[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Emergency File Wipe Algorithim
Lucky Green writes:
> Didn't I just read a day ago that Robert Morris (ex-NSA) cautioned
> that one should never underestimate the time and effort an opponent
> is willing to put into recovering your data?
> May I also point out that the rules of economics do not apply to
> the federal government, since it insits - quite successfully - on
> having a monoploy on using lethal force to extract arbitraily large
> amounts from hundreds of millions of working Americans?
As always, Rubber Hose Cryptanalysis(*tm, patent pending) is usually the
cheapest way to go...if you're a federal government.
But not all threats are that serious. For instance, I have no fears that the
admins here would grovel over the oxides on RAM cells in order to determine
the pass-phrase of my PGP key if they suspected me of doing something naughty
(even if they knew this was possible, which is unlikely).
You can get really paranoid about security and rightly so if your opponent is
a federal government. However, pushing key-material bits around RAM in order
to prevent them from being burned into the chips is probably going to do you
little good if, for instance, a hardware keystroke monitor is surreptitiously
installed in your keyboard (which is likely far cheaper and easier than
analysing RAM chips and maybe even disk platters).
BTW, this is not a troll and I know that the possible constitutionality of
court-ordered disclosure of passphrases or key-material has been hashed over
many times in the past here, but have any cases with this particular
attribute gone through court yet? There were reports even years ago of
pedophiles and other agents of the Four Horsemen using PGP to encrypt diaries
and such, have any of these cases gone to court yet and did the prosecution
attempt to force the defendant to reveal a passphrase??
(wonders how many readers will take their keyboards apart to look for radio