Patrick Cahalan wrote:
[snip] > Finally, remember, (e) for detachable media, including laptop hard > drives, the USER is considered the "node associated with the media", > so really, your data can't be considered secure, because the user is > the node, and the user has the key. (Unless, I suppose, you have the > ability to revoke the key remotely, preventing Disgruntled Joe from > taking a laptop out and then quitting with a copy of your code base > already in his possession). First, your definitions are great for the various states and requirements. Second, I wanted to add three additional vectors that could be used to compromise almost any data in any state of being - rubber hose cryptography by thugs or economic criminals, threatened torture or death of a loved one, and finally the types of torture represented by extreme rendition, Abu Ghraib, and Guantanamo. Very few of us would be able to withstand the kinds of torture that have been developed in the name of exporting and enforcing one or another dogma. So what can we do? Not a d%^& thing I suspect except help each other to come up with plausible deniability solutions and not putting ourselves and our families in harm's way. I've not seen much about plausible deniability in various discussions except with the TruCrypt people. Perhaps this is an area that needs thought on and possible solutions proposed. Best, Allen _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
