On Tuesday 04 June 2002 10:03 am, Joel Baumert wrote: > > > > I'm able to memorize fairly long passwords of random garbage... My > > > > password for stuff I want secure (pgp private key, disks) is over 200 > > > > bits of random garbage (counting 6.5 bits per char) > > > > > > Sounds great, although if someone throws your ass in jail till you > > > give up your key, you will have a difficult choice. To easily destroy > > > the key in a unrecoverable way makes it harder to be held in contempt > > > of course since you can't get the key back even if you want to. > > > > I thought the 5th amendment would prevent that. Am I just ignorant? > > There are two problems with that argument. First, it does not protect you > in a civil trial where you did not necessarily break the law, but you are > being sued (or harassed) for something non-criminal. > > Second, I'm not sure, but I think that the password can be subpoenaed from > you even in criminal matters because it probably is not directly criminal. > I guess you could claim your 5th amendment rights by having a password > like "I killed Nicole Simpson" and if you were OJ you might be protected. > > Even then they could probably give you transactional immunity on the > password or firewall the password from the prosecution and either make > you tell it or hold you in contempt. > > Wasn't that part of the Mitnick trial??? You would have to ask a lawyer > about the second one. > > When you want to keep something from being subpoenaed, I think your best > defense is to have a zero knowledge file system. My understanding of > this is a little weak, but from what I remember each file password > combination get equally distributed on the file system. I think that > the prosecution has to ask for something specific, but again IANAL.
It seems to me that asking for a password is about the same as asking where somethings been hidden, or asking what's in a safe/wanting something from a safe, except that the 'safe' provided by encryption isn't crackable in a reasonable amount of time. If they just wanted some records (say, logs of what that script kiddie that used my box as a proxy was doing) they don't need my password, just the data. _______________________________________________ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
