Slashdot Mirror

← Back to Stories (view on slashdot.org)

First Use of RIPA to Demand Encryption Keys

Posted by samzenpus on from the tell-us-everything dept.

kylehase writes "The Regulation of Investigatory Powers Act (RIPA) is being used for the first time to force an animal activist to reveal encryption keys for encrypted files she claims to have no knowledge of. According to the article, she could face up to two years if she doesn't comply."

6 of 645 comments (clear)

  1. Re:solution by PhrostyMcByte · · Score: 5, Informative

    any forensic team with an ounce of competence will copy the original HDD and work off the copy, so that just won't work.

  2. Re:solution by mlts · · Score: 5, Informative

    Having a known self destruct switch may cause a person to end up even worse trouble. This is a discussion that occurs periodically on a number of cryptography forums.

    Almost all police departments will image the drive, then present the person with the image to decrypt. If the image gets stung by a self destruct Trojan, then the police will know that its not a forgotten password, and then proceed to use rubber hose decryption to obtain the contents of the drive.

  3. Re:Better solution by LurkerXXX · · Score: 5, Informative

    Filesize arithmetic?

    You never used Truecrypt eh? It's not a zip file. It acts as a virtual hard drive partition that can be mounted as a drive.

    When you create the volume it generates random bits throughout the virtual partition. You can copy whatever files you want onto the virtual partition, the rest of it is random noise. You may or may not choose to have additional hidden encrypted partitions within that noise. Adding up the size of know files tells you nothing about what may or may not lurk in the rest of the space on the virtual partition.

  4. TrueCrypt is the best for Windows and Linux. by Futurepower(R) · · Score: 5, Informative

    TrueCrypt allows hidden volumes, indistinguishable from one volume. The file size is constant.

    TrueCrypt works very, very well. I use it with just one volume to protect passwords and other files.

    When you don't want to encrypt a volume, but just a file, Gnu Privacy Guard is best.

    1. Re:TrueCrypt is the best for Windows and Linux. by StarkRG · · Score: 5, Informative

      The only problem is explaining that if (ok, when) they lose the password, you won't be able to crack it. Ever. Not really. It's quite easy: "That's the whole point!"

      And besides, not entirely true:

      Q: We use TrueCrypt in a corporate environment. Is there a way for an administrator to reset a password when a user forgets it?

      A: There is no "back door" implemented in TrueCrypt. However, there is a way to "reset" a TrueCrypt volume password/keyfile. After you create a volume, backup its header (select Tools -> Backup Volume Header) before you allow a non-admin user to use the volume. Note that the volume header (which is encrypted with a header key derived from a password/keyfile) contains the master key with which the volume is encrypted. Then ask the user to choose a password, and set it for him/her (Volumes -> Change Volume Password); or generate a user keyfile for him/her. Then you can allow the user to use the volume and to change the password/keyfiles without your assistance/permission. In case he/she forgets his/her password or loses his/her keyfile, you can "reset" the volume password/keyfiles to your original admin password/keyfiles by restoring the volume header (Tools -> Restore Volume Header). I actually had someone ask me for something like this at work. Now I have something to tell them. (And something to suggest to our security department, we're currently using various encryptions for the various OSs we support, ugly).
  5. Re:Go To Prison Act by Cederic · · Score: 5, Informative


    Several animal rights groups in the UK are officially designated terrorist organisations, because frankly they engage in acts of terror.