Lucky Green writes:
Didn't I just read a day ago that Robert Morris (ex-NSA) cautioned that one should never underestimate the time and effort an opponent is willing to put into recovering your data?
May I also point out that the rules of economics do not apply to the federal government, since it insits - quite successfully - on having a monoploy on using lethal force to extract arbitraily large amounts from hundreds of millions of working Americans?
As always, Rubber Hose Cryptanalysis(*tm, patent pending) is usually the cheapest way to go...if you're a federal government. But not all threats are that serious. For instance, I have no fears that the admins here would grovel over the oxides on RAM cells in order to determine the pass-phrase of my PGP key if they suspected me of doing something naughty (even if they knew this was possible, which is unlikely). You can get really paranoid about security and rightly so if your opponent is a federal government. However, pushing key-material bits around RAM in order to prevent them from being burned into the chips is probably going to do you little good if, for instance, a hardware keystroke monitor is surreptitiously installed in your keyboard (which is likely far cheaper and easier than analysing RAM chips and maybe even disk platters). BTW, this is not a troll and I know that the possible constitutionality of court-ordered disclosure of passphrases or key-material has been hashed over many times in the past here, but have any cases with this particular attribute gone through court yet? There were reports even years ago of pedophiles and other agents of the Four Horsemen using PGP to encrypt diaries and such, have any of these cases gone to court yet and did the prosecution attempt to force the defendant to reveal a passphrase?? andrew (wonders how many readers will take their keyboards apart to look for radio transmitters)