On Mon, 23 Feb 2009 00:06:02 -0500 Jeff Soules <sou...@gmail.com> wrote:
> Hi Javier, > > Thank you for your reply. Given the hypothetical (but all too > possible) situation you describe, there are different considerations. > > > Now imagine the worst situation, that a friend wants to protect his data > > from his corrupt dictatorial government > > Absolutely a possibility. There are many levels of secrecy -- > filesystem encryption prevents the contents from being known, but does > not hide the fact that there is a secret. The presence of a secret > could be enough right there. The kind of government you describe > doesn't need to find evidence in order to "disappear" a person. This > also makes it all the more possible that, if his house is raided and > encrypted files are found, someone might try to torture the > information out of him. (Even if the partition is named something > harmless-sounding, I can't imagine cops anywhere who wouldn't demand > it be decrypted so they could check it, and refusal would not look > good.) In any case, with EncFS we're talking about a technological > solution in which the encryption key is stored alongside the encrypted > media, so whatever the password concerns are, this is unsuitable for > keeping information truly secret when a hostile person might have > enough physical access to the drive. > > I think it is entirely too likely that a government like this either > would be able to compromise the data (with or without recovering the > passwords), or would be willing to punish him just for having > encrypted data to begin with, if they know he has it. > > > Then my question is: is EncFS good enough to protect his data? > > I think the SD with stored password is a good solution. While he is not > > in the house, he can carry the SD or have it hidden somewhere. While he > > is in the house, and police enter, he might have enough time to probably > > destroy the SD and turn off the computer. > > With the level of danger involved here, I think the security issue is > more that there be some rapid way to destroy any evidence of the > existence of the data (possibly destroying the data itself), rather > than making sure the password stays safe. Destroying the SD card is a > start, but really a person under this kind of government would need to > be able to say "No, there are no secrets," not "Here's a filesystem > that you can't read." > > That was my point in the original email -- while there are some > interesting technical problems here, I think in this case the digital > security is less important than the social/personal security > surrounding it. Or, rather, the digital security will not wind up > being the weakest link in the chain. This is exactly the sort of problem that StegFS was invented to solve. Unfortunately, there has never been a stable release, and development has stagnated. Celejar -- mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org