1995-09-05 - Re: Emergency File Wipe Algorithim

Header Data

From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
To: shamrock@netcom.com (Lucky Green)
Message Hash: 931dc61b54a8f423897c68a6ca5c1cfc2b630cab6ed1c1347f5c90d40ea85720
Message ID: <9509052120.AA02633@ch1d157nwk>
Reply To: N/A
UTC Datetime: 1995-09-05 21:21:26 UTC
Raw Date: Tue, 5 Sep 95 14:21:26 PDT

Raw message

From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Tue, 5 Sep 95 14:21:26 PDT
To: shamrock@netcom.com (Lucky Green)
Subject: Re: Emergency File Wipe Algorithim
Message-ID: <9509052120.AA02633@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green writes:
>  Didn't I just read a day ago that Robert Morris (ex-NSA) cautioned
>  that one should never underestimate the time and effort an opponent
>  is willing to put into recovering your data?
>
>  May I also point out that the rules of economics do not apply to
>  the federal government, since it insits - quite successfully - on
>  having a monoploy on using lethal force to extract arbitraily large
>  amounts from hundreds of millions of working Americans?

As always, Rubber Hose Cryptanalysis(*tm, patent pending) is usually the  
cheapest way to go...if you're a federal government.

But not all threats are that serious.  For instance, I have no fears that the  
admins here would grovel over the oxides on RAM cells in order to determine  
the pass-phrase of my PGP key if they suspected me of doing something naughty  
(even if they knew this was possible, which is unlikely).

You can get really paranoid about security and rightly so if your opponent is  
a federal government.  However, pushing key-material bits around RAM in order  
to prevent them from being burned into the chips is probably going to do you  
little good if, for instance, a hardware keystroke monitor is surreptitiously  
installed in your keyboard (which is likely far cheaper and easier than  
analysing RAM chips and maybe even disk platters).

BTW, this is not a troll and I know that the possible constitutionality of  
court-ordered disclosure of passphrases or key-material has been hashed over  
many times in the past here, but have any cases with this particular  
attribute gone through court yet?  There were reports even years ago of  
pedophiles and other agents of the Four Horsemen using PGP to encrypt diaries  
and such, have any of these cases gone to court yet and did the prosecution  
attempt to force the defendant to reveal a passphrase??


andrew
(wonders how many readers will take their keyboards apart to look for radio  
transmitters)





Thread