Our company works with the FBI a lot. We provide the software they
actually use to recover passwords.
The majority of software out there uses access-denial: the encryption /
ofuscation doesn't depend on the password. But to be acceptable in
court, you have to prove that you didn't change a single bit of
evidence. That's why all our software recovers passwords instead of
simply removing the protection.
If the law passes, we'll probably end up providing them with trojan
horses & stuff. Basically, they're going to be glorified keyboard
sniffers, because the courts (no matter what the law says--they get to
interpret the law) aren't going to accept that a message wasn't faked
unless the prosecutor can prove that it is the decryption of a
ciphertext. To do that, all they need is a password that works, so
that's what they'll focus on capturing.
--
Mike Stay
Programmer / Crypto guy
AccessData Corp.
mailto:[EMAIL PROTECTED]