Re: Opiated file systems
On 18 Jul 96 at 22:48, Adam Back wrote: [..]
The whole system should be designed to withstand scrutiny as to whether or not there is a duress file system on any given disk, on the assumption that the opponent as full access to the source.
ie. the attacker can not tell without the hidden file system key (if one exists) whether the unused space on your drive is really just that: unused space filled with garbage, or whether it is in fact another encrytped filesystem.
There has to be a way to tell the system that the sectors are used when not the drive isn't mounted and the filesystem isn't active.
They might be suspicious, but I don't think they would be able to claim you were in comptempt of court, if you provide the 1st key and claim there is no other key: the software has support for either 1 or 2 filesystems.
Having a copy of the driver is enough to arouse suspicion. If they don't find anything useful in that one partition, they'll assume the second is in use and that you're not giving up the key. You may very well get accused of maintaining a second system even if you are not and do not have anything incriminating in the one encrypted fs. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto) AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com> Send a message with the subject "send pgp-key" for a copy of my key.
Rob <WlkngOwl@unix.asb.com> writes:
On 18 Jul 96 at 22:48, Adam Back wrote: [...]
ie. the attacker can not tell without the hidden file system key (if one exists) whether the unused space on your drive is really just that: unused space filled with garbage, or whether it is in fact another encrytped filesystem.
There has to be a way to tell the system that the sectors are used when not the drive isn't mounted and the filesystem isn't active.
Ah I see what you're getting at. My solution (I'm sure I wrote this somewhere in this thread) was that you'd always have to mount both file systems during normal usage, otherwise you'd risk damaging the hidden fs. You'd only mount the duress fs alone in a duress situation. Not attractive, but I don't see any easy way around it.
They might be suspicious, but I don't think they would be able to claim you were in comptempt of court, if you provide the 1st key and claim there is no other key: the software has support for either 1 or 2 filesystems.
Having a copy of the driver is enough to arouse suspicion. If they don't find anything useful in that one partition, they'll assume the second is in use and that you're not giving up the key. You may very well get accused of maintaining a second system even if you are not and do not have anything incriminating in the one encrypted fs.
You could be right, I'm not sure how it would go in practice. But I don't think there is really much more you can do unless you assume the ability to conceal a piece of hardware from your opponents. Say like a floppy disk with the stego or duress drivers on? But that gives rise to all sorts of problems also... where do you store it when you're not using the computer? What if they grab you while you're at the computer? When you leave the computer for 5 mins? Adam
participants (2)
-
Adam Back -
Deranged Mutant