lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20110712232230.GN1848@sentinelchicken.org>
Date: Tue, 12 Jul 2011 16:22:30 -0700
From: Tim <tim-security@...tinelchicken.org>
To: "Thor (Hammer of God)" <thor@...merofgod.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Encrypted files and the 5th amendment

> Yeah, I'm sure there are ways to draw as little attention as
> possible, but I also agree with you that in the scope of the
> investigation, it's not going to take a genius to see that there is
> something wrong about available size...  However, evidence by
> exclusion is not admissible.

Interesting.  Hadn't thought about that...

> But again, the "I forgot" defense is very hard to prove against as
> well.  What we don't want is a path to where NOT providing unencrypted
> data is a crime in itself, because all that becomes is a method to
> ensure that you get prosecuted for *something* irrespective of what
> can be proved.

Yeah, definitely.  One can also pretend to cooperate: "Oh, I just had
some source code from a previous job stored there.  It's been so long,
I don't remember the password anymore.  You can ask X corp for the
code."

> I have a bad feeling about this stuff.

Same here.  There are certainly people doing very evil things trying
to hide it with encryption.  On the other hand, how many more of those
evil people will you catch because you are forcing them to give up
keys?  How many people will be put at risk of government abuse or
other unfortunate data leaks due to being compelled to give up keys?

tim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ