On 17.01.2014 15:27, Jonas Meurer wrote: > Am 17.01.2014 14:12, schrieb Arno Wagner: > > On Fri, Jan 17, 2014 at 13:43:42 CET, Jonas Meurer wrote: > >> Am 16.01.2014 21:18, schrieb Matthias Schniedermeyer: > >>> Meanwhile increasing the risk of everybody else, because once that > >>> feature is a documented part of the system everybody will assume that > >>> everybody will use it. Good look defending against a "Destruction of > >>> Evidence" accusation, in case that happens in a situation with a LEO. > >>> [...] > >>> In short: > >>> The documented existence of such a feature is a risk by itself. > >> > >> Same logic applied, even the existence of this discussion is a risk by > >> itself. It proves that people might use a patched cryptsetup with added > >> nuke feature already. > > > > Yes, it is. That is one of the reasons why I strongly recommend > > not taking ecrypted data into danger at all and making sure all > > unused space on storage media is zeroed. > > While in general I agree to your suggestion, Matthias' point rather > seems like a non-argument to me. > > I agree that one should consider possible negative implications of wrong > usage of the feature in question. But I don't agree that the risk > created by "documented existance of such a feature" is an argument > against implementing it. There is a difference, it is relativly easy to prove you don't have anything encrypted(*), but it's hard to prove you didn't use a documented part of the encryption software you are using. So, the mere existance of encryption software doesn't increase the risk of people not using encryption software as there is a "provability" of not using encryption. The same "provability" is NOT given in the case of "nuking" or e.g. the "Hidden Volumes"-Feature of Truecrypt. *: Ignoring Steganography -- Matthias _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
