On 10/06/2010 01:57 PM, Ray Dillinger wrote:
a 19-year-old just got a 16-month jail sentence for his refusal to
disclose the password that would have allowed investigators to see
what was on his hard drive.

I am thankful to not be an English "subject".

I suppose that, if the authorities could not read his stuff
without the key, it may mean that the software he was using may
have had no links weaker than the encryption itself

Or that the authorities didn't want to reveal their capability to break it.

Or that they wanted to make an example out of him.


-- and that
is extraordinarily unusual - an encouraging sign of progress in
the field, if of mixed value in the current case.

Really serious data recovery tools can get data that's been
erased and overwritten several times

Really? Who makes these tools? Where do they make that claim?

Wouldn't drive manufacturers have heard about this? What would they do once they realized that drives had this extra data storage capacity sitting unused?

I see this idea repeated enough that people accept it as true, but no one ever has a published account of one existing or having been used.

> (secure deletion being quite unexpectedly difficult)

Sure, but mainly because of stuff that doesn't get overwritten (i.e., drive firmware remaps sectors which then retain mostly valid data) not because atomic microscopy is available.

, so if it's ever been in your filesystem
unencrypted, it's usually available to well-funded investigators
without recourse to the key.  I find it astonishing that they
would actually need his key to get it.

What makes you think these investigators were well-funded?

Or they wouldn't prefer to spend that money on other things?

Or that they necessarily would have asked the jailers to release the teen because they'd been successful in decrypting it. Perhaps their plan was to simply imprison him until he confesses?

Rampant speculation: do you suppose he was using a solid-state
drive instead of a magnetic-media hard disk?

SSDs retain info too. Due to the wear leveling algorithms they're quite systematic about minimizing overwrite.

But I doubt any of that is an issue in this case.

- Marsh

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to