Security Basics mailing list archives
Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News
From: Aarón Mizrachi <unmanarc () gmail com>
Date: Thu, 2 Apr 2009 16:32:15 -0430
On Martes 31 Marzo 2009 21:29:11 aragonx () dcsnow com escribió:
I'm not familiar with PGP...does it provide for Plausible Deniability?It does not.What True Crypt needs is a kill phrase. You give someone that phrase (or type it in yourself) and it just starts a military format or adds another layer of encryption with a randomly generated pass phrase. Or would that not work?
Not at all. In a forensic analisys, the first rule is make a copycat from drive before open it for analisys. (Sometimes two copycats...) Then you will military format a copy, not the original evidence and other's copy's. This could be taken as "Intentional destruction of evidence". Not so useful specially when the judge have another copy of your drive. ---------------------------------- Plausible Deniability is when you found another "innocent" explanation of a thing. Today, in forensic, this is extremly hard, because everything is connected. Ex. Your computer have freebsd with geom encryption... then... how you can say that is not your computer, this is a friend computer and you dont have the password...? The probabilities are against you (This is hypothetic and not a real case): a. Mail servers like mail.yahoo logs your user-agent, and then, the judge found this unique navigator fingerprint of you: Mozilla 4.0 (Firefox ... FreeBSD ... ) Statistic FACT: less than 3% of your friend population uses FreeBSD b. Your fingerprints are in every keyboard key... . Then, by a statistics study (really i dont know if this study is done or not, but is hypothetic), the computer is yours with a probability of 95% (This is hypothetic). Q: The computer uses freebsd (this is a fact), and you are a freebsd user, then, what is the probability that you dont are the owner of the computer? A: probability of there is a friend using the same OS (~0.03) mixed with the probability of this is not your computer with the fingerprint probe... (0.05), _assuming that are independent variables_. Then, you have something like ~0.1% of probability that is not your computer. This is not a good thing for you =P, because the judge have a probability of 99.9% that is your computer. Another mechanisms to lie have issues with logic/probability/statistic study background... specially when you mix the system probability with the enviroment probability... Nobody tells you anything about enviroment probability when you buy a pgp whole drive encryption and you try to use it against law's... --------------------------- What if your OS is WinXP 32-bit with IE8? hypothetic population estimation in percentage: ~21%. Then: ~0.21*0.05 = 0.01 (About ~99% that is your computer)
--- Will Y.
------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute No time or budget for traveling to a training course in this fiscal year? Check out the online information security courses available at InfoSec Institute. More than a boring "talking head", train in our virtual labs for a total hands-on training experience. Get the certs you need: CEH, CPT, CEPT, CISA, CISSP, CISM http://www.infosecinstitute.com/request_online_training.html ------------------------------------------------------------------------
Current thread:
- RE: Judge orders defendant to decrypt PGP-protected laptop - CNET News aragonx (Apr 02)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Shreyas Zare (Apr 03)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Aarón Mizrachi (Apr 03)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News M.P. (Apr 03)
- RE: Judge orders defendant to decrypt PGP-protected laptop - CNET News William Mohney (Apr 03)
- Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News Craig S Wright (Apr 03)