Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

more on Can you be compelled to give a password?

From: David Farber <dave () farber net>
Date: Sun, 30 Jul 2006 09:26:49 -0400


Begin forwarded message:

From: Eric Raible <raible () nextest com>
Date: July 30, 2006 5:35:58 AM EDT
To: dave () farber net
Subject: Re: Can you be compelled to give a password?

Dave -

For IP, if you wish.


From: David Farber <dave () farber net>
Subject: Can you be compelled to give a password? [was: Police Blotter: 
 Laptop border searches OK'd]
Date: Fri, 28 Jul 2006 14:26:59 -0400
Begin forwarded message:
From: "Patrick W. Gilmore" <patrick () ianai net>
Date: July 28, 2006 2:11:45 PM EDT
To: dave () farber net
Cc: "Patrick W. Gilmore" <patrick () ianai net>
Subject: Can you be compelled to give a password? [was: Police Blotter: Laptop border searches OK'd] 
On Jul 28, 2006, at 1:32 PM, David Farber wrote:
I don't believe it is a crime in any US Federal or State law, or in Canadian law, to set passwords and use encryption. In the US, I believe that a warrant would be necessary for law enforcement to ask for your password, but I don't know if you have to comply. IANAL.
That is a good question - Can you be compelled to give up a password? Would you mind posting it to IP, I am interested in the answer. Seems there might be some 'self-incriminatory' arguments here. Perhaps even an "unreasonable search" argument. But IANAL.
Among many other useful features, the open source TrueCrypt (www.truecrypt.org) supports "plausible deniability". Which means that even if forced to reveal a 
password, your actual secret data could remain just that.

From the web page:
Free open-source disk encryption software for Windows XP/2000/2003 and Linux * Creates a virtual encrypted disk within a file and mounts it as a real disk. 
            * Encrypts an entire hard disk partition or a device.
            * Encryption is automatic, real-time (on-the-fly) and transparent.
* Provides two levels of plausible deniability, in case an adversary forces you to reveal the password: 1) Hidden volume (steganography – more information may be found here). 2) No TrueCrypt volume can be identified (volumes cannot be distinguished from random data). * Encryption algorithms: AES-256, Blowfish (448-bit key), CAST5, Serpent, Triple DES, and Twofish. 
              Mode of operation: LRW  (CBC supported as legacy).

I've had only good experiences with the windows version, albeit only
with a virtual encrypted disk, and never with whole-disk encryption.

Although possibly relevant to this thread, I also haven't tried either
of the two add-ons: 1) TCGINA, which "allows the use of TrueCrypt to
on-the-fly encrypt a Windows user profile" or 2) CTEMP, which "automates
the process of using TrueCrypt to on-the-fly encrypt the Windows paging
(swap) file, temporary files, and print spooler files".
Full disclosure: my only connection with TrueCrypt is as a satisfied user. 

- Eric Raible


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: