On Thu, 7 Oct 2010, Nicolas Williams wrote:
If decryption results in plaintext much shorter than the ciphertext -much shorter than can be explained by the presence of a MAC- then it'd be fair to assume that you're pulling this "trick".
Not to argue with your overall point re: crypto not protecting citizens from their states, but I disagree with the above in the case of truecrypt, which is what was being discussed.
I have many unencrypted drives (or partitions) that are only partially full. It's quite plausible that an encrypted drive would not be very full. ("I thought I might need more space later." or "well, I had all of this space...")
Moreover, possession of software that can do "double encryption" could be considered probable cause that your files are likely to be encrypted with it.
There's a lot of software I use daily which has features I never touch. I use the alpine MUA, but I never have it fetch mail from a POP server, I don't use message scroing, etc. Maybe the suspect selected truecrypt because it works on all of linux, MacOS and Windows, unlike so many other such tools. And is free, unlike BestCrypt. There are many plausible reasons for selecting that tool that have nothing to do with the double encryption feature.
-- Sam --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com