On Oct 7, 2010, at 1:10 PM, Bernie Cosell wrote:
a 19-year-old just got a 16-month jail sentence for his refusal to
disclose the password that would have allowed investigators to see
what was on his hard drive.
What about http://www.truecrypt.org/docs/?s=plausible-deniability
Could this be used?
Sure. And the technology used would have no effect on the standard
... used in court:
I think you're not getting the trick here: with truecrypt's plausible
deniability hack you *CAN* give them the password and they *CAN*
the file [or filesystem]. BUT: it is a double encryption setup. If
use one password only some of it gets decrypted, if you use the other
password all of it is decrypted. There's no way to tell if you used
first password that you didn't decrypt everything. So in theory you
could hide the nasty stuff behind the second passsword, a ton of
stuff behind the first password and just give them the first password
when asked. In practice, I dunno if it really works or will really
you slide by.
You're thinking too much about the technology.
The court demands a company turn over its books. The company denies it
keeps any books. Sure - massive fines, possible jail sentences for the
Alternatively, the company turns over fake books. There is evidence
books are fake - they show the company only did 2000 transactions last
but somehow the company paid a staff of 200 to take phone calls last
Or the books don't show any payments for things that we see sitting in
warehouse. Or maybe there are just purely statistical anomalies: The
variation in income from week to week is way out of the range shown by
other businesses. Or there's just someone who swears that these are not
the books he's seen in the past. Same outcome for the company.
Maybe the high-tech cheats let you get away with stuff; maybe they
Then again, maybe the fake paper books let you get away with stuff, and
maybe they don't. Technology lets you play some games more easily,
but it's not magic pixie dust that immunizes you from reality.
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com