Arno Wagner wrote: > On Mon, Sep 14, 2009 at 01:25:48PM +0200, Mario 'BitKoenig' Holbe wrote: >> Arno Wagner <arno@xxxxxxxxxxx> wrote: > [...] >>> If you want more, use TrueCrypt, but I would be very careful >>> with plausible deniablility anyways. Your protection is primarily >>> that they cannot force you to give up your keys. If you live >>> in a country were they can, I propose to very seriously consider >>> leaving that country for good. See also http://xkcd.com/538/ >> That's exactly the reason for plausible deniability. You know they are >> able to force you to give them your key(s), so you prepare some keys to >> give them (along with some data which makes some sense to be encrypted) >> and the system gives you the ability to plausibly deny the existence of >> more keys. Just in the hope they stop cutting your extremities after the >> 6th finger because you convinced them. > > I would say plausible deniability has the potential to make > them continue even after you have given them everything, after > all you could have hidden more with the "plausible deniability > thing". > > On a related note, there has been a lot of evidence that > torture does not work (foremost the French in Aleria, that > failed to find the headquaters of the resistance for years, > despite torturing resistance fighters). For one thing people > are likely to give you false information. This leads me to the > conclusion that most torturers and their bosses are actually > not interested in information, but in the cruelty itself. > > So I would say that plausible deniability is of very low value > in practice and may have potential negative value in some > situations. With plausible deniability they are sure to > torture you untill you are completely broken, while without > it, you can give them everything in a way they can actually > verify. It is possible that you have information that still > merits being protected under these circumstances, but I don't. > Plausible deniability basically assumes the life of the person > having the key is worth less than the information. Many countries can and do torture people, but this is not true for all countries. So I do not think that everything should have to pass the "What if torture" filter in order for it to be considered a valid idea. Plausible deniability has legal ramifications that are beneficial in those more litigious societies, to which many people belong. This shifts the burden of proof to the opposing attorney/agency to prove that random data represents information that you are obscuring. Something that should be cryptologically difficult as long as the algorithm you used is sound. -MJ _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
