plausibly deniable
Faramir
faramir.cl at gmail.com
Fri Jul 23 09:35:09 CEST 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Robert J. Hansen escribió:
...
>> An interrogator as described in this thread is a movie plot threat. In
>> reality, nobody is going to torture you for your key...
>
> The point is not about torture. The point is about interrogation.
>
> Imagine this scenario: you've been sending innocuous encrypted traffic
> to a correspondent. Unknown to you, your correspondent is involved in
> drug trafficking. You're arrested on suspicion of drug trafficking and
> brought to speak with the prosecutor. You happily decrypt your
> innocuous emails. The prosecutor now asks to see the contents of your
> TrueCrypt container. You comply, since there's nothing illegal in there
> -- just your tax records (which the prosecutor already has anyway).
>
> The prosecutor tells you to produce the contents of the hidden
> container. "But I don't have an encrypted container!" Prove it. "I
> can't!" Then I guess we have no choice but to keep our investigation on
That scenario is very scary, indeed... At first I thought the
"innocent unless proven guilty" should protect us, that is, it is not
our "job" to prove we don't have a hidden volume, but it's the
prosecutor job to prove we have it. But it's right, in an attempt to
prove there is a hidden volume, the prosecutor can make our lives miserable.
By the way, do you know if it is possible to have more than one hidden
volume inside a single container? I searched the documentation but
couldn't find anything about that. _If only one_ hidden volume can be
created, then the solution would be to actually create one, and leave it
empty. If the prosecutor ask for it, you can show you don't have any
hidden information there. Of course, doing that, you no longer have
plausibly deniability.
Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBCAAGBQJMSUYtAAoJEMV4f6PvczxAvOsH/jyUUpK6UN/KytOqsAROcyir
8XXTTfRmJS3LQDLqd9X5JyT5F8uYlXlX4LO2JbGKCWhf38bNYjCP3oEEqSJ8XW70
ziL4h9i8Z0H6c1+2lo1zjTV8CneTf3vhtPHmLuql8IRRYgPKaC/vAYz3lM48IRur
OelGrqy+K5/h/vahg1H3I0792iR5T7v5uFpzxpo9xW0FqHVGZ/IDaPgb5WWMcsdh
MAMgik9iT0+Cba6Mbdkk5IaBZtLydjFQnFfjxMMx//9toVq5/JOQ8g8A+nRXuSUj
nrZ3uK2dCcMeJPIDvOofXRon1fmylnic5+WGS3Ni8vHV/K1lNUhp9S4EIiKi5B8=
=H/I4
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list