Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
On Thu, 22 Apr 2004, Major Variola (ret) wrote:
At 12:09 PM 4/22/04 +0200, Eugen Leitl wrote:
Are you truly expecting a worldwide ban on encryption? How do you
somebody is using encryption on a steganographic channel?
Torture, of the sender, receiver, or their families, has worked
At 05:56 PM 4/22/04 +0200, Thomas Shaddack wrote: prove pretty
well. If you're good you don't even leave marks.
However, it's not entirely reliable. At some point, the suspect tells you what you want to hear, whether or not it is the truth, just so you leave him alone. It can even happen that the suspect convinces himself that what he really did what he was supposed to do.
Interrogators check out each confession. First ones won't work, bogus keys. Just noise. Second confession reveals pork recipes hidden in landscape pictures. Beneath that layer of filesystem is stego'd some porn. Beneath that, homosexual porn. But your interrogators want the address book stego'd beneath that. They know that these are stego distraction levels, uninteresting to them. You'll give it to them eventually. If you give them a believable but fake one, it will damage innocents or true members of your association.
This brings another ofren underestimated problem into the area of cryptosystem design, the "rubberhose resistance".
My comments were written with that in mind. I'm familiar with filesystems (etc) with layers of deniable stego. I wonder how quickly one could incinerate a memory card in the field with high success rate? Destroy the data and the passphrases don't help.
On Thu, 2004-04-22 at 14:53, Major Variola (ret) wrote:
I wonder how quickly one could incinerate a memory card in the field with high success rate? Destroy the data and the passphrases don't help.
The first thing that popped into my mind is a USB key with a small cake of potassium permanganate affixed to the flash chip and a rupturable bladder filled with glycerin on top. In case of problem, squeeze to rupture the bladder and throw it somewhere. If outside and near weeds, it'll be very hard to find before the misture does its exothermic thing. That mixture will ignite thermite... should be able to do a number on a flash chip pretty well. -- Roy M. Silvernail is roy@rant-central.com, and you're not Never Forget: It's Only 1's and 0's! SpamAssassin->procmail->/dev/null->bliss http://www.rant-central.com
On Thu, 22 Apr 2004, Major Variola (ret) wrote:
However, it's not entirely reliable. At some point, the suspect tells you what you want to hear, whether or not it is the truth, just so you leave him alone. It can even happen that the suspect convinces himself that what he really did what he was supposed to do.
Interrogators check out each confession. First ones won't work, bogus keys. Just noise. Second confession reveals pork recipes hidden in landscape pictures. Beneath that layer of filesystem is stego'd some porn. Beneath that, homosexual porn. But your interrogators want the address book stego'd beneath that. They know that these are stego distraction levels, uninteresting to them. You'll give it to them eventually.
Or not - if you weren't who they thought and there really was nothing more than the gay porn.
If you give them a believable but fake one, it will damage innocents or true members of your association.
Innocents could be a good "cannon fodder" that can bring a lot of backslash and alienation aganst the goons, stripping them from public support.
This brings another ofren underestimated problem into the area of cryptosystem design, the "rubberhose resistance".
My comments were written with that in mind. I'm familiar with filesystems (etc) with layers of deniable stego.
You are one of the few who are familiar with it. Are there any decent implementations for Linux/BSD/NT? Some time ago I was looking around for something (not necessarily stego, "standard" single-layer encrypted filesystem would be enough) for removable media, and would like to share them between machines running several operation systems. Didn't manage to find anything usable. The requirements are security, stability, and portability (at least read-only) between platforms.
I wonder how quickly one could incinerate a memory card in the field with high success rate? Destroy the data and the passphrases don't help.
There are magnesium rods on the camping market, sold as firestarters for very bad weather. Very high temperature of burning, with proper mechanical configuration (card strapped between two such rods?) could be enough to melt the chip. Maybe could be used together with some kind of break-and-shake chemical ignition even for eg. the USB drives. Their casings typically have considerable amount of space (few mm, enough for a Mg strip) over the chip that carries the data themselves. Which reminds me there are toilets designed for burning the waste using propane burners or electrical heating elements. Could be possible to use them as a basis for the "ultimate document shredder", if combined together with a standard lower-security one, within $2000 total.
On Thu, Apr 22, 2004 at 11:53:07AM -0700, Major Variola (ret) wrote:
I wonder how quickly one could incinerate a memory card in the field with high success rate? Destroy the data and the passphrases don't help.
Smallish lithium battery has enough oomph to heat a NiCr filament (or charge an electrolyte capacitor to vaporize a thin filament) to detonate a pellet of lead azide or similiar. It will blow a hole in glass, or reliably destroy a flash chip, while being fairly safe when not held in hand (or embedded in a bulky enough case). This will produce a loud bang, obviously. Thermite is a good choice to turn your fileserver into lava, but that thing better be outside, or mounted in chamotte- or asbestos-lined metal closet. Will produce smoke, and take some time, too. If your keyring's been securely wiped, rubberhosing the passphrase out of you to unlock it will give the attacker very little. Assuming the device is powered on, and easily triggerable, that would be quickest. If you're just running a P2P which encrypts relay traffick, and a CFS hosting your warez and kiddie porn which needs interactive passphrase input to mount any forensics type people will only wind up with a glob of useless bits. Assuming the knuckle-draggers will know a CFS from a corrupted FS or a dead drive, that is. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature]
participants (4)
-
Eugen Leitl -
Major Variola (ret) -
Roy M. Silvernail -
Thomas Shaddack