On 1/31/2012 7:54 AM, James Knott wrote:
Basil Chupin wrote:
perhaps it's a good time for the very paranoid to switch to hidden encrypted partitions with truecrypt (www.truecrypt.org).
the basic premise is there are 2 separate, mountable partitions within an single encrypted file. password A opens and allows partition A to be mounted, password B opens and allows a smaller subset partition to be mounted, giving plausible deniability if forced to divulge a password.
From where I am sitting, this is as useless as the encryption which I am now using on my /home directory. It doesn't matter how many partitions and layers of wotnots you have - they will only work on the CURRENT system and partitions. Copy files to another medium and.....anyone can read them.
They can only be read if stored on unencrypted media. Trucrypt can also be used to provide encryption on portable devices. So, regardless of how you encrypt your hard drive, copy to the encrypted portable drive. Also, there's no reason why you can't encrypt the drive you use for backup with the normal Linux encryption.
https://plus.google.com/u/0/118440353893255425460/posts/GA5krGa5HqC There's obvious problems with all of this at least as stated so far. Once you write the software to do that, the bad guys (your own government/police) know all about it and will know exactly how to tell that you gave them the safe password and will have some tool to detect the difference in total data size or something. Or they just don't use your kernel on your hard drive to decrypt and access your hard drive, they use their own with the the ability to tell immediately that it was fed a safe-type password and not even bother really using it, similarly, their own machine would simply decline to write anything to the drive at all so no destroying the secret data. But actually this ends up proving how stupid the whole "we're the big bad bully cops and we said give us your password or else so you better!" is. Without needing any fancy new functionality added to existing simple drive encryption, you can still thwart the people trying to "force" you to divulge a password very easily. Just generate at least one drive image that really is nothing but random bytes, and tell them that you did so. From the outside, the random and the real filesystems look the same. If you tell them a password and it only decrypts one filesystem, they can tell that there is more space that they haven't decrypted, and they can say "give us the rest or else!" but no amount of coercion can make random data that never was a filesystem into a real filesystem, and so they have no legal basis to penalize or restrain you. Maybe you DID give them all there was to give. They can't prove that you didn't. I wonder if that ladies lawyer thought of this. She could use this argument right now already even after the fact, just by demonstrating how it could be done. It seems to me this might be part of the very reason why we have the rule that says you don't have to incriminate yourself. It's not to allow bad guys to get away with things. It's to prevent cops from torturing people until they say what the cops want to hear, regardless if it's really true or not. If you make a random block of data on your disk, and then for whatever reason the cops grab your disk and demand you give them the password to decrypt that block of data, you would be absolutely honest when you say it's not possible because it's not actually data. But they would never believe you. And that's why it IS ILLEGAL despite what that idiot judge said, to force someone to divulge a password. There is no way to know that you didn't cooperate fully, so it's illegal to treat you as though you didn't -- bkw -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org