On Wed, Aug 03, 2011 at 01:09:26PM +0100, Laurence Darby wrote: > Iggy wrote: > > > > > > > On 07/14/2011 05:44 PM, Arno Wagner wrote: > > > Well, I think these are borderline scenarios. Also remember than > > > unless you are in certain states like the UK or the US, the police > > > cannot force you to give them your passphrase. But in certain > > > situations, these might be valid approaches. I see your point. > > These may be a marginal percentage of total use-cases, but they may > > also be some of the strongest cases for using strong encryption. > > Unfortunately in these severe cases you may protect your data, but the > > fact that you are not able to reveal the data may not protect you from > > the rubber hose or worse. > > > > That's what I've been wondering about. In the UK with the > RIPA act, if the key is destroyed, my guess is they will still > send you to prison out of spite and as an example to others to > not do that. Or they can just claim that the "destruction" was a misdirection and that you surely still have the key. Simple scenario: You have a LUKS header that you do not use and really do plain dm-crypt with an offset inside. No way for you to prove you do not. Well, maybe if the unused sectors contain unencrypted zeros. The whole situation with authorities being able to force you to give up keys is really quite amoral, as you never can conclusively prove you do not have any. It negates "in dubio pro reo" which is a fundamental guiding principle of all modern criminal law. > Some other things I've been thinking about - I don't think > TrueCrypt's plausible deniability is worth anything, it > depends on your ability to lie to people whose job it is to > tell when people are lying, and if they don't believe you then > it was pointless. So it may be useful to be able to prove > everything has been decrypted, eg. by comparing disk sizes of > decrypted vs encrypted data. I completely agree on both points. Actually this is one reason why I recommend either not using TrueCrypt or having a hidden container you can turn over. TrueCrypt without hidden container is a serious risk, expecially as the hidden container is easily found in the documentation, even if you do not understand crypto. > A really bad scenario is there _isn't_ any encrypted data, > it's just a random data, and they believe it's encrypted, then > you are up shit creek in a barbed wire canoe and will go to > prison for nothing. That could even be used as an attack - > random data and relevant decryption software could be planted > on someone, that could ruin their day, you don't even have to > obtain real illegal information to plant on them (until they > make encryption software illegal, that is) As far as I know, TrueCrypt does cryto-overwite blank space, removing all possibility of you proving you have given them everything. I should probably add a warning in the FAQ that blanking an encrypted device could expose you to the rubber hose. Or maybe a complete section about countries that can force you to give up keys.... :-/ Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
