lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <58DB1B68E62B9F448DF1A276B0886DF18FCBE5E7@EX2010.hammerofgod.com>
Date: Tue, 12 Jul 2011 22:05:05 +0000
From: "Thor (Hammer of God)" <thor@...merofgod.com>
To: Tim <tim-security@...tinelchicken.org>, Michael Holstein
	<michael.holstein@...ohio.edu>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Encrypted files and the 5th amendment

Actually, there is no way to tell if the there is another encrypted volume in existence or not.  One might stipulate that there "could" be if the filesize is obvious, but when you get into gig size files that are storing small amounts of data, that argument loses value.

You actually cannot even prove that it is encrypted data at all.  Filename ~021289a.dat could be encrypted data, but there is no way to tell.   What is more important in these cases is that one cannot prove that another volume exists.  One can, however, prove that the password was given and the data was decrypted.    If I have a 1 meg file that mounts to 200k, I don't have to prove anything about that.  I could have gotten the file from you, and you could have giving me that password that allowed me access. 

And this is where I think the danger of legal precedence comes in...  If this "sticks" and she is compelled to give up her password, the data retrieved means nothing, yet you and I have more of our constitutional rights infringed upon.  To me, it is far more important to establish requirements for probably cause to exist on its own before using the presence of encrypted data as a means by which one can legally compel an alleged party to provide said evidence.  

@Christian, that is where I think the "solution" lies.  Otherwise, we will find ourselves in the same position as the UK- if they can't prove you are guilty with the evidence required for prosecution, then they have a back-up law where they can still put you in jail with no evidence at all if you don't give over your keys.   That is totally fuct IMO.  You can have a blob of binary data on your system, and if they claim it is encrypted data, and you don't give them the key to decrypt it, you can go to jail even if it is not encrypted freaking data.  

t

> -----Original Message-----
> From: Tim [mailto:tim-security@...tinelchicken.org]
> Sent: Tuesday, July 12, 2011 2:21 PM
> To: Michael Holstein
> Cc: Thor (Hammer of God); full-disclosure@...ts.grok.org.uk
> Subject: Re: [Full-disclosure] Encrypted files and the 5th amendment
> 
> > > Tim, I actually use TruCrypt now to do exactly what you speak of.   I pre-
> allocate a fixed virtual disk, and use one passcode for one section of data and
> a different passcode for a different section of data.   It is impossible to
> determine if the disk is set up in this manner, and impossible to tell which
> section of data is being used.   It is actually quite easy to do.
> > >
> >
> > All fine and dandy until the authorities say "Your honor, the
> > defendant is using nested encryption, we didn't find the
> > $self_incriminating_evidence so he obviously hasn't complied with our
> > request".
> >
> > double-edged sword.
> 
> 
> Yeah, exactly.  Any investigator worth their salt will be able to tell the
> partition that got decrypted is not big enough to account for encrypted disk
> space.  That's where the one-time pad can create true plausible deniability, if
> used correctly.  Any ciphertext of length N can decrypt to any plaintext of
> length N.  Too bad it is too much of a pain to implement in practice.
> 
> Thor: maybe you could make the investigator's job harder through a
> combination of compression and encryption with a similar dual-partition
> scheme as you're using with trucrypt.
> 
> tim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ