| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 18 Feb 2011 19:03:58 +0000
From: "Thor (Hammer of God)" <thor@...merofgod.com>
To: decoder <decoder@...-hero.net>, "full-disclosure@...ts.grok.org.uk"
<full-disclosure@...ts.grok.org.uk>
Subject: Re: Fwd: HBGary Mirrors?
It would ultimately come down to "intent." Technically of course, the encrypted file is not the original file. Never will be. Can't be. They keys are not either. Used together they can reproduce the copyright data. So legally, there would certainly be an interesting argument about what is and what isn't legal. But there would be plenty of cause for an injunction which would put the kibosh on distribution until that legal decision was made. It doesn't have to make sense, and it doesn't have to be strictly "legal" but it is up to a judge. Recall that 9th circuit judge Kermit (I believe) ruled against emails on an ISPs server being in scope for wiretap laws since, at the time the ISP was reading them, they were not "in transit." Go figure.
If a judge ruled that you were purposely encrypting data and distributing keys to get around copyright laws, he could easily rule against you anyway.
t
From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of decoder
Sent: Friday, February 18, 2011 10:56 AM
To: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] Fwd: HBGary Mirrors?
I can't answer the question but it would be even more interesting to answer this if you're using a One-Time-Pad (i.e. two files of equal size on two different servers, both XORed give you the data). There exists a mathematical proof that none of the two files leak a single bit of information of the original data :)
Chris
On 02/18/2011 07:50 PM, Cal Leeming [Simplicity Media Ltd] wrote:
Sorry, when I say eligible, I mean "which server would they be allowed to take down by law?".
I'm not too hot on the laws of encryption, but I'm sure there is something which states that hosting encrypted files are not illegal, it's distributing the key which allows you to gain access to those fails, which is actually illegal.
*DISCLAIMER: I don't know if the above is true or not, so apologies if I got this wrong*
On Fri, Feb 18, 2011 at 6:46 PM, ck <c.kernstock@...glemail.com<mailto:c.kernstock@...glemail.com>> wrote:
I go with the server hosting the files since the key should be
significant smaller than the files and therefor much easier to mirror.
On Fri, Feb 18, 2011 at 7:37 PM, Cal Leeming [Simplicity Media Ltd]
<cal.leeming@...plicitymedialtd.co.uk<mailto:cal.leeming@...plicitymedialtd.co.uk>> wrote:
> So here's a thought.
> If illegally distributed files (such as this one) were encrypted and hosted
> on one server, and the key hosted on another, which server would
> be eligible for take down?
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists