lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 18 Feb 2011 19:11:44 +0000
From: "Cal Leeming [Simplicity Media Ltd]"
	<cal.leeming@...plicitymedialtd.co.uk>
To: Charles Morris <cmorris@...odu.edu>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Fwd: HBGary Mirrors?

I'm wondering along the same lines as Thor, based on intent. One of those
"don't take the piss or the judge is gonna own you" scenarios that would be
tested in court on a per trial basis. Like, if the files were known to
contain encrypted info, and if it was proved that you knew the contents of
those files, then you would be held liable.

@Charles: luckily for me, this is all academic as I've kept as far away as
possible from this hbgary thing :P

On Fri, Feb 18, 2011 at 6:57 PM, Charles Morris <cmorris@...odu.edu> wrote:

> > Sorry, when I say eligible, I mean "which server would they be allowed to
> > take down by law?".
> > I'm not too hot on the laws of encryption, but I'm sure there is
> something
> > which states that hosting encrypted files are not illegal, it's
> distributing
> > the key which allows you to gain access to those fails, which is actually
> > illegal.
> > *DISCLAIMER: I don't know if the above is true or not, so apologies if I
> got
> > this wrong*
> >
>
> Attempt A:
> Cal, I'm not sure on this point off-the-cuff, however encrypted files
> should* be
> indistinguishable from random data, so assuming that even if a given LEE
> has obtained the key and knows that your distributed data is "illegal", you
> could be held blameless as you have no feasible way to know what the data
> was.
>
> Attempt 2:
> You could also consider a key and an algorithm a "transform" for a set of
> random
> bits, such that once the transform is applied to those bits it would
> result in something
> "bad", so you aren't actually distributing "encrypted" "files" at all..
>
> just random bits :D
>
> *DISCLAIMER: The above will PROBABLY NOT hold in court, so apologies
> if you get jailed for life
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ