Home page logo

basics logo Security Basics mailing list archives

Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News
From: Aarón Mizrachi <unmanarc () gmail com>
Date: Thu, 2 Apr 2009 16:32:15 -0430

On Martes 31 Marzo 2009 21:29:11 aragonx () dcsnow com escribió:
I'm not familiar with PGP...does it provide for Plausible Deniability?

It does not.

What True Crypt needs is a kill phrase.  You give someone that phrase (or
type it in yourself) and it just starts a military format or adds another
layer of encryption with a randomly generated pass phrase.

Or would that not work?

Not at all.

In a forensic analisys, the first rule is make a copycat from drive before open 
it for analisys. (Sometimes two copycats...)

Then you will military format a copy, not the original evidence and other's 

This could be taken as "Intentional destruction of evidence". Not so useful 
specially when the judge have another copy of your drive.


Plausible Deniability is when you found another "innocent" explanation of a 
thing. Today, in forensic, this is extremly hard, because everything is 

Your computer have freebsd with geom encryption... then... how you can say 
that is not your computer, this is a friend computer and you dont have the 

The probabilities are against you (This is hypothetic and not a real case):

a. Mail servers like mail.yahoo logs your user-agent, and then, the judge 
found  this unique navigator fingerprint of you: Mozilla 4.0 (Firefox ... 
FreeBSD ... )
Statistic FACT: less than 3% of your friend population uses FreeBSD

b. Your fingerprints are in every keyboard key... . Then, by a statistics study 
(really i dont know if this study is done or not, but is hypothetic), the 
computer is yours with a probability of 95% (This is hypothetic).

Q: The computer uses freebsd (this is a fact), and you are a freebsd user, 
then, what is the probability that you dont are the owner of the computer?

A: probability of there is a friend using the same OS (~0.03) mixed with the 
probability of this is not your computer with the fingerprint probe... (0.05), 
_assuming that are independent variables_.

Then, you have something like ~0.1% of probability that is not your computer. 
This is not a good thing for you =P, because the judge have a probability of 
99.9% that is your computer.

Another mechanisms to lie have issues with logic/probability/statistic study 
background... specially when you mix the system probability with the 
enviroment probability... 

Nobody tells you anything about enviroment probability when you buy a pgp 
whole drive encryption and you try to use it against law's... 

What if your OS is WinXP 32-bit with IE8? 
hypothetic population estimation in percentage: ~21%.

Then: ~0.21*0.05 = 0.01 (About ~99% that is your computer)

Will Y.

This list is sponsored by: InfoSec Institute

No time or budget for traveling to a training course in this fiscal year? Check out the online information security 
courses available at InfoSec Institute. More than a boring "talking head", train in our virtual labs for a total 
hands-on training experience. Get the certs you need: CEH, CPT, CEPT, CISA, CISSP, CISM


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]