[Bug 148440] Re: General rubberhose vulnerability

2012-03-19 Thread Tim Pederick
This is a good (or at the very least, an interesting) idea, but this isn't the place for hashing out implementation ideas. The fundamental concept is, Ubuntu should employ deniable encryption by default. And then instead of discussing 1% partitions and UK laws, we leave the details to FOSS crypto

[Bug 148440] Re: General rubberhose vulnerability

2012-02-07 Thread Fred
With a fixed value of 1% you would kinda be able to deduct if the file has been used by checking if file_size == 1%; File size should be a random value of 0.1-1%. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 148440] Re: General rubberhose vulnerability

2012-02-07 Thread Fred
** Tags added: privacy -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/148440 Title: General rubberhose vulnerability To manage notifications about this bug go to:

[Bug 148440] Re: General rubberhose vulnerability

2012-02-07 Thread tdn
This is a good idea to implement. One mentioned that this should be put on brainstorm, however, it is my impression that the brainstorm site is just a black hole. Especially for security and privacy related ideas. -- You received this bug notification because you are a member of Ubuntu Bugs,

[Bug 148440] Re: General rubberhose vulnerability

2008-07-09 Thread Chris Jones
Edward: Section 49 notices are supposed to be served where there is already a reasonable suspicion (ie other evidence) of the key's existence (or the knowledge of a passphrase). This is not a bug, this is political activism trying to use an entire userbase as leverage against a law some people

[Bug 148440] Re: General rubberhose vulnerability

2008-07-09 Thread Chris Jones
Woo typing. I of course meant to say RIPA is *not* about systematic trawling... -- General rubberhose vulnerability https://bugs.launchpad.net/bugs/148440 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list

[Bug 148440] Re: General rubberhose vulnerability

2008-07-08 Thread Chris Jones
As a UK citizen, I am curious how having encrypted data on my disk that I do not know the password for, is going to help me when MI5 are clubbing me senseless demanding to know my password. I will say I don't know it and they will say we don't believe you. Thanks for guaranteeing that every UK

[Bug 148440] Re: General rubberhose vulnerability

2008-07-08 Thread blastzilla
As law enforcement have conveniently found out, if you have a notebook, you have a tomb of information about what you do and everything you have ever done. There could be cookies there for your bank account. A list of search results. I list of websites you've visited. If every notebook was

[Bug 148440] Re: General rubberhose vulnerability

2008-07-08 Thread David D Lowe
This is an idea, not a bug, as far as I can tell. Shouldn't you post it on brainstorm.ubuntu.com? -- General rubberhose vulnerability https://bugs.launchpad.net/bugs/148440 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs

[Bug 148440] Re: General rubberhose vulnerability

2008-07-08 Thread Miguel Duarte
I really hope this feature is added to Ubuntu. We all would be safer for abusive governments. -- General rubberhose vulnerability https://bugs.launchpad.net/bugs/148440 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs

[Bug 148440] Re: General rubberhose vulnerability

2008-07-08 Thread Chris Jones
blastzilla: if every notebook was encrypted and nobody knew their encryption key, nobody would be able to use their laptop. What you appear to mean is that there should be an encryption which the system knows the password to. At which point, why would they ask the human owner? -- General

[Bug 148440] Re: General rubberhose vulnerability

2008-07-08 Thread Link
Chris Jones: blastzilla was just generalizing a bit. Scenario A: Every notebook has an encrypted partition that's created by default with a randomized key. Only a few users set a key and use the encrypted partition. When asked for a key everybody says Huh?. Those Certain People trying to

[Bug 148440] Re: General rubberhose vulnerability

2008-07-08 Thread Richard de Boer
The idea is to encrypt about 1% of every laptop with a random password, thus rendering that 1% of the disk useless to the user. It would be possible however, to re-encrypt this with a password you choose and actually store things in it. This means the 90%(or whatever, probably even more) of the

[Bug 148440] Re: General rubberhose vulnerability

2008-07-08 Thread mdm-adph
God, what a sad world we live in. I still think this is a good idea, though. @Chris Jones: I don't see how this makes you any more or less likely to be tortured -- if you're already in a situation where you're about to be clubbed, I don't think simply the absence of encryption software on your

[Bug 148440] Re: General rubberhose vulnerability

2008-07-08 Thread Chris Jones
mdm-adph: you are exactly right, this is basically never a problem. I'm do happen to encrypt my whole disk so my laptop is worthless to simple thieves motivated by data, but I would be very unlikely to be in a situation where my key is being forcibly demanded of me. And were that situation to

[Bug 148440] Re: General rubberhose vulnerability

2008-07-08 Thread Edward
Mr. Jones complains of laws requiring us to give up our crypto keys. This is a strawman. You can't be legally compelled to surrender something you don't possess. Claiming to not know the key is an issue of fact for the jury. If they believe that you do not have a key, then you can not be guilty

[Bug 148440] Re: General rubberhose vulnerability

2008-04-22 Thread trollord
Hardy has LUKS support + encrypted partitions and all the rest of the funky tools by default. ** Changed in: ubuntu Status: Confirmed = Fix Released -- General rubberhose vulnerability https://bugs.launchpad.net/bugs/148440 You received this bug notification because you are a member of

[Bug 148440] Re: General rubberhose vulnerability

2008-04-22 Thread Link
See 2) I haven't downloaded Hardy. Does the installer always create an encrypted partition by _default_ (as long as the user says its legal)? If it doesn't, then it does not really deal with the problem I mentioned. Encryption must appear to be in _use_ by default by all users. -- General

[Bug 148440] Re: General rubberhose vulnerability

2008-02-10 Thread Link
Either 5a) The last modified or last accessed time of the container file should not be changed automatically. Or 5b) There should be a service that regularly randomly updates the last modified and last accessed date on the container file to a recent time. -- General rubberhose vulnerability

[Bug 148440] Re: General rubberhose vulnerability

2007-10-03 Thread Kees Cook
** Visibility changed to: Public ** This bug is no longer flagged as a security issue ** Changed in: ubuntu Importance: Undecided = Wishlist Status: New = Confirmed -- General rubberhose vulnerability https://bugs.launchpad.net/bugs/148440 You received this bug notification because