In reply to (Pierre Uszynski): | But let's add something else: | | It may be possible (easy?) to hide a partition on the disk: buy two hard [..] | The (even not so) casual inspection of the stolen or confiscated system | reveals only stuff that is not worth spending time on. Only a very | detailed inspection, or a leak, reveals the encrypted stuff, still | encrypted... Very frustrating. I think this approach is the safest of all mentioned. An earlier poster commented on the fact that attempting to play 'smart-ass' to your investigators is only going to result in more problems for you. Its a non-ideal world, and they definitely have the ability to cause you substantial problems. Essentially, you need an encryption system that is non-obvious and looks like totally unrelated data. Of course, it would be pointless to have your system looking _totally_ clean, because the fact they have seized it implies they know/suspect something is on there (essentially, the magnitude of what is on there is what they don't know, and in some cases they are entirely off track and find nothing). Encrypting your hard-drive entirely is only going to make them press you for its key, and become aggrivated at your non co-operation. I am no expert on investigation techniques, but having been involved in all 3 aspects ( investigator, investigatee and 3rd party viewer), I feel it is essential to show them everything that they think is there, and convince them (as they will not be as competent in cryptographic analysis as yourself [at least you hope]) that there is nothing hidden. This topic has been dealt with before on sci.crypt. An example I can think of at the moment is something like say you have some software which does known plaintext attacks using sets of word dictionaries. These word dictionaries could infact be encrypted information using some appropriate algorithm that maps words from /usr/dict/words into a new sequence. Of course the only problem with this approach is that your input information rate div output data rate is going to be quite small. Something else you can do is use a cipher which takes two input streams and merges them into the one file, with one key extracting the 'harmless' information and another extracting the 'harmfull' information. Matthew. -- Matthew Gream, M.Gream@uts.edu.au. "... encryption is the ultimate means of Consent Technologies, 02-821-2043. protection against an Orwellian state."