Home page logo
/

basics logo Security Basics mailing list archives

Re: Judge orders defendant to decrypt PGP-protected laptop - CNET News
From: Aarón Mizrachi <unmanarc () gmail com>
Date: Thu, 2 Apr 2009 16:32:15 -0430

On Martes 31 Marzo 2009 21:29:11 aragonx () dcsnow com escribió:
I'm not familiar with PGP...does it provide for Plausible Deniability?

It does not.

What True Crypt needs is a kill phrase.  You give someone that phrase (or
type it in yourself) and it just starts a military format or adds another
layer of encryption with a randomly generated pass phrase.

Or would that not work?

Not at all.

In a forensic analisys, the first rule is make a copycat from drive before open 
it for analisys. (Sometimes two copycats...)

Then you will military format a copy, not the original evidence and other's 
copy's. 

This could be taken as "Intentional destruction of evidence". Not so useful 
specially when the judge have another copy of your drive.


----------------------------------

Plausible Deniability is when you found another "innocent" explanation of a 
thing. Today, in forensic, this is extremly hard, because everything is 
connected.

Ex. 
Your computer have freebsd with geom encryption... then... how you can say 
that is not your computer, this is a friend computer and you dont have the 
password...?

The probabilities are against you (This is hypothetic and not a real case):

a. Mail servers like mail.yahoo logs your user-agent, and then, the judge 
found  this unique navigator fingerprint of you: Mozilla 4.0 (Firefox ... 
FreeBSD ... )
Statistic FACT: less than 3% of your friend population uses FreeBSD

b. Your fingerprints are in every keyboard key... . Then, by a statistics study 
(really i dont know if this study is done or not, but is hypothetic), the 
computer is yours with a probability of 95% (This is hypothetic).

Q: The computer uses freebsd (this is a fact), and you are a freebsd user, 
then, what is the probability that you dont are the owner of the computer?

A: probability of there is a friend using the same OS (~0.03) mixed with the 
probability of this is not your computer with the fingerprint probe... (0.05), 
_assuming that are independent variables_.

Then, you have something like ~0.1% of probability that is not your computer. 
This is not a good thing for you =P, because the judge have a probability of 
99.9% that is your computer.

Another mechanisms to lie have issues with logic/probability/statistic study 
background... specially when you mix the system probability with the 
enviroment probability... 

Nobody tells you anything about enviroment probability when you buy a pgp 
whole drive encryption and you try to use it against law's... 

---------------------------
What if your OS is WinXP 32-bit with IE8? 
hypothetic population estimation in percentage: ~21%.

Then: ~0.21*0.05 = 0.01 (About ~99% that is your computer)


---
Will Y.


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

No time or budget for traveling to a training course in this fiscal year? Check out the online information security 
courses available at InfoSec Institute. More than a boring "talking head", train in our virtual labs for a total 
hands-on training experience. Get the certs you need: CEH, CPT, CEPT, CISA, CISSP, CISM

http://www.infosecinstitute.com/request_online_training.html
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault