l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2002 Jun 05 09:29

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Which cipher to use?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Which cipher to use?

On Tue, Jun 04, 2002 at 04:12:28PM -0700, Ryan wrote:
> On Tuesday 04 June 2002 10:03 am, Joel Baumert wrote:
> > > > > I'm able to memorize fairly long passwords of random garbage... My
> > > > > password for stuff I want secure (pgp private key, disks) is over 200
> > > > > bits of random garbage (counting 6.5 bits per char)
> > > >
> > > > Sounds great, although if someone throws your ass in jail till you
> > > > give up your key, you will have a difficult choice.  To easily destroy
> > > > the key in a unrecoverable way makes it harder to be held in contempt
> > > > of course since you can't get the key back even if you want to.
> > >
> > > I thought the 5th amendment would prevent that. Am I just ignorant?
> >
> > There are two problems with that argument.  First, it does not protect you
> > in a civil trial where you did not necessarily break the law, but you are
> > being sued (or harassed) for something non-criminal.
> >
> > Second, I'm not sure, but I think that the password can be subpoenaed from
> > you even in criminal matters because it probably is not directly criminal.
> > I guess you could claim your 5th amendment rights by having a password
> > like "I killed Nicole Simpson" and if you were OJ you might be protected.
> >
> > Even then they could probably give you transactional immunity on the
> > password or firewall the password from the prosecution and either make
> > you tell it or hold you in contempt.
> >
> > Wasn't that part of the Mitnick trial??? You would have to ask a lawyer
> > about the second one.
> >
> > When you want to keep something from being subpoenaed, I think your best
> > defense is to have a zero knowledge file system.  My understanding of
> > this is a little weak, but from what I remember each file password
> > combination get equally distributed on the file system.  I think that
> > the prosecution has to ask for something specific, but again IANAL.
> It seems to me that asking for a password is about the same as asking where 
> somethings been hidden, or asking what's in a safe/wanting something from a 
> safe, except that the 'safe' provided by encryption isn't crackable in a 
> reasonable amount of time. If they just wanted some records (say, logs of 
> what that script kiddie that used my box as a proxy was doing) they don't 
> need my password, just the data.

You cannot ask for what is in the safe, but I think the prosecution
could have search warrant for specific items in a safe and a judge
could command you to produce the key/combo.  I don't think your fifth
amendment rights protect you in a civil trial unless you can argue
that you are in criminal jeopardy for something.

I am more worried about a civil trial than a criminal trial.  I think
it is more likely that I would develop software that would cause a 
company to sue me than do something on the computer that is criminal.
Dunno, maybe I'm naive.  As our Russian friend found out, the DMCA
does have criminal penalties.

vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!