Re: full-disk subversion standards released
On Thu, Mar 5, 2009 at 12:13 PM, Kent Yoder wrote: > Hi Peter, > >>>Apart from the obvious fact that if the TPM is good for DRM then it is also >>>good for protecting servers and the data on them, >> >> In which way, and for what sorts of "protection"? And I mean that as a >> serious inquiry, not just a "Did you spill my pint?" question. At the moment >> the sole significant use of TPMs is Bitlocker, which uses it as little more >> than a PIN-protected USB memory key and even then functions just as well >> without it. To take a really simple usage case, how would you: >> >> - Generate a public/private key pair and use it to sign email (PGP, S/MIME, >> take your pick)? > > I had this working using openCryptoki, the trousers TSS and Mozilla > Thunderbird on openSUSE Linux. If the setup instructions aren't in > the various readmes of those projects I can help you set it up if > you'd like. > >> - As above, but send the public portion of the key to someone and use the >> private portion to decrypt incoming email? > > A simple PKCS#11 app to extract the public key is all that's needed > with the above tools. > >> (for extra points, prove that it's workable by implementing it using an >> actual >> TPM to send and receive email with it, which given the hit-and-miss > > Done. :-) Last time I tested this it worked fine... Circa > 2006..- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
the bad idea that would not die
Excerpt: Aussie govt considers quantum leap in secure comms Commonwealth departments to trial Quantum Key Distribution. Australian governments may soon have the world's most secure data communication system if trials of a locally-developed quantum cryptography technology are successful. http://www.computerworld.com.au/article/278658/aussie_govt_considers_quantum_leap_secure_comms -- Perry E. Metzgerpe...@piermont.com - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: full-disk subversion standards released
Hi Peter, >>Apart from the obvious fact that if the TPM is good for DRM then it is also >>good for protecting servers and the data on them, > > In which way, and for what sorts of "protection"? And I mean that as a > serious inquiry, not just a "Did you spill my pint?" question. At the moment > the sole significant use of TPMs is Bitlocker, which uses it as little more > than a PIN-protected USB memory key and even then functions just as well > without it. To take a really simple usage case, how would you: > > - Generate a public/private key pair and use it to sign email (PGP, S/MIME, > take your pick)? I had this working using openCryptoki, the trousers TSS and Mozilla Thunderbird on openSUSE Linux. If the setup instructions aren't in the various readmes of those projects I can help you set it up if you'd like. > - As above, but send the public portion of the key to someone and use the > private portion to decrypt incoming email? A simple PKCS#11 app to extract the public key is all that's needed with the above tools. > (for extra points, prove that it's workable by implementing it using an actual > TPM to send and receive email with it, which given the hit-and-miss Done. :-) Last time I tested this it worked fine... Circa 2006... Kent > functionality and implementation quality of TPMs is more or less a required > second step). I've implemented PGP email using a Fortezza card (which is > surely the very last thing it was ever intended for), but not using a TPM... > >>Mark Ryan presented a plausible use case that is not DRM: >>http://www.cs.bham.ac.uk/~mdr/research/projects/08-tpmFunc/. > > This use is like the joke about the dancing bear, the amazing thing isn't the > quality of the "dancing" but the fact that the bear can "dance" at all :-). > It's an impressive piece of lateral thinking, but I can't see people rushing > out to buy TPM-enabled PCs for this. > > Peter. > > - > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com > - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: Judge orders defendant to decrypt PGP-protected laptop
On Tue, 2009-03-03 at 21:33 -0500, Ivan Krsti? wrote:
> If you give me the benefit of the doubt for having a reasonable
> general grasp of the legal system and not thinking the judge is an
> automaton or an idiot, can you explain to me how you think the judge
> can meet the burden of proof for contempt in this instance? Surely you
> don't wish to say that anyone using encryption can be held in contempt
> on the _chance_ they're not divulging all the information; what, then,
> is the other explanation?
The law is not administered by idiots.
In particular, the law is not administered by people who are more
idiotic than you. You may disagree with them, or with the law,
but that does not make them stupid.
On the one hand there are (inevitable) differences in profile
between a partition that sees daily use and a partition that
doesn't. If a forensics squad had a good look at my laptop,
they'd see that my (unencrypted) Windows partition has not been
booted or used in three years, whereas file dates, times, and
contents indicate that one of the other partitions is used daily.
If he decrypts a partition that clearly does not get used
frequently, and more to the point shows no signs of having been
used on a day when it is known that the laptop was booted up,
then he is clearly in violation of the order.
More to the point, you're arguing about a case where they
have testimony from multiple officers who have *SEEN* that
the images are on the computer, where both defense and
prosecution agree that they do not enjoy fifth-amendment
priveleges, and where the testomony of multiple officers
gives the partition name ("Z drive") in which the images
were found. If the decrypted partition does not match in
these particulars, and especially if it does not show any
evidence of usage while the laptop is known to have been
powered up during the initial search, then the defendant
is clearly in violation of the order.
Now, I think there is a legitimate argument to be made about
whether the defendant can be compelled to *use* a key which
he has not got written down or otherwise stored anywhere
outside his own head. It's generally agreed that people can't
be compelled to produce or disclose the existence of memorized
keys, but can be compelled to produce or disclose the existence
of any paper or device on which a key is recorded. But
regardless, if the order to use the key is considered legit,
then failure to comply with the order (by using a different or
"wrong" key, unlocking a different volume) is direct violation
of a court order. People go to jail for that.
Keep in mind that the right to be secure from search and seizure
of one's documents has always been subject to due process and
court orders in the form of search warrants. The right to privacy
is not an absolute right and never has been, and obstructing the
execution of a lawfully served warrant is not a viable strategy
for staying out of jail.
Bear
(neither a lawyer, nor, usually, an idiot)
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
