On Mon, 14 Sep 2009 22:56:44 +0200, Arno Wagner wrote: >So I would say that plausible deniability is of very low value >in practice and may have potential negative value in some >situations. To say it's of low value in practice is a pretty sweeping statement - whether it's of low value in practice is largely dependant on the scenario. Like any security tool, it is just a tool; in some cases it may a great asset, in some a liability. A locked door can keep a murderer out until the police arrive, but it can also prevent someone from exiting a burning building. >With plausible deniability they are sure to >torture you untill you are completely broken, while without >it, you can give them everything in a way they can actually >verify. OTOH, the knowledge that "the beatings" (or in our more enlighted times, the waterboarding or another form of torture) will continue - regardless of whether or not you give an attacker anything, may well work *against* any form of torture. There's no incentive to hand over your keys, since it won't achieve (or stop) anything. >It is possible that you have information that still >merits being protected under these circumstances, but I don't. >Plausible deniability basically assumes the life of the person >having the key is worth less than the information. Although the information may or may be "worth the life of the persion", I don't agree that any such assumption is made. I'm a little uncertain as to the alternative you're prompting? Even if you stored all your data in plaintext (practically the same scenario presented after handing over an encrypted volume's key) - or even if you have a system which where it is possible to *prove* no further data is hidden away - what's to stop an attacker assuming that you've simply hidden your encrypted data elsewhere (e.g. a USB flash drive), and continues the torture on the basis they "simply haven't found it yet"? -- Sarah Dean FreeOTFE site: http://www.FreeOTFE.org/ Personal site: http://www.SDean12.org/ For information on SecureTrayUtil, Shredders, On-The-Fly Encryption (OTFE) systems, etc, see the URLs above. _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
