1993-10-02 - Re: POISON PILL

Header Data

From: mgream@acacia.itd.uts.edu.au (Matthew Gream)
To: pierre@shell.portal.com (Pierre Uszynski)
Message Hash: 89b5f8ca4dd0f68e481ff18bfd1231c0f1a1c2a7bf67ce51889e2dfbbf4f1d6f
Message ID: <9310020332.AA21867@acacia.itd.uts.EDU.AU>
Reply To: <9310010831.AA03417@jobe.shell.portal.com.shell.portal.com>
UTC Datetime: 1993-10-02 03:33:54 UTC
Raw Date: Fri, 1 Oct 93 20:33:54 PDT

Raw message

From: mgream@acacia.itd.uts.edu.au (Matthew Gream)
Date: Fri, 1 Oct 93 20:33:54 PDT
To: pierre@shell.portal.com (Pierre Uszynski)
Subject: Re: POISON PILL
In-Reply-To: <9310010831.AA03417@jobe.shell.portal.com.shell.portal.com>
Message-ID: <9310020332.AA21867@acacia.itd.uts.EDU.AU>
MIME-Version: 1.0
Content-Type: text/plain

In reply to (Pierre Uszynski):

| But let's add something else:
| It may be possible (easy?) to hide a partition on the disk: buy two hard
| The (even not so) casual inspection of the stolen or confiscated system
| reveals only stuff that is not worth spending time on. Only a very
| detailed inspection, or a leak, reveals the encrypted stuff, still
| encrypted... Very frustrating.

I think this approach is the safest of all mentioned. An earlier poster
commented on the fact that attempting to play 'smart-ass' to your investigators
is only going to result in more problems for you. Its a non-ideal world,
and they definitely have the ability to cause you substantial problems.

Essentially, you need an encryption system that is non-obvious and looks
like totally unrelated data. Of course, it would be pointless to have your
system looking _totally_ clean, because the fact they have seized it
implies they know/suspect something is on there (essentially, the magnitude
of what is on there is what they don't know, and in some cases they are
entirely off track and find nothing).

Encrypting your hard-drive entirely is only going to make them press you
for its key, and become aggrivated at your non co-operation. I am no expert
on investigation techniques, but having been involved in all 3 aspects (
investigator, investigatee and 3rd party viewer), I feel it is essential to
show them everything that they think is there, and convince them (as they
will not be as competent in cryptographic analysis as yourself [at least
you hope]) that there is nothing hidden. 

This topic has been dealt with before on sci.crypt. An example I can think
of at the moment is something like say you have some software which does
known plaintext attacks using sets of word dictionaries. These word 
dictionaries could infact be encrypted information using some appropriate
algorithm that maps words from /usr/dict/words into a new sequence. Of
course the only problem with this approach is that your input information
rate div output data rate is going to be quite small.

Something else you can do is use a cipher which takes two input streams
and merges them into the one file, with one key extracting the 'harmless'
information and another extracting the 'harmfull' information. 

Matthew Gream, M.Gream@uts.edu.au. "... encryption is the ultimate means of
Consent Technologies, 02-821-2043.  protection against an Orwellian state."