On Fri, 9 Jun 2006, Phil H wrote:
I'm not sure I follow (in discussions about deniability) why
a user cannot simply say they shredded that partition ....
IANAL nor a crypto-expert, but I don't think "they" will engange some
super-powers to bring evidence, that this 300GB disk is not full with
"random" but with "encrypted data" and therefor it "must be full of
mp3/pr0n/whatever". But as I write this I realize that in some countries
it's might not be even important what you've enrypted but the mere fact
*that* you've encrypted something could bring you in trouble.
In this case, I believe it is even less likely that "they" will handle this case
with the wholeheartedness a sane mind would expect: "Hm, a disk we can't read?
And she has Applied Cryptography on her bookshelf? That disk must be crypted
and we need no crypto-analyst for this one".
However, if "they" are really trying to bring evidenc that this disk is
encrypted and nothing else external(!) points to the fact that it really
has been encrypted (fstab entry with gpg keys, .bash_history, etc), "they"'d
have to apply the ususal and well known attacks to the crypted disk:
- a too short keylength may not suffice for really big volumes[0],
"encrypted portions" of the volume may repeat then.
- a weak cipher, in combination with a weak password (for the key)
- application traces in crypto-containers, iirc PGP-Disk has some
information in the header of its disk-image (but don't quote me on that)
My point is: it is more likey that many other points (evil governments
not doing an analysis at all, traces of crypto-usage, posting on this
mailinglist ;)) could get you (not you personally!) in trouble...
but what do I know....
Christian.
[0] http://www.cryptolabs.org/aes/WeisLucksAESattacksDS1202.html
(in germand, sorry...)
--
BOFH excuse #333:
A plumber is needed, the network drain is clogged
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
