allen; ...

Nut-job Conspiracy Theory Ping!

To get onto The Nut-job Conspiracy Theory Ping List you must threaten to report me to the Mods if I don’t add you to the list...

49 posted on 07/25/2013 5:02:26 PM PDT by null and void (You don't know what "cutting edge" means till you insult Mohammed.)
[ Post Reply | Private Reply | To 44 | View Replies]

To: null and void

“Hmmmm, with your password, a government agent could use your account to establish a search history of any sort they may so desire.

In court they could make you look like any sort of monster that fits a narrative.”

If this is proven to be true, it sounds to me like “reasonable doubt” should not be very difficult to demonstrate to a jury. As a defense attorney, I would subpoena the government, and, of course, they won’t cooperate.

This should be interesting. What would have been a “tin foil hat” defense isn’t so funny now, is it?


50 posted on 07/25/2013 5:04:09 PM PDT by The Antiyuppie ("When small men cast long shadows, then it is very late in the day.")
[ Post Reply | Private Reply | To 13 | View Replies]


Navigation: use the links below to view more comments.
first 1-5051-100101-150151-184 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson