Forced password defense

Discussion in 'privacy technology' started by hidden, Sep 22, 2013.

Thread Status:
Not open for further replies.
  1. hidden

    hidden Registered Member

    Joined:
    Jun 1, 2010
    Posts:
    110
    In some countries, e.g. Britain, refusal to disclose a password to the 'proper authorities' upon request is a felony. This is still working its way through the US courts as 'self incrimination', but I'm not optimistic.

    Suppose some standard encryption app allowed the user to encrypt a file in the usual manner with a password, then upon request scrambled the password, in a way the user didn't know and couldn't recover, then stored the encrypted, unreadable file (or didn't scramble by choice.) Info as to whether the password had been scrambled totally erased so no external authority could tell the difference.

    If enough people did this wouldn't that give enough legal doubt so as to avoid persecution for not revealing when ordered, especially if that particular file, and many others on many other computers, were indeed unrecoverable. Might need some standard disclaimer on all encrypted files.

    You probably don't want to be the only one to do this.
     
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    That's why steganography (OpenPuff) and TrueCrypt Hidden Volume exist. Although sector overwriting (Eraser) is the only surefire way, the above options may be enough to fool them.
     
  3. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    771
    Location:
    Headquarters - London & Field Offices -Worldwide
    This is called "Plausible Deniability". Someone may possess data that has been encrypted and may have some additional encrypted data nested in the first encrypted file. That "someone" may give one of the keys away (as if that was the only key that existed) in order to reveal only a part of the data to make it look as if they are co-operating and after that deny they have any other keys. This statement cannot be said to be false unless one possess knowledge that a specific number of additional keys exist. If this is the case the further encrypted data nested within the first encrypted folder cannot then be proven to exist thus deniable in a most plausible sense.
     
  4. hidden

    hidden Registered Member

    Joined:
    Jun 1, 2010
    Posts:
    110
    Not trying to fool anybody. "!Nothing to hide!"; file could be info or meaningless don't matter. Never able to be read again (undecryptable), and there for all to see.

    A critical mass of these floating around if indistinguishable from decryptable files then who's to say that a valid password is in the hands of the owner? Reasonable doubt I would think.

    And what if a botnet dumped a few million into random computers? Read-only files, encrypted, inactive. It's hard enough to root out trojans, viruses when they're dicking with you. They just need to dup the output of some of the standard privacy apps, and perhaps inactive traces that the app has been deleted.
     
Loading...
Thread Status:
Not open for further replies.