Security Basics mailing list archives
Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News
From: Aarón Mizrachi <unmanarc () gmail com>
Date: Wed, 25 Mar 2009 02:17:05 -0430
On Martes 24 Marzo 2009 17:15:07 Craig S. Wright escribió:
In response to: " You are taking asumption that this "random data" are evidence." Actually, this is not the case. Random data is not the natural state of data on a hard drive.
Zeroed is.
Next, an overwrite can be determined to a point in time if you continue to use the drive. Entropy calculations on random data can often distinguish random data from encryption as the /dev/urandom process has a lower entropy then is found on good encryption. The standard error from a two sample comparison of the bitwise entropy values will commonly display statistically significant variances when comparing encryption and a pseudo random generator on most PCs as long as there is a sufficient amount of data. In the case of whole disk encryption, there is generally more than sufficient data.
How about random works in freebsd? and what is entropy accumulators? and what is yarrow, and what is the period of yarrow algorithm? I think that you should be talking about old-fashion 2^32 period algorithms (4GB, and really 16Gb taking 32-bit numbers)... or maybe 2^56 And... do you know, that disk will be filled with information randomly that will be deleted inside the crypto, and wont be reflected outside and wont be replaced with urandom again? (Eventually you will have "all disk filled with encryption" with a very low amount of urandom generated bytes) And when you fill the harddrive with your info, the urandom/random sprng generated chunks, each one, will be more cryptographically strongest that a big hard-drive without chunks. The number of chunks depends on your filesystem choice. If you need more strong and avoid entropy acummulation order proof on the hard-drive, you can use a very useful method: Fill all your drive with 1, then fill with 0, then: Separate your disk in blocks, make a bitmap, then feed the yarrow SPRNG with real random data (Proccesses, CPU cycles, CPU temperature, past info, your files, etc..), take a n-bit integer from yarrow sprng to determine what block will be filled, take a block from the sprng and put on the random location, mark this as used on the bitmap, and follow the same steps until the drive are filled. With this method you cannot see the difference of entropy on entire disk, mixed with AES-256 (Or serpent-256) crypto dispersed on that, you will have a nightmare. The chunks/blocks will be sufficiently shortest not to make a high precision entropy calculations. Since opensource bring you a chance, you can reimplement your yarrow sprng to use Serpent-256 (more strong if you need).
This provides sufficient evidence for presentation in a court.
With sufficient error if the PRNG are really a SPRNG (Freebsd implements a strongest version of Yarrow-160, a Yarrow-256) But this is rocket science for mortals, even if you prove this evidence, the "encrypted container" could be an encrypted swap that commonly have a random password initialized on every boot and not known by the user. This will look same as you describe evidence: Chunks of bad-random mixed with encrypted data started from an USB or SD drive. Then, since there are feasible scenarios with this set up, your evidence could be sufficient for the presentation but never determinant.
Next, bios markers and ATA data etc will be available. Overwriting a drive takes time and will miss the HPA on the drive. From this you can demonstrate that a drive was booted, mounted or otherwise used. If the drive was used, you have evidence that it was not simple random data.
Not really, as i mentioned above... I can use my drive in two legitm ways: - Encrypted BIG swap that use random password every boot. - cat /dev/urandom if i need to sell it. And i can use a "live cd" or something like DSL (D. Small Linux), a pendrive booteable linux. Think that i can use DSL (D. Small Linux) from my SD Card, then, if i want, my HD will be used to be a big encrypted swap. Encrypted swap are commonly setted with different random password on every boot. Can you request for random password on swap? Many systems have the option of encrypted swap with random password on every boot, like LUKS. There are legitim that i have an random-password initialized SWAP? or should be removed from LUKS... and from ubuntu, fedora, debian, etc? Even if you prove the boot from external device, you could get this system of DSL or something booting on your SD, and are legitim systems.
If you are talking SD and memory cards, there is always data. You cannot access the entire card when you mount it. There are sections of the chips that are isolated.
Thats a true. but sd card meant to be out of reach.
Stego is distinguishable from random data. Next, few systems use enough randomness to actually make the /dev/urandom process as random as you are asserting. I love it when people who have never studied law start trying to start how it should be...
Yes, im not a lawyer. A lawyer will suggest you say the true. This is a true. Studying many cases, the true are statistically proven to be the best choice. Or not mr Craig? This method should not be used against laws. But there are too many situations _not judges_ on that will be very useful. ;-)
Regards, ... Dr. Craig S Wright GSE-Malware, GSE-Compliance, LLM, & ... Information Defense Pty Ltd
------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News, (continued)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Kurt Buff (Mar 19)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Craig S Wright (Mar 20)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Kurt Buff (Mar 20)
- Message not available
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Kurt Buff (Mar 24)
- RE: Judge orders defendant to decrypt PGP-protected laptop - CNET News Craig S. Wright (Mar 24)
- RE: Judge orders defendant to decrypt PGP-protected laptop - CNET News Craig S. Wright (Mar 24)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Devnull (Mar 24)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Aarón Mizrachi (Mar 24)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Aarón Mizrachi (Mar 24)
- RE: Judge orders defendant to decrypt PGP-protected laptop - CNET News Craig S. Wright (Mar 25)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Aarón Mizrachi (Mar 25)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Ansgar Wiechers (Mar 24)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News William Warren (Mar 24)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Jeffrey Walton (Mar 20)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Dave Koontz (Mar 24)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Deano (Mar 24)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Ansgar Wiechers (Mar 05)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Robert Bauer (Mar 05)