Suspect Ordered to Decrypt His Own Data

I haven't used Yubikey but my understanding is that it's basically a USB type key you can use instead or in addition to typing in passwords. I think what you could do instead, is to encrypt your system with open-source software like DiskCryptor, use a keyfile only or keyfile and password, place the DiskCryptor bootloader and keyfile on a USB flash drive, configure the bootloader to boot the encrypted system of course, and set boot order for computer to boot from flash drive first. Then just boot the encrypted system with a this key. Without key you could let it boot to some small linux installation or other unencrypted decoy system (assuming you keep a small 100 MB boot partition unencrypted). You could probably configure truecrypt to do the same.

Other software that might be of interest
--Perdator to use the key to lock/unlock windows when it's running and the key is removed.
--VSUsbLogon by lokibit (I haven't tried this one so cannot recoomend)

 

Yubico provide a PAM module for Ubuntu and Fedora - the Yubikey is not OS dependent, appears as a USB keyboard capable of OTP support (as well as strong statics).

I've read elsewhere (I think on EFF) regarding border controls that a key be sent separately in the post so that you can truly claim that you are unable to decrypt anything, and meanwhile if anything happens to you, that key can be destroyed.

One of the terrible things about the current situation is that people should even have to think of this stuff in a nominally democratic nation, but quite rationally, you do.

 

Concerning shellbags, R-wipe has always wiped them. As soon as shellbags were discussed here and shellbag analyzer was available, I downloaded it and tried it. But I had none. So I ran a test with SD. I opened up a whole bunch of folders and encryped TC folder etc with SD enabled. Then I restarted and ran shellbag analyzer. Nothing. I then did the same experiement with SD disabled. I scanned with shellbag analyzer and so a bunch of shellbags, but didn't clean anything. I then ran R-wipe and did another scan. R-wipe cleaned them all. So r-wipe and SD have always defeated shellbags. And allthough I don't hae the expertie top run tests, I bet SD defeats eliminates pretty much all of these records.

 

Feds Back Away From Forced Decryption … For Now.

-- Tom

 

Seems lately one has to install several cleaning apps just to clean windows junk! which ones do you use if you can please let me know ?

I use K-clean, ccleaner and now privaZer

 

What gets me on this one is "the FBI cracked two of the suspect’s drives – both Western Digital My Book Essentials."

In that separate article it states "authorities did not say what type of encryption Feldman used"...but given that they were MyBooks, I gotta assume it was the hardware encryption. (Not to mention, this was suggested earlier in this thread.)

I find this interesting and pretty important, considering the overall feeling of how secure hardware encryption is. (Discussed here.)

Also interesting, it was in a post in that thread that I actually linked to this thread, as at the time, the drives were all uncracked, leading it to seem the hardware encryption was secure.

Kind of a bummer, but as I was suggesting in that other thread, I was never crazy about hardware encryption to begin with...not only from a security standpoint (as, you can only just trust the vendor hasn't implemented a backdoor), but also from a reliability standpoint (i.e. it's hell if a component fails.)

Let this be a lesson: don't rely on hardware encryption.