On 3/7/07, Joerg Sonnenberger <[EMAIL PROTECTED]> wrote:
Sorry, but this is complete bull shit. The average policy agency *anywhere* does have no fucking chance to deal with cryptography. Even the secret services have no chance dealing with it from the stored data alone. It is somewhat different when you can actively monitor the encryption process, but in that case you have no reason to deal with the cryptography itself anyway because you can just watch the plain text.
Which is what I just said. "Side-step", right? I didn't say break. They have way too much monitoring or seizure power to need to break ciphers. In fact many can require you decrypt data to present as evidence, and if you don't or can't, it's considered destruction. However, it's not fair to say brute-forcing of archived files is out of the question. Even an otherwise clever criminal is most likely to use plain passwords to protect regular files, and it's especially easy to retroactively determine that password after the monitoring begins. It's either the same as, or extremely similar to, another password the criminal will use, so the likely search space is low enough to run on a single machine over a lunch break. It's still side stepping the cryptography, and it's still not an actual cryptographic break. All it takes is monitoring, at which governments and agencies have proven unnervingly good. If they don't use a plain password on the file, they'll use it on their private or pre-shared key, and that's even more likely to be used once monitoring begins. If that's on an encrypted partition, that'll be the part using a plain password, and so on. Even carrying around a USB bar with a random 256 bit key on it isn't good enough - that key is in plaintext on the bar. If you're a monk who has trained for decades to be able to remember any amount of entropy, and you've memorized the entire key and are happy to enter it into RAM for a computing session, you'll either be monitored outright or have your operating system's security or authentication broken in any of the many ways this can be done. All of this is entirely possible. So either you encrypt something and accidentally reveal the key through normal use or OS compromise, or you hide the key perfectly and are charged with destruction of evidence, which is no picnic. They'll know you did it because when the random seizure occurs, you'll have the encrypted files somewhere. Even a complete encrypted partition doesn't look like old-file noise - its apparent entropy is too high. Either way, cryptography doesn't really help you once you're under investigation. At best, it can help you discuss questionable issues without being caught by the many indiscriminate monitoring systems out there, but it takes a lot less than cryptography. I may not have been perfectly clear with my previous message, but I also don't think it's fair to fly off the handle based on mistaken inference. I hope now I've clarified my position. Thank you for noting that I wasn't clear enough, at least for you. --- Dmitri Nikulin Centre for Synchrotron Science Monash University Victoria 3800, Australia