Re: [Full-disclosure] Encrypted files and the 5th amendment

["Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>]

Actually, there is no way to tell if the there is another encrypted volume in 
existence or not.  One might stipulate that there "could" be if the filesize is 
obvious, but when you get into gig size files that are storing small amounts of 
data, that argument loses value.

You actually cannot even prove that it is encrypted data at all.  Filename 
~021289a.dat could be encrypted data, but there is no way to tell.   What is 
more important in these cases is that one cannot prove that another volume 
exists.  One can, however, prove that the password was given and the data was 
decrypted.    If I have a 1 meg file that mounts to 200k, I don't have to prove 
anything about that.  I could have gotten the file from you, and you could have 
giving me that password that allowed me access. 

And this is where I think the danger of legal precedence comes in...  If this 
"sticks" and she is compelled to give up her password, the data retrieved means 
nothing, yet you and I have more of our constitutional rights infringed upon.  
To me, it is far more important to establish requirements for probably cause to 
exist on its own before using the presence of encrypted data as a means by 
which one can legally compel an alleged party to provide said evidence.  

@Christian, that is where I think the "solution" lies.  Otherwise, we will find 
ourselves in the same position as the UK- if they can't prove you are guilty 
with the evidence required for prosecution, then they have a back-up law where 
they can still put you in jail with no evidence at all if you don't give over 
your keys.   That is totally fuct IMO.  You can have a blob of binary data on 
your system, and if they claim it is encrypted data, and you don't give them 
the key to decrypt it, you can go to jail even if it is not encrypted freaking 
data.  

t

> -----Original Message-----
> From: Tim [mailto:tim-security@xxxxxxxxxxxxxxxxxxx]
> Sent: Tuesday, July 12, 2011 2:21 PM
> To: Michael Holstein
> Cc: Thor (Hammer of God); full-disclosure@xxxxxxxxxxxxxxxxx
> Subject: Re: [Full-disclosure] Encrypted files and the 5th amendment
> 
> > > Tim, I actually use TruCrypt now to do exactly what you speak of.   I pre-
> allocate a fixed virtual disk, and use one passcode for one section of data 
> and
> a different passcode for a different section of data.   It is impossible to
> determine if the disk is set up in this manner, and impossible to tell which
> section of data is being used.   It is actually quite easy to do.
> > >
> >
> > All fine and dandy until the authorities say "Your honor, the
> > defendant is using nested encryption, we didn't find the
> > $self_incriminating_evidence so he obviously hasn't complied with our
> > request".
> >
> > double-edged sword.
> 
> 
> Yeah, exactly.  Any investigator worth their salt will be able to tell the
> partition that got decrypted is not big enough to account for encrypted disk
> space.  That's where the one-time pad can create true plausible deniability, 
> if
> used correctly.  Any ciphertext of length N can decrypt to any plaintext of
> length N.  Too bad it is too much of a pain to implement in practice.
> 
> Thor: maybe you could make the investigator's job harder through a
> combination of compression and encryption with a similar dual-partition
> scheme as you're using with trucrypt.
> 
> tim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/