I know this is an old thread but I'm currently listening to the Cold podcast - and I asked someone close to me who has experience in Computer Science about the encrypted devices/files. They said it could be nearly impossible to crack into the devices and files. I have some surface knowledge of this stuff so I'll try to explain for those who want to know why they can't crack the passwords, without too much technical detail.
From what I gathered the company that were trying to crack the password encryption were using databases of previously leaked passwords and also dictionaries as well as another program that is presumably more sophisticated, to try to crack the password/encryption. This may not work, simply because there are programs that exist (although this is speaking with 2019/2020 in mind) that you input your password into, then it will re-assign a new string of characters and numbers to that saved password. E.G. JoshPowell1 becomes s8sytFs66789FDSE or some other gibberish. This type of program is usually used for passwords for websites however. So Josh himself may not have even known what the password ended up as and the program on his locked computer only knows the passwords to certain websites, etc that may be incriminating.
If he didn't go the route of using a password program and just made them up himself, they could also have been gibberish to an outsider and still be a random mixture of letters, numbers and symbols.
Judging by the image in this article, the logins to the devices might not be too hard, but once they try to get in to his accounts on websites or locked folders on his computer, it may become more difficult.
The fact that they may not be actual words, but seemingly gibberish strings of letters and numbers makes it more difficult for password cracking programs to crack, since there are more possible combinations, particularly if he used a longer password. For every character of the password there are 26 letters, 10 numbers and numerous other symbols such as ! and ? that could have been used. If we just add up those 26 numbers and 10 letters minus symbols, that means that for each letter there will be 36 (or more) possibilities, then if we factor in that the maximum length for a password can be anything from 8 to
100+ characters... that's a lot of possibilities. Even if you ran that program on a computer for a long time you might not get it, and even then the program could crash or the hardware overheats and you have to start all over again.
The article that features the image of Josh's login is also troubling, because it lays out that one of Josh's computers (he had many, apparently) would only boot from a USB. Susan stated in her diary and in messages to friends that Josh was a "computer geek" so he might have been more sophisticated than we take him for. This could mean that he could have set up a system that would "self-destruct" (e.g. deletes everything) if tampered with, or I think it's more likely that his computers need to be booted from USB like the one in the article, and who knows if those USBs have been locked away, destroyed or were burnt in the fire.
I don't believe that the company trying to decrypt Josh's computer are trying to swindle anyone, but I do think it might be futile, and from what I gather they aren't actively trying to decrypt them either, from the podcast I think the guy said they do it "after hours" and "pull a few computers out" to do it. They're not working on this every day.
We might get lucky. I hope we do get lucky and that they get into them and they find a location or something to point to where Susan is. My heart hurts for her family.
