| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AANLkTim0zeaE8xQXrTeUii007Z2tomcNhdSeaQUfv9Ws@mail.gmail.com> Date: Fri, 18 Feb 2011 13:57:37 -0500 From: Charles Morris <cmorris@...odu.edu> To: "Cal Leeming [Simplicity Media Ltd]" <cal.leeming@...plicitymedialtd.co.uk> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Fwd: HBGary Mirrors? > Sorry, when I say eligible, I mean "which server would they be allowed to > take down by law?". > I'm not too hot on the laws of encryption, but I'm sure there is something > which states that hosting encrypted files are not illegal, it's distributing > the key which allows you to gain access to those fails, which is actually > illegal. > *DISCLAIMER: I don't know if the above is true or not, so apologies if I got > this wrong* > Attempt A: Cal, I'm not sure on this point off-the-cuff, however encrypted files should* be indistinguishable from random data, so assuming that even if a given LEE has obtained the key and knows that your distributed data is "illegal", you could be held blameless as you have no feasible way to know what the data was. Attempt 2: You could also consider a key and an algorithm a "transform" for a set of random bits, such that once the transform is applied to those bits it would result in something "bad", so you aren't actually distributing "encrypted" "files" at all.. just random bits :D *DISCLAIMER: The above will PROBABLY NOT hold in court, so apologies if you get jailed for life _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists