Re: X.509 certificate overview + status

2009-03-03 Thread Peter Saint-Andre
Travis wrote:

 Recently I set up certificates for my server's SSL, SMTP, IMAP, XMPP,
 and OpenVPN services.  Actually, I created my own CA for some of the
 certificates, and in other cases I used self-signed.

plug

BTW, we give away free certificates for XMPP services here:

http://xmpp.org/ca/

The root CA is StartCom, which is accepted in Mozilla, OS X, and various
other cert stores. I've noticed that these certs are becoming quite
popular on the XMPP network (plus, they result none of those cert
warnings that scare of normal users).

/plug

Peter

-- 
Peter Saint-Andre
https://stpeter.im/



smime.p7s
Description: S/MIME Cryptographic Signature


Re: X.509 certificate overview + status

2009-03-03 Thread Werner Koch
On Mon,  2 Mar 2009 17:35, marcus.brinkm...@ruhr-uni-bochum.de said:

 Ubuntu comes with dumpasn1.  There are also quite a few libraries.

You may also import the certificate into GnuPG (gpgsm --import foo)
and run gpgsm --dump-cert to get a human readable printout.  Example:

$ gpgsm --dump-cert 0x39F4F81B
/home/foo/.gnupg/pubring.kbx
---
   ID: 0x39F4F81B
  S/N: 01D8
   Issuer: CN=12R-CA 1:PN,O=Bundesnetzagentur,C=DE
  Subject: CN=TeleSec PKS SigG CA 17:PN,O=Deutsche Telekom AG,C=DE
 sha1_fpr: 13:0C:16:2D:91:68:7C:E0:AE:95:6F:11:08:34:3A:26:39:F4:F8:1B
  md5_fpr: D7:2B:65:D3:E6:5C:54:DB:B7:4A:47:49:6E:CF:36:F1
   certid: D6C0C14EE753E3D147C0827A4C8D579F130DEFD4.01D8
  keygrip: EC4EC0D13B47680C28869929D76B3357838CEC11
notBefore: 2007-11-08 09:22:57
 notAfter: 2012-01-01 12:00:00
 hashAlgo: 1.2.840.113549.1.1.13 (sha512WithRSAEncryption)
  keyType: 2048 bit RSA
subjKeyId: 57A001BB58498529AEE9DFAD6810FA056F5F3A9B
authKeyId: [none]
 authKeyId.ki: 04DE9D7FDF437289BA694901F4E84928DE02196F
 keyUsage: certSign
  extKeyUsage: [none]
 policies: 1.3.36.8.1.1
  chainLength: 0
crlDP: 
ldap://ldap.nrca-ds.de:389/CN=CRL,O=Bundesnetzagentur,C=DE,dc=ldap,dc=nrca-ds,dc=de?certificateRevocationList;binary?base?objectClass=cRLDistributionPoint
   issuer: none
 authInfo: 1.3.6.1.5.5.7.48.1 (ocsp)
   http://ocsp.nrca-ds.de:8080/ocsp-ocspresponder
 subjInfo: [none]
 extn: 1.3.6.1.5.5.7.1.3 (qcStatements)  [12 octets]
 extn: 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)  [62 octets]
 extn: 1.3.6.1.4.1.8301.3.5 (validityModel)  [14 octets]


CERTID and KEYGRIP are GnuPG specific.



Shalom-Salam,

   Werner



-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread Perry E. Metzger

Quoting:

   A federal judge has ordered a criminal defendant to decrypt his
   hard drive by typing in his PGP passphrase so prosecutors can view
   the unencrypted files, a ruling that raises serious concerns about
   self-incrimination in an electronic age.

http://news.cnet.com/8301-13578_3-10172866-38.html

-- 
Perry E. Metzgerpe...@piermont.com

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread Steven M. Bellovin
On Tue, 03 Mar 2009 12:26:32 -0500
Perry E. Metzger pe...@piermont.com wrote:

 
 Quoting:
 
A federal judge has ordered a criminal defendant to decrypt his
hard drive by typing in his PGP passphrase so prosecutors can view
the unencrypted files, a ruling that raises serious concerns about
self-incrimination in an electronic age.
 
 http://news.cnet.com/8301-13578_3-10172866-38.html
 
I would not read too much into this ruling -- I think that this is a
special situation, and does not address the more important general
issue.  To me, this part is crucial:

Judge Sessions reached his conclusion by citing a Second
Circuit case, U.S. v. Fox, that said the act of producing
documents in response to a subpoena may communicate
incriminating facts in two ways: first, if the government
doesn't know where the incriminating files are, or second, if
turning them over would implicitly authenticate them.

Because the Justice Department believes it can link Boucher
with the files through another method, it's agreed not to
formally use the fact of his typing in the passphrase against
him. (The other method appears to be having the ICE agent
testify that certain images were on the laptop when viewed at
the border.)

Sessions wrote: Boucher's act of producing an unencrypted
version of the Z drive likewise is not necessary to
authenticate it. He has already admitted to possession of the
computer, and provided the government with access to the Z
drive. The government has submitted that it can link Boucher
with the files on his computer without making use of his
production of an unencrypted version of the Z drive, and that
it will not use his act of production as evidence of
authentication. 

In other cases, where alternative evidence is not available to the
government, and where government agents have not already had a look at
the contents, the facts (and hence perhaps the ruling) would be
different.


--Steve Bellovin, http://www.cs.columbia.edu/~smb

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread Adam Fields
On Tue, Mar 03, 2009 at 12:26:32PM -0500, Perry E. Metzger wrote:
 
 Quoting:
 
A federal judge has ordered a criminal defendant to decrypt his
hard drive by typing in his PGP passphrase so prosecutors can view
the unencrypted files, a ruling that raises serious concerns about
self-incrimination in an electronic age.
 
 http://news.cnet.com/8301-13578_3-10172866-38.html

The privacy issues are troubling, of course, but it would seem trivial
to bypass this sort of compulsion by having the disk encryption
software allow multiple passwords, each of which unlocks a different
version of the encrypted partition.

When compelled to give out your password, you give out the one that
unlocks the partition full of kitten and puppy pictures, and who's to
say that's not all there is on the drive?

Is there any disk encryption software for which this is common
practice?

-- 
- Adam

** Expert Technical Project and Business Management
 System Performance Analysis and Architecture
** [ http://www.adamfields.com ]

[ http://workstuff.tumblr.com ] ... Technology Blog
[ http://www.aquick.org/blog ]  Personal Blog
[ http://www.adamfields.com/resume.html ].. Experience
[ http://www.flickr.com/photos/fields ] ... Photos
[ http://www.twitter.com/fields ].. Twitter
[ http://www.morningside-analytics.com ] .. Latest Venture
[ http://www.confabb.com ]  Founder

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread Perry E. Metzger

Adam Fields cryptography23094...@aquick.org writes:
 The privacy issues are troubling, of course, but it would seem trivial
 to bypass this sort of compulsion by having the disk encryption
 software allow multiple passwords, each of which unlocks a different
 version of the encrypted partition.

This sort of thing has been discussed for a long time, but I doubt
that would work in practice. Law is not like software. Judges operate
on reasonableness, not on literal interpretation. If it was reasonably
obvious that you were using software like that and probably not
cooperating, the judge would just throw you in jail for contempt of
court anyway.

 When compelled to give out your password, you give out the one that
 unlocks the partition full of kitten and puppy pictures, and who's to
 say that's not all there is on the drive?

Well, it should be clear that any such scheme necessarily will produce
encrypted partitions with less storage capacity than one with only one
set of cleartext. You can't magically store 2N bytes in an N byte
drive -- something has to give. It should therefore be reasonably
obvious from partition sizes that there is something hidden.

In any case, unless you're really very energetic about it, it will be
obvious from things like access times and other content clues (gee,
why is there nothing in the browser cache from the current year?)
that what is there is not the real partition you use day to day.

Perry
-- 
Perry E. Metzgerpe...@piermont.com

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread Stephan Somogyi

At 13:08 -0500 03.03.2009, Adam Fields wrote:


When compelled to give out your password


Unless I'm misunderstanding the ruling, Boucher is not being 
compelled to produce his passphrase (like he could under RIPA Section 
49 in the UK), but he is being told to produce the unencrypted 
contents of the drive.


Assuming I'm interpreting the ruling correctly, this seems little 
different than a judge approving a search warrant for a residence, 
whose execution could produce incriminating evidence that is usable 
in court.


There is a chasm of difference between being compelled to produce 
keys, which could be subsequently reused with other encrypted 
material, and being compelled to produce specific unencrypted data, 
which is much more narrowly scoped and therefore less intrusive.


s.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread Adam Fields
On Tue, Mar 03, 2009 at 01:20:22PM -0500, Perry E. Metzger wrote:
 Adam Fields cryptography23094...@aquick.org writes:
  The privacy issues are troubling, of course, but it would seem trivial
  to bypass this sort of compulsion by having the disk encryption
  software allow multiple passwords, each of which unlocks a different
  version of the encrypted partition.
 
 This sort of thing has been discussed for a long time, but I doubt
 that would work in practice. Law is not like software. Judges operate
 on reasonableness, not on literal interpretation. If it was reasonably
 obvious that you were using software like that and probably not
 cooperating, the judge would just throw you in jail for contempt of
 court anyway.

I don't see how it would be reasonably obvious, especially if lots of
disk encryption packages started offering multiple partitions as a
transparent option. All you'd see is a bunch of random bits on the
disk and a password prompt.

They ask you for the password, you put up a fight, and then ultimately
relent and give it to them when they insist.

  When compelled to give out your password, you give out the one that
  unlocks the partition full of kitten and puppy pictures, and who's to
  say that's not all there is on the drive?
 
 Well, it should be clear that any such scheme necessarily will produce
 encrypted partitions with less storage capacity than one with only one
 set of cleartext. You can't magically store 2N bytes in an N byte
 drive -- something has to give. It should therefore be reasonably
 obvious from partition sizes that there is something hidden.

I don't see how you could tell the difference between a virtual 40GB
encrypted padded partition and 2 virtual 20GB ones. Many virtual disk
implementations will pre-allocate the space. Is there some reason why
filling the empty space with random garbage wouldn't mask the fact
that there were actually multiple partitions in there? There's no law
that says your empty disk space has to actually be empty. (Yet.)

 In any case, unless you're really very energetic about it, it will be
 obvious from things like access times and other content clues (gee,
 why is there nothing in the browser cache from the current year?)
 that what is there is not the real partition you use day to day.

I think we're talking about a straight data storage partition here. It
doesn't seem to hard to have something touch random files on a regular
basis. Regardless, that seems like a weak complaint - all you have to
do is log into the other partition once a week and use it to browse
cuteoverload or something. 

But, most importantly, you haven't given a good reason not to offer
this as a standard option. Maybe it wouldn't work, but maybe it
would.

--
- Adam

** Expert Technical Project and Business Management
 System Performance Analysis and Architecture
** [ http://www.adamfields.com ]

[ http://workstuff.tumblr.com ] ... Technology Blog
[ http://www.aquick.org/blog ]  Personal Blog
[ http://www.adamfields.com/resume.html ].. Experience
[ http://www.flickr.com/photos/fields ] ... Photos
[ http://www.twitter.com/fields ].. Twitter
[ http://www.morningside-analytics.com ] .. Latest Venture
[ http://www.confabb.com ]  Founder

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread Perry E. Metzger

Adam Fields cryptography23094...@aquick.org writes:
 Well, it should be clear that any such scheme necessarily will produce
 encrypted partitions with less storage capacity than one with only one
 set of cleartext. You can't magically store 2N bytes in an N byte
 drive -- something has to give. It should therefore be reasonably
 obvious from partition sizes that there is something hidden.

 I don't see how you could tell the difference between a virtual 40GB
 encrypted padded partition and 2 virtual 20GB ones.

The judge doesn't need to know the difference to beyond any
doubt. If the judge thinks you're holding out, you go to jail for
contempt.

Geeks expect, far too frequently, that courts operate like Turing
machines, literally interpreting the laws and accepting the slightest
legal hack unconditionally without human consideration of the impact
of the interpretation. This is not remotely the case.

I'll repeat: the law is not like a computer program. Courts operate on
reasonableness standards and such, not on literal interpretation of
the law. If it is obvious to you and me that a disk has multiple
encrypted views, then you can't expect that a court will not be able
to understand this and take appropriate action, like putting you in a
cage.


Perry
-- 
Perry E. Metzgerpe...@piermont.com

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread Sampo Syreeni

On 2009-03-03, Stephan Somogyi wrote:

There is a chasm of difference between being compelled to produce 
keys, which could be subsequently reused with other encrypted 
material, and being compelled to produce specific unencrypted data, 
which is much more narrowly scoped and therefore less intrusive.


That is also why multi-level security and/or steganography exist. And 
why, eventually, every court order will mandate randomization of all 
data that wasn't decryptable. And why people will design stealthy 
methods of signaling to their disk that such deletion orders are to be 
disrespected. And why such drives will be forthwith banned. Et cetera, 
ad nauseam.


So it goes.
--
Sampo Syreeni, aka decoy - de...@iki.fi, http://decoy.iki.fi/front
+358-50-5756111, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread sbg
With regards to alternative runtime decryptions, recall ...

http://people.csail.mit.edu/rivest/Chaffing.txt

The claim is that the approach is neither encryption nor steganography.

Cheers, Scott

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread Steven M. Bellovin
On Tue, 03 Mar 2009 13:53:50 -0500
Perry E. Metzger pe...@piermont.com wrote:

 
 Adam Fields cryptography23094...@aquick.org writes:
  Well, it should be clear that any such scheme necessarily will
  produce encrypted partitions with less storage capacity than one
  with only one set of cleartext. You can't magically store 2N bytes
  in an N byte drive -- something has to give. It should therefore
  be reasonably obvious from partition sizes that there is something
  hidden.
 
  I don't see how you could tell the difference between a virtual 40GB
  encrypted padded partition and 2 virtual 20GB ones.
 
 The judge doesn't need to know the difference to beyond any
 doubt. If the judge thinks you're holding out, you go to jail for
 contempt.
 
 Geeks expect, far too frequently, that courts operate like Turing
 machines, literally interpreting the laws and accepting the slightest
 legal hack unconditionally without human consideration of the impact
 of the interpretation. This is not remotely the case.
 
 I'll repeat: the law is not like a computer program. Courts operate on
 reasonableness standards and such, not on literal interpretation of
 the law. If it is obvious to you and me that a disk has multiple
 encrypted views, then you can't expect that a court will not be able
 to understand this and take appropriate action, like putting you in a
 cage.
 
Indeed.  Let me point folks at
http://www.freedom-to-tinker.com/blog/paul/being-acquitted-versus-being-searched-yanal
-- which was in fact written by a real lawyer, a former prosecutor who
is now a law professor.

--Steve Bellovin, http://www.cs.columbia.edu/~smb

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: Activation protocol for car-stopping devices

2009-03-03 Thread John Gilmore
 * Is there any standard cryptographic hash function with an output  
 of about 64 bits? It's OK for our scenario if finding a preimage for  
 a particular signature takes 5 days. Not if it takes 5 minutes.

This is a protocol designed for nasty guys who want to steal your car,
which would forcibly stop the car regardless of the wishes of the
driver, remotely from anywhere on the Internet?  And it's mandated by
the government?

These are not tracking devices, as your subject line said; they
actively intervene in driving -- much more dangerous.

As usual, it sounds like a great tool when used responsibly -- against
stolen cars, though it will probably cause collisions, which could
hardly be called accidents since they are easily foreseeable.  And
it's a terrible tool when used any other way (by criminals against cop
cars, for example; or by Bulgarian virus authors against random cars;
or by breaking into the DENATRAN and stealing and posting all the
secrets; or by an invading army).

It reminds me of the RFID passport design process: One entity figures
out what would make ITS life easier (reading your passport while
you're in line at the border), mandates a change, and ignores the
entire effects on the rest of society that result.

Why would you limit anything to 64 bits, or think it's OK that with 5
days of calculation *anyone* could do this to your mother's or
daughter's car?

Shouldn't tracking or disabling the car require the active cooperation
of the car's owner, e.g. by the owner supplying a secret known only to
them, and not recorded in a database anywhere (in the government, at
the dealer, etc)?  That way, if the protocol is actually secure, most
of the evil ways to use it AGAINST the owner would be eliminated.

John

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread James S. Tyre

At 02:45 PM 3/3/2009 -0500, Steven M. Bellovin wrote:

On Tue, 03 Mar 2009 13:53:50 -0500
Perry E. Metzger pe...@piermont.com wrote:

 I'll repeat: the law is not like a computer program. Courts operate on
 reasonableness standards and such, not on literal interpretation of
 the law. If it is obvious to you and me that a disk has multiple
 encrypted views, then you can't expect that a court will not be able
 to understand this and take appropriate action, like putting you in a
 cage.

Indeed.  Let me point folks at
http://www.freedom-to-tinker.com/blog/paul/being-acquitted-versus-being-searched-yanal
-- which was in fact written by a real lawyer, a former prosecutor who
is now a law professor.



Thanks Steve.  As you know, of course, IAARL.  And I know and have 
worked with Paul.  I don't normally do me-too posts, and I don't 
normally post to this list at all; but I do want to me too 
this.  I've been pointing folks to Paul's piece since the day (a 
weeks ago) he first published it, it's well worth reading.


-Jim


James S. Tyre  jst...@jstyre.com
Law Offices of James S. Tyre  310-839-4114/310-839-4602(fax)
10736 Jefferson Blvd., #512   Culver City, CA 90230-4969
Co-founder, The Censorware Project http://censorware.net
Policy Fellow, Electronic Frontier Foundation http://www.eff.org
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread Ivan Krstić

On Mar 3, 2009, at 1:08 PM, Adam Fields wrote:

Is there any disk encryption software for which this is common
practice?


In terms of fairly widely used software, yes, TrueCrypt offers hidden  
volumes:


http://www.truecrypt.org/docs/?s=hidden-volume

I asked the same original question on this list in 2004, and some  
other software is mentioned in the replies:


http://www.mail-archive.com/cryptography@metzdowd.com/msg02169.html 



--
Ivan Krstić krs...@solarsail.hcs.harvard.edu | http://radian.org

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread Ivan Krstić

On Mar 3, 2009, at 1:53 PM, Perry E. Metzger wrote:

If it is obvious to you and me that a disk has multiple
encrypted views, then you can't expect that a court will not be able
to understand this and take appropriate action, like putting you in a
cage.


Why do you think it'd be obvious to you and me that a disk has  
multiple encrypted views? Contempt carries a burden of proof. If the  
guy has two encrypted volumes, one with a bunch of hardcore adult porn  
and the other with a bunch of kiddie porn, how does his unlocking the  
first one give you a 'preponderance of evidence' that he's obstructing  
justice or disobeying the court? It becomes a he-said-she-said with  
the CBP agent, your word against his.


--
Ivan Krstić krs...@solarsail.hcs.harvard.edu | http://radian.org

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread Perry E. Metzger

Ivan Krstić krs...@solarsail.hcs.harvard.edu writes:
 On Mar 3, 2009, at 1:53 PM, Perry E. Metzger wrote:
 If it is obvious to you and me that a disk has multiple
 encrypted views, then you can't expect that a court will not be able
 to understand this and take appropriate action, like putting you in a
 cage.

 Why do you think it'd be obvious to you and me that a disk has
 multiple encrypted views? Contempt carries a burden of proof. If the
 guy has two encrypted volumes, one with a bunch of hardcore adult porn
 and the other with a bunch of kiddie porn, how does his unlocking the
 first one give you a 'preponderance of evidence' that he's obstructing
 justice or disobeying the court? It becomes a he-said-she-said with
 the CBP agent, your word against his.

Again, you seem to be operating under the common geek misperception
that courts operate like Turing machines, precisely and literally
executing precisely defined legal concepts.

They do not work that way.

Courts work much more the way the high school vice principal who put
you on detention for three weeks for throwing a snowball worked --
even though he didn't see you throw one, he just saw you were the only
person in the general vicinity, even though it was all patently unfair
since he had no proof by your lights.

The law's idea of what sufficient evidence means is not what you, as a
geek, think sufficient evidence means. For example, perhaps to you,
beyond a reasonable doubt means something like there is no way you
couldn't be guilty, while to a court it means nothing like that -- it
means that an ordinary person (that is, not a geek, not a professional
defense attorney, not a mystery novel addict) wouldn't have serious
doubts about guilt. Not no doubts -- just no serious ones.

The law is used to people trying to weasel out of trouble -- people
have been trying to weasel out of trouble since the year 100,000
BC. Criminals were trying far more elaborate schemes to get out from
under trouble than you will ever think of back in ancient
Mesopotamia. You're not going to find something new that impresses a
real court.

Take a real common case. Someone is mugged by two people. One of them
shoots the victim and neither will say which of them did it. You, the
geek who thinks the law is a Turing machine, assume that neither can
go to jail for murder. In the case of each criminal, you assume,
there is a reasonable doubt as to whether or not the other guy did
it. 50/50 is a way reasonable doubt!

Well, that's not how the real legal system works. In the real legal
system, the court will happily put both people in jail for murder even
though there is only one bullet in the victim so only one person could
have pulled the trigger. That's routine, in fact, never mind how
unfair that seems to you. (The charge of felony murder exists
precisely so that they don't need to know who pulled the
trigger. As I said, they're used to people trying to weasel out of
trouble.)

But but! you scream, there has to be a reasonable doubt there! Only
one of them could have done it, clearly one person is in jail
unfairly, they both have to go free! -- well, that's the difference
between you and a lawyer. The lawyer doesn't see this as
unreasonable. The court system is not a Turing machine.

Back to our topic: if the software can handle multiple hidden
encrypted volumes and there is unaccounted for space and the volume
you decrypt for them has nothing but pictures of bunnies and sunsets
and hasn't been touched in a year, I think you're going to jail for
contempt if the judge has ordered you to fork over the files.

But!!! you insist, they don't have proof that I'm doing something
qua proof, they just a strong suspicion! Why, it could be anything in
that giant pool of random bits on the rest of the drive! How do they
*know* it isn't just random bits? How do they *know* I don't just look
at bunnies and sunsets and haven't opened that partition in a year?

You only think that will protect you because you don't understand the
legal system. You see, you're making this assumption that most people
would call assuming the judge is an idiot.

Judges take a very dim view of people playing them for fools, just
like high school vice principals, and again, the legal system is not a
Turing machine. The judge's superiors on the appeals court will take a
similar view because they were once trial judges and don't like when
judges are played for fools either.

So, the court is not going to pay the least attention to your
elaborate claims that you just like storing the output of your random
number generator on a large chunk of your hard drive. They really
don't give a damn about claims like that. Actually they do
care. They'll be pissed off that you're wasting their time.

If you believe otherwise, go right ahead, but as I said, the jails are
filled with people who have tried very elaborate strategies for
avoiding prison only to discover courts don't care. The courts are
used to people not wanting to 

Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread RB
To more fully quote Adam's question:
 When compelled to give out your password, you give out the one that
 unlocks the partition full of kitten and puppy pictures, and who's to
 say that's not all there is on the drive?

 Is there any disk encryption software for which this is common
 practice?

On Tue, Mar 03, 2009 at 05:37:40PM -0500, Ivan Krsti?? wrote:
 In terms of fairly widely used software, yes, TrueCrypt offers hidden
 volumes:

 http://www.truecrypt.org/docs/?s=hidden-volume

Hidden volumes are interesting, but TrueCrypt's specific implementation
(one hidden volume per decoy container) fails to address the case
in which an adversary has knowledge of the hidden volume, which is where
I think Adam's question was going.  If they do, no amount of decoy data
is going to convince them that what they seek has been divulged, and
they will continue to compel until they have what they want.

To defend against such an attack, one would need two hidden volumes:
one for decoy data and the other for the real data.  There are still
problems with that approach (such as how the adversary gained knowledge
of a hidden volume in the first place), but it should satisfy the
switch-for-puppies defense.  No software I know of does this by default.


RB

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread John Gilmore
 I would not read too much into this ruling -- I think that this is a
 special situation, and does not address the more important general
 issue.  
 In other cases, where alternative evidence is not available to the
 government, and where government agents have not already had a look at
 the contents, the facts (and hence perhaps the ruling) would be
 different.

Balls.  This is a straight end-run attempt around the Fifth Amendment.
The cops initially demanded a court order making him reveal his
password -- then modified their stance on appeal after they lost.  So
he can't be forced to reveal it, but on a technicality he can be
forced to produce the same effect as revealing it?  Just how broad is
this technicality, and how does it get to override a personal
constitutional right?

If the cops bust down your door and you foolishly left your computer
turned on, are they entitled to make you reveal your encryption
passwords anytime later, because your encrypted drive was accessible
when they ran in screaming at your family and shooting your dog?
Suppose they looked it over and typed a few things to the screen?
Suppose they didn't?  Suppose they used a fancy power-transfer plug to
keep it running as they walked it out the door, but they tripped and
dropped it and it powered off?  That's a technicality, isn't it?

Don't forget, this is a nuisance case.  It's about a harmless Canadian
citizen who's a permanent US resident, who crossed the Canadian border
with his laptop.  A guy smart enough to encrypt his drive.  On the
drive, among other things, was a few thousand porn images downloaded
from the net.  Legal porn.  The border guards, who had no business
even looking at his laptop's contents, trolled around in it until they
found some tiny fraction of the images that (they allege) contained
underage models.  (How would *he* know the ages of the models in
random online porn?  Guess he'd better just store no porn at all,
whether or not porn is legal.  That's the effect that the bluenoses
who passed the child porn laws want, after all.)  That's the crime
being prosecuted here.  This isn't the Four Horsemen's
torture-the-terrorist-for-the-password hostage situation where lives
are at stake and the seconds are ticking away.  This is a pointless
search containing the only evidence of a meaningless censorship
non-crime.  If the feds can force you to reveal your password in this
hick sideshow, they can force it anytime.

Suppose the guy had powered off his laptop rather than merely
foolishly suspending it.  If the border guards had DRAM key recovery
tools that could find a key in the powered-down RAM, but then lost
the key or it stopped working, would you think he should later be
forced to reveal his password?

Suppose they merely possessed DRAM key recovery software, but never
deployed it?  Hey, we claim that you crossed the border with that key
in decaying RAM; fork over that password, buddy!

Don't give them an inch, they'll take a mile.  Drug users can now not
safely own guns, despite the Second Amendment.  Not even guns locked
in safes in outbuildings, because the law passed against using a gun
in a drug crime has been expanded by cops and judges to penalize
having a gun anywhere on the property even though it was never
touched, and even when the only drug crime was simple possession.
Five year mandatory minimum sentence enhancement.  (Don't expect NRA
to help -- their motto is screw the criminals, leave us honest people
alone.  That's no good when everybody's a criminal, especially the
honest people like this guy, who had nothing to hide from the border
guards and helped them search his laptop.)

   Sessions wrote: Boucher's act of producing an unencrypted
   version of the Z drive...

There is no such document as an unencrypted version of the Z drive.
It does not exist.  It has never existed.  One could in theory be
created, but that would be the creation of a new document, not the
production of an existing one.  The existing one is encrypted, and
the feds already have it.

I'm still trying to figure out what the feds want in this case if the
guy complies.  They'll have a border guard testify that he saw a
picture with a young teen in it?  They'll show the jury a picture of a
young teen, but won't authenticate it as a picture that came off the
hard drive?  It can just be any random picture of a young teen, that
could've come from anywhere?  How will that contribute to prosecuting
this guy for child porn?

Maybe they're just bored from training themselves by viewing official
federal child porn images (that we're not allowed to see), or
endlessly searching gigabytes of useless stuff on laptops.  Instead
they want the thrill of setting a precedent that citizens have no
right to privacy in their encrypted hard drives.  Let's not help them
by declaring this guy's rights forfeit on a technicality.

John

-
The Cryptography Mailing List