Re: Encrypted files and the 5th amendment

["Thor (Hammer of God)" <thor () hammerofgod com>]

Yeah, I'm sure there are ways to draw as little attention as possible, but I also agree with you that in the scope of 
the investigation, it's not going to take a genius to see that there is something wrong about available size...  
However, evidence by exclusion is not admissible.  

But again, the "I forgot" defense is very hard to prove against as well.  What we don't want is a path to where NOT 
providing unencrypted data is a crime in itself, because all that becomes is a method to ensure that you get prosecuted 
for *something* irrespective of what can be proved.  

I have a bad feeling about this stuff.

> -----Original Message-----
> From: Tim [mailto:tim-security () sentinelchicken org]
> Sent: Tuesday, July 12, 2011 3:40 PM
> To: Thor (Hammer of God)
> Cc: full-disclosure () lists grok org uk
> Subject: Re: [Full-disclosure] Encrypted files and the 5th amendment
>
> > Actually, there is no way to tell if the there is another encrypted
> > volume in existence or not.  One might stipulate that there "could" be
> > if the filesize is obvious, but when you get into gig size files that
> > are storing small amounts of data, that argument loses value.
>
> Well, yes, if you are trying to hide small amounts of data, then there are
> many ways to do it with plausible deniability.  I thought you were talking
> about booting entire separate OSes based on boot-time password.  Would
> be hard to hide that amount of data without at least raising suspicion to a
> determined investigator.
>
> Then again, many investigators are not determined.  Keep the partition small,
> put it inside another encrypted partition, maybe they'll miss it.
>
> tim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/