Disk Partition

Jean-David Beyer jdbeyer at exit109.com
Sat Oct 8 20:06:31 CEST 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

zvrba at globalnet.hr wrote:
> On Sat, Oct 08, 2005 at 08:01:15PM +0400, lusfert wrote:
> 
>>zvrba at globalnet.hr wrote:
>>
>>>On Sat, Oct 08, 2005 at 04:30:41PM +0400, lusfert wrote:
>>>
>>>
>>>>I know 2 cross-platform solutions: CrossCrypt
>>>>
>>>
>>>A quote from the CrossCrypt homepage: "Denaiablity: You will not be able
>>>to tell that this file has been encrypted by filedisk as it looks
>>>completely random and can have any extension you wish."
>>>
>>>IMHO, There is a problem in that the data looks TOO MUCH random, i.e. it has
>>>much higher entropy than would result by "normal" computer usage. Such high 
>>>entropy is a strong indication that the data is encrypted.
>>
>>Then you should use stenographic programs together with cryptographic. ;)
>>
> 
> The point is that the statement about deniability is misleading (or maybe I
> I should say, close to false). In some scenarios (when it comes to e.g.
> court cases, or even blackmails or life threats), the person using this
> product in good faith (believing that the encryption really _is_ deniable)
> would be in a very bad position.
> 
> Explaining a large quantity of high-entropy data in a plausible manner is
> extremely hard. The presence of such data gives a strong indication of
> encryption. If you argue that you used some "secure delete program",
> then you're _again_ in a bad position because it implies that you have
> to hide something and again raise suspicion.
> 
> So, instead of teaching me what kind of software should I use, can you
> please give an example of plausible explanation for large amount of
> high-entropy data on the disk? And have in mind a very determined,
> knowledgeable and resourceful adversary while constructing the explanation.
> 
> Yeah, I see the smiley, but these things should be taken very seriously
> and not to be joked with. There are cases where people put their freedom
> (maybe even life!) in the hands (bits?) of some cryptographic SW and if
> that SW actually fails to deliver what it promises, then it's very bad
> for the person trusting it.
> 
I think all e-mails should be encrypted. Even recipies for cookies, personal
letters to casual friends, everything. If everyone did that, the presense of
high entropy stuff on a computer would not be the attention-getting
phenomenon it now is.

But most people are ineffectively paranoid. They worry about eavesdropping,
snooping, interception of their e-mail, but they absolutely refuse to do
anything about it. I know no one personally that uses encrypted e-mail.

Surely, no one with that attitude would encrypt the stuff on their computer
hard drives, backup tapes, etc. It is like the weather. Many people talk
about it, but no one does anything about it.

- --
  .~.  Jean-David Beyer          Registered Linux User 85642.
  /V\  PGP-Key: 9A2FC99A         Registered Machine   241939.
 /( )\ Shrewsbury, New Jersey    http://counter.li.org
 ^^-^^ 14:00:00 up 8 days, 7:02, 4 users, load average: 4.34, 4.70, 4.51
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDSAqmPtu2XpovyZoRAnY0AJ45Z2MXEIwcfHqZ3xuoMeD/s6He/gCcCn9O
+TqA3KCPSt2y41+e0ElOJa0=
=tR8r
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list