Re: Encrypted files and the 5th amendment

["Thor (Hammer of God)" <thor () hammerofgod com>]

Actually, there is no way to tell if the there is another encrypted volume in existence or not.  One might stipulate 
that there "could" be if the filesize is obvious, but when you get into gig size files that are storing small amounts 
of data, that argument loses value.

You actually cannot even prove that it is encrypted data at all.  Filename ~021289a.dat could be encrypted data, but 
there is no way to tell.   What is more important in these cases is that one cannot prove that another volume exists.  
One can, however, prove that the password was given and the data was decrypted.    If I have a 1 meg file that mounts 
to 200k, I don't have to prove anything about that.  I could have gotten the file from you, and you could have giving 
me that password that allowed me access. 

And this is where I think the danger of legal precedence comes in...  If this "sticks" and she is compelled to give up 
her password, the data retrieved means nothing, yet you and I have more of our constitutional rights infringed upon.  
To me, it is far more important to establish requirements for probably cause to exist on its own before using the 
presence of encrypted data as a means by which one can legally compel an alleged party to provide said evidence.  

@Christian, that is where I think the "solution" lies.  Otherwise, we will find ourselves in the same position as the 
UK- if they can't prove you are guilty with the evidence required for prosecution, then they have a back-up law where 
they can still put you in jail with no evidence at all if you don't give over your keys.   That is totally fuct IMO.  
You can have a blob of binary data on your system, and if they claim it is encrypted data, and you don't give them the 
key to decrypt it, you can go to jail even if it is not encrypted freaking data.  

t

> -----Original Message-----
> From: Tim [mailto:tim-security () sentinelchicken org]
> Sent: Tuesday, July 12, 2011 2:21 PM
> To: Michael Holstein
> Cc: Thor (Hammer of God); full-disclosure () lists grok org uk
> Subject: Re: [Full-disclosure] Encrypted files and the 5th amendment
>
> > > Tim, I actually use TruCrypt now to do exactly what you speak of.   I pre-
> allocate a fixed virtual disk, and use one passcode for one section of data and
> a different passcode for a different section of data.   It is impossible to
> determine if the disk is set up in this manner, and impossible to tell which
> section of data is being used.   It is actually quite easy to do.
> > >
> >
> > All fine and dandy until the authorities say "Your honor, the
> > defendant is using nested encryption, we didn't find the
> > $self_incriminating_evidence so he obviously hasn't complied with our
> > request".
> >
> > double-edged sword.
>
>
> Yeah, exactly.  Any investigator worth their salt will be able to tell the
> partition that got decrypted is not big enough to account for encrypted disk
> space.  That's where the one-time pad can create true plausible deniability, if
> used correctly.  Any ciphertext of length N can decrypt to any plaintext of
> length N.  Too bad it is too much of a pain to implement in practice.
>
> Thor: maybe you could make the investigator's job harder through a
> combination of compression and encryption with a similar dual-partition
> scheme as you're using with trucrypt.
>
> tim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/