Not to mention that under Bush, meeting the requirements of US law is
not required either. And they have certainly never worried about other
countries laws.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Eric H. Jung
Sent: 14 May 2006 03:33
To:
Talking of Microsoft; it is a claimed advantage of the new OS versions
coming out such as Longhorn server - they include 'Bitlocker' encryption
that is apparently highly secure and integrates with motherboard
chipsets (TPM modules) to provide end to end code authentication and
hardware security.
On Sun, May 14, 2006 at 01:34:51PM +0100, Tony wrote:
So if for instance they take your disks away as per the French TOR node,
then you could destroy your hardware key (wipe TPM module, destroy
motherboard chipset or USB dongle) and they are not going to be reading
anything, ever. Even if
On Sun, May 14, 2006 at 03:58:06PM +0200, Lionel Elie Mamane wrote:
On Sun, May 14, 2006 at 02:32:50PM +0100, Dave Page wrote:
Under the British Regulation of Investigatory Powers Act, they
would simply confiscate the entire machine, demand any
authentication tokens required to access it,
Unfortunately you no longer have a right to remain silent in the UK.
Even for general offences they can interpret it as evidence of guilt in
court.
Hopefully EU / Human Rights legislation will resolve that at some point.
You could however find other ways to get round the requirement. For
Not if you didn't have them prior to receiving the notice and can prove
it.
e.g. after taking away your PC and realising it is encrypted they return
with a notice. You then hand over token and say by the way I previously
destroyed the data on it so I don't have the keys. You have met your
legal
Nb - an interesting question arises with the use of TrueCrypt, etc. that
have passkeys that can unlock different levels of data. If you have
dummy volumes and provide the passkeys to just those have you met your
legal requirements?
The implication under the RIP act is that you have.
(2) A
I am living in France and working for some French security agency. Please
understand that I may not identify myself. Working for a security agency does
not mean that I approve all their actions, even those that I MUST do.
Since about 5 years, French services are trying to control the anonymous
Before they realise that they need a key you can microwave the
token.
You can then surrender it when required and still meet your legal
obligations... 'It must have been static damage officer...you need
to
be more careful with my equipment'
Which in the UK at least could land you in
The whole point is that you ensure any keys are destroyed before you
receive a formal request. It not 'evidence' until its requested by the
authorities.
It is believed there is code in all major manufacturer colour copiers
and high end printers that can identify the printer serial number. It is
On 14/5/06 15:10, Tony wrote:
Nb- failure to disclose keys is up to two years in prison. Not 10.
(5) A person guilty of an offence under this section shall be liable-
(a) on conviction on indictment, to imprisonment for a term not
exceeding two years or to a fine, or to both;
(b)
2. The restrictions on encryption were
removed some years ago. The best encryption software comes from outside the USA anyway so
it was always a pointless exercise in futility.
Unless a vulnerability is found in 256 bit
AES it would take them longer than the ages of the universe to
I'm not saying the AES is weak. I'm saying that Microsoft might have implemented a back-door for governments. They could store the private keys and passwords in videocard memory or in the boot sector or something like that.
On 5/14/06, Tony [EMAIL PROTECTED] wrote:
2. The restrictions on
Again it is very unlikely. There are many options
to get the keys - like forcing you to divulge them or wire tapping your
keyboard.
If such a backdoor was included than it
would likely be spotted. Here are some comments on a similar accusation a few
years ago:
While i would eventually be spotted, it could probably be blamed on a
programming errror, worm, virus, etc. Who is to say that something
like the wmf exploit wasn't a government backdoor? History has shown
us that the government has good experience in creating backdoors, why
should we give them
FYI.
Hard Disks.. (so abou the length)
It is possible to find old data on scrubbed disks even with 100's of cycles
of writeover.
The reason is coz of wobble or track shape. Imagine washing machine at home, as
it spins it wobbles. Now look at your hard disk (get an old one out that is
past
Ringo,
You would have had an idea if you followed and read any of the links I
sent previously.
--- Ringo Kamens [EMAIL PROTECTED] wrote:
I agree with you about the hops. Thanks for posting the info about
hard
drives. I had no idea.
On Sun May 14 21:58:42 2006, [EMAIL PROTECTED]
[EMAIL
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Tony wrote:
just wanted to suggest that biometrics are not wise for encryption
whatsoever. for one thing, they use a software mechanism to 'unlock'
and this lock can be bypassed. voiceprint, retina/iris scan,
fingerprints, dna, all of these
If somebody was forced to implement backdoors for the government, do you think they would be allowed to tell you?
On 5/14/06, Adam Shostack [EMAIL PROTECTED] wrote:
Niels Ferguson says over my dead body:
http://blogs.msdn.com/si_team/archive/2006/03/02/542590.aspxHe'salso said as much to me in
Thus spake Eric H. Jung ([EMAIL PROTECTED]):
Tony's point was that you could arrange not to have the
authentication
tokens anymore. You better hope they believe you when you say you
don't have it, though.
Not having the authentication tokens counts as refusing to surrender
them.
Nope. I think they'd be making different statements than they're
making, and I think that they'd have avoided the subject in private.
Adam
On Sun, May 14, 2006 at 03:10:07PM -0700, Ringo Kamens wrote:
| If somebody was forced to implement backdoors for the government, do you think
| they would
There are methods (and they are used) to read data from a overwritten
disk.
Has anyone tried creating a (ro) flash-boot linux system for TOR with
all the (rw) stuff mounted in RAM ?
Such a device would raise the bar quite a bit, no? (AFIK, there is no
data remanence problem with DRAM ..
Mike,
I don't have the time to respond to all the points of your email except
the first/
Federal Contempt of Court
http://www.bafirm.com/articles/federalcontempt.html
Although there is no statutory maximum limit regulating the amount of
time a contemnor can be ordered to spend in confinement
Also, they can put you on grand jury and give you obstruction of justice for refusing to talk.
On 5/14/06, Eric H. Jung [EMAIL PROTECTED] wrote:
Mike,I don't have the time to respond to all the points of your email exceptthe first/
Federal Contempt of
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
I personally have stopped trying to use tor because latency has gone far
beyond my patience. Something needs to be done about tor's bandwidth
capability. Of course more bandwidth will mean more users... and I have
said this before and I will say
What do you think about to start TOR with Knoppix Linux booted from a CD/Rom?
CesareOn 5/15/06, Michael Holstein [EMAIL PROTECTED] wrote:
There are methods (and they are used) to read data from a overwritten disk.Has anyone tried creating a (ro) flash-boot linux system for TOR withall the (rw)
On Sun, May 14, 2006 at 08:29:06PM -0400, Michael Holstein wrote:
There are methods (and they are used) to read data from a overwritten
disk.
Has anyone tried creating a (ro) flash-boot linux system for TOR
with all the (rw) stuff mounted in RAM ?
Flash is writable, so can be tampered. The
On Mon, 15 May 2006 07:15:55 +0200
cesare VoltZ [EMAIL PROTECTED] wrote:
What do you think about to start TOR with Knoppix Linux booted from a
CD/Rom?
There's something similar to this (but better in my opinion) built
around OpenBSD. It routes all external TCP traffic through Tor, and
even
28 matches
Mail list logo