| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Jul 2011 20:28:01 -0400 From: "phil" <jabea@...ea.net> To: "'Tim'" <tim-security@...tinelchicken.org> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Encrypted files and the 5th amendment If they can't legislate to get the key, they will restrict the use of crypto api to weaker encryption maybe, just my .2c They will sentence you for not cooperate with'em, and at the same time they will try to crack your file, and if they happen to crack it you will get sentenced for something else. The 'double' sentence will make people think before not giving the key. phil -----Message d'origine----- De : full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] De la part de Tim Envoyé : 12 juillet 2011 19:23 À : Thor (Hammer of God) Cc : full-disclosure@...ts.grok.org.uk Objet : Re: [Full-disclosure] Encrypted files and the 5th amendment > Yeah, I'm sure there are ways to draw as little attention as > possible, but I also agree with you that in the scope of the > investigation, it's not going to take a genius to see that there is > something wrong about available size... However, evidence by > exclusion is not admissible. Interesting. Hadn't thought about that... > But again, the "I forgot" defense is very hard to prove against as > well. What we don't want is a path to where NOT providing unencrypted > data is a crime in itself, because all that becomes is a method to > ensure that you get prosecuted for *something* irrespective of what > can be proved. Yeah, definitely. One can also pretend to cooperate: "Oh, I just had some source code from a previous job stored there. It's been so long, I don't remember the password anymore. You can ask X corp for the code." > I have a bad feeling about this stuff. Same here. There are certainly people doing very evil things trying to hide it with encryption. On the other hand, how many more of those evil people will you catch because you are forcing them to give up keys? How many people will be put at risk of government abuse or other unfortunate data leaks due to being compelled to give up keys? tim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ----- Aucun virus trouve dans ce message. Analyse effectuee par AVG - www.avg.fr Version: 10.0.1390 / Base de donnees virale: 1516/3760 - Date: 12/07/2011 ----- Aucun virus trouvé dans ce message. Analyse effectuée par AVG - www.avg.fr Version: 10.0.1390 / Base de données virale: 1516/3760 - Date: 12/07/2011 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists