doesn't mean worse. Basically this is saying that while SEDs are not vulnerable to a “cold boot attack” like software encryption, it is vulnerable to equivalent attacks.
The answer to all these attacks is to always completely shut down, never sleep, your laptop.
Does the manufacturer have the keys? That seems to be the case,... and in ALL cases is in theory known to the drive manufacturer.
Have you got any evidence of this? It would be a major news if *every* HDD manufacturer was back-dooring their drives in this way. Although it certainly sometimes happens.
The context of the original post was discussing recovering plaintext when a bit of the ciphertext was corrupted - assuming you have the key and no backups.
Um, no - you responded to my post. I responded to a post by bdubSOv1iKIJ403M. No mention of plaintext there.
It's hard to see how else to interpret your post:
To be fair - that's the downside of encryption (without regular backups). A single bit of difference means no information recovery.
Or did you mean a single bit of ciphertext changed would somehow corrupt the rest of the ciphertext?
I've no wish to get involved in a discussion on other aspects of encryption, just wanted to simply correct a false statement, and get something off my chest about the design of LUKS.
The context of the original post was discussing recovering plaintext when a bit of the ciphertext was corrupted - assuming you have the key and no backups.
In this case 'plain' dm-crypt results in typically 128-256 bits of plaintext not being recovered. This guy has done some experiments and says in practice it's similar between corrupted encrypted and unencrypted data.
With LUKS, if the corruption is in the data, then the result should be the same as for dm-crypt.
But with LUKS, if the corruption is in the header, then there is a possibility *all* the data will be lost (again, we are talking of with the key, but no backups). LUKS is actually designed to maximise this possibility.
The logic is that an attacker is more likely to have a corrupted file. With a password based encryption sheme, the best proxy you have to an 'authorised' person is one who knows the password - in fact that's the only proxy you have.
So making it more difficult for people with the password to read the data, without making it more difficult for people without it to read the data, is a misfeature IMO.
An attacker maliciously changing the ciphertext to change the plaintext in a predictable way is another issue, but LUKS and dm-crypt are equally bad in this respect as neither support authenticated encryption modes.
No, this isn't true. Depending on the encryption mode, a corrupted bit should mean one or two blocks being lost (typically 256 bits).
LUKS OTOH has a feature called "anti-forensic stripes" that is deliberately designed to *maximise* the data loss if bits are corrupted on disc. One of the worst/best examples of a mis-feature ever.
This is the politician's syllogism at work: "Something must be done. This is something. Therefore this must be done".
The horror of the Hebdo attacks is that they are attacks on the freedom of speech. Allowing the gov't to spy on all our internet traffic is a far greater attack, because anonymity is the best defence of free speech. It's like someone responding to seeing you have a nosebleed by cutting off your head with a chainsaw "to make sure it doesn't happen again" .
TOR, of course, was created by the US gov't to protect users against dictatorships and now is mostly used to protect against the US gov't.
See also the webertarian manifesto:
The webertarian project aims to create software that makes tyranny mathematically infeasible.
Where exactly does the law state that? There's no "then and only then"
It was the law I quoted immediately above it. I even bolded the relevant part.
For the purposes of this section a person shall be taken to have shown that he was not in possession of a key [ie he forgot it] to protected information at a particular time if—
(a)sufficient evidence of that fact is adduced to raise an issue with respect to it; *AND*
(b)the contrary is not proved beyond a reasonable doubt.
(my emphasis)
Note the word 'AND'.
Hopefully most people understand that X = a AND b means you need to test b if and only if a is true.
even the CPS themselves highlight that your earlier interpretation
This is a press release from the CPS - not an argument made in court. We don't know what was said in court. We do know, for certain, what the law says and it's quite clear. The prosecution do NOT need to prove 'beyond reasonable doubt' that someone remembers their password, as you claimed they do, except in exceptional circumstances.
someone stupid enough to incriminate himself
The information we have is that he behaved consistently with someone who was being as helpful as possible to the police, but had forgotten his password.
Note that there is little special status in England for 'self-incriminating' evidence, unlike America. If you refuse to answer the police questions on the grounds that they are 'self-incriminating' the prosecution can and will use this in court.
, he admitted he had set the password,
So are you saying he should have lied to the police? Will any encryption software will let you encrypt data/without/ setting a password?
To recap, you said:
Similarly there's a lot of FUD about RIPA's password clause by people who haven't read the law which explicitly states that police have to prove beyond reasonable doubt that someone has a key before they can be prosecuted for not handing it over
(my emphasis)
I quoted the exact law, which 'explicitly states' the precise opposite of what you claimed - implying that you yourself 'haven't read the law'.
You also said, about people being imprisoned for apparently forgetting their password:
it's never happened
I gave a example of precisely that happening.
This is a far cry from simply saying... "I forgot it". As I said, no such case to date has ever happened -
from the press release:
the defendant [said he] could not recall it... As the defendant claimed to have forgotten a password...
So this is exactly what happened.
Some people, if they were caught out so badly wrong about so many things they were so dogmatic about, might think "when you're in a hole - stop digging".
But I'm glad you don't because it gives me an opportunity to repeat this point about which there certainly is 'a lot of FUD':
Basically, based on the few contested cases that have come up so far, if the police demand a password to some file you encrypted, only 2 things can happen:
a) you give them the password
or
b) you go to prison.
Except in special circumstances, saying 'I forgot my password' is NOT a valid defence.
The claim that the prosecution always have to prove 'beyond reasonable doubt' that you remember it is clearly false. It's up to the victim to show 'sufficient evidence' they have forgotten it, something that has never happened, and may be impossible in practice.
The following are also not defences:
'I didn't set a password' (an obvious lie)
'My answers would be self-incriminating' (this isn't America)
Similarly there's a lot of FUD about RIPA's password clause by people who haven't read the law which explicitly states that police have to prove beyond reasonable doubt that someone has a key before they can be prosecuted for not handing it over
Except it doesn't.
The actual quote from the law is:
For the purposes of this section a person shall be taken to have shown that he was not in possession of a key to protected information at a particular time if—
(a)sufficient evidence of that fact is adduced to raise an issue with respect to it; and
(b)the contrary is not proved beyond a reasonable doubt.
IOW the defence has to show "sufficient evidence... to raise an issue", and then and only then does the prosecution have to prove 'beyond a reasonable doubt'.
So this is a completely new standard of proof introduced into the British criminal system after 1000 years of using only the 'proof beyond a reasonable doubt' test.
How do you show 'sufficient evidence' that you have forgotten a password? Nobody knows.
AFAIK (and IANAL) no judge has yet accepted the defence has shown 'sufficient evidence'. How do you show a negative - that you don't know something? Maybe judges think (correctly) that it's impossible to 'raise an issue', so the prosecution never has to prove anything apart from that you didn't hand over a password.
This is what's known as the 'reverse burden of proof' introduced in RIPA. You don't have to prove 'beyond a reasonable doubt' you forgot the password, but you do have to show 'sufficient evidence', or - if you don't hand over a password - you're automatically guilty.
What's more the Home Office code of practice says that even if you have 'sufficient evidence' - it might not even be allowed in court 'if the person fails to raise some doubt as to whether he still had the key when the notice was given'.
it's never happened, everyone prosecuted to date has been like the plonker in yesterday's news story who incriminated themselves for the simple reason they were actually dickheads.
Perhaps you're assuming no judge would be that corrupt,so here's a case of someone who quite plausibly forgot his password being imprisoned:
A TEEN who refused to give police officers an encryption password for his computer has been jailed for four months.
Evidence showed that the defendant admitted in police interviews that he had set an encrypted password of between 40 and 50 characters containing both letters and numbers using an encryption software programme and that he had had originally relied on his memory to recall it but could not recall it when he was served with the notice.
The jury heard both the prosecution and defence case and accepted the prosecution case that the defendant must have kept a record of this very complex password, rather than relying on memory, and that he had deliberately failed to disclose it to the police. They returned a guilty verdict after 15 minutes deliberation.
Incidentally, if you do get ordered to hand over a password - even to sometimes else's data you happen to have - you're not allowed to tell anyone, presumably not even to ask for the password.
'Extremism' is an evil concept. An 'extremist' implies someone on the edges of the bell curve of belief - but guess what - most people think of themselves as being in the middle of that curve, no matter what their own beliefs. So in practice 'extremist' means 'extremely different from me'.
The purpose of law enforcement should be to stop acts of violence, terrorism, subversion, whatever - but never to stop mere difference. In a violent society, peace is extremist. In a dictatorship, freedom is extremist. In a racially segregated society, equality is extremist.
It's no wonder authorities love the word 'extremism', it's a slur for any kind of dissent.
Remember, the direct opposite of 'extremism' is 'conformism'.
See, a rational person would have looked at what's going and concluded that the NSA's position is "of course you're more likely to be an extremist" rather than "of course you must be an extremist".
This is a comment in the actual code used by the NSA:
/* These variables define terms and websites relating to the TAILs (The Amnesic Incognito Live System) software program, a comsec mechanism advocated by extremists on extremist forums. */
The source also says the NSA refers to "the Linux Journal - the Original Magazine of the Linux Community", and calls it an "extremist forum".
So yes, the NSA, in their own words, do indeed believe if you use TAILS, or read The Linux Journal, you are an extremist.
I'm the developer of squte.com, I'm glad you like the simple look of it - I tried to model it after Slashdot at its prime. If there's anything else that you like, or that needs improving, let me know.
I also use soylentnews and pipedot. The owner of pipedot (bryan) also responds to suggestions.
You can use luks with loopback files (e.g. http://paolobertasi.wordpress....) (1). FreeOTFE on Windows can open LUKS volumes (2). So only (5) is missing.
This is an unusual event because its part of a series of 4 lunar eclipses in a row (in subsequent 6 full moon cycles), a tetrad which occurs once per 33 years on average.
The term 'blood moon' is sometimes used for a lunar eclipse, but it's been popularised for this tetrad by John Hagee to promote his book and claim that it means the end of the world.
someone capable of swinging a sword and lopping the heads off marauders intent on dragging off the young women and torching the village.
I doubt a post-apocalyptic world will be much like the mediaeval times portrayed in Game of Thrones. In fact the medieval world wasn’t much like that.
Swords were very expensive and used only by the nobility. The peasants use staffs or slings - i.e. sticks and stones, or long bows at certain periods.
As others have pointed out, there can be expected to be plenty of rusting machinery available, so the economy & warfare would be different. It's a lot cheaper to get iron by melting a car engine block - no matter how rusted - than smelting it from iron ore.
So maybe weapons would be different, too. Perhaps with more metal available everybody would have a metal bow, or perhaps with fewer forests and less firewood, metal would be more expensive and nobody would have swords.
Slashdot Mirror
"divided by half" - a bastard of "divided by two" and "multiplied by half", which actually means the exact opposite: multiplied by two.
"a half less" - a chimera of "half as much" and "half of", which again means the opposite.
"0.01 cents" - a mongrel of "one cent" or "$0.01", instead giving a price 100 times cheaper.
So let's save our outrage for the next time someone tells us it's good news the number of deaths has "divided by half", or crimes are "a half less".
Hardly Any Better
doesn't mean worse. Basically this is saying that while SEDs are not vulnerable to a “cold boot attack” like software encryption, it is vulnerable to equivalent attacks.
The answer to all these attacks is to always completely shut down, never sleep, your laptop.
You're thinking of 'WinZip' style encryption, there are apps nowadays that do 'virtual drive' encryption and encrypt/decrypt on the fly, like a SED.
Does the manufacturer have the keys? That seems to be the case, ... and in ALL cases is in theory known to the drive manufacturer.
Have you got any evidence of this? It would be a major news if *every* HDD manufacturer was back-dooring their drives in this way. Although it certainly sometimes happens.
How is their random number generator?
Hardware RNGs are preferred to software CSPRNGs
but really its a bunch of illiterate idiots.
it's
True, but you should be aware that by a surprising coincidence a very similar bug has been found in LibreCrypt at the same time as this TrueCrypt bug.
The context of the original post was discussing recovering plaintext when a bit of the ciphertext was corrupted - assuming you have the key and no backups.
Um, no - you responded to my post. I responded to a post by bdubSOv1iKIJ403M. No mention of plaintext there.
It's hard to see how else to interpret your post:
To be fair - that's the downside of encryption (without regular backups). A single bit of difference means no information recovery.
Or did you mean a single bit of ciphertext changed would somehow corrupt the rest of the ciphertext?
I've no wish to get involved in a discussion on other aspects of encryption, just wanted to simply correct a false statement, and get something off my chest about the design of LUKS.
The context of the original post was discussing recovering plaintext when a bit of the ciphertext was corrupted - assuming you have the key and no backups.
In this case 'plain' dm-crypt results in typically 128-256 bits of plaintext not being recovered. This guy has done some experiments and says in practice it's similar between corrupted encrypted and unencrypted data.
With LUKS, if the corruption is in the data, then the result should be the same as for dm-crypt.
But with LUKS, if the corruption is in the header, then there is a possibility *all* the data will be lost (again, we are talking of with the key, but no backups). LUKS is actually designed to maximise this possibility.
The logic is that an attacker is more likely to have a corrupted file. With a password based encryption sheme, the best proxy you have to an 'authorised' person is one who knows the password - in fact that's the only proxy you have.
So making it more difficult for people with the password to read the data, without making it more difficult for people without it to read the data, is a misfeature IMO.
An attacker maliciously changing the ciphertext to change the plaintext in a predictable way is another issue, but LUKS and dm-crypt are equally bad in this respect as neither support authenticated encryption modes.
No, this isn't true. Depending on the encryption mode, a corrupted bit should mean one or two blocks being lost (typically 256 bits). LUKS OTOH has a feature called "anti-forensic stripes" that is deliberately designed to *maximise* the data loss if bits are corrupted on disc. One of the worst/best examples of a mis-feature ever.
This is the politician's syllogism at work: "Something must be done. This is something. Therefore this must be done".
The horror of the Hebdo attacks is that they are attacks on the freedom of speech. Allowing the gov't to spy on all our internet traffic is a far greater attack, because anonymity is the best defence of free speech. It's like someone responding to seeing you have a nosebleed by cutting off your head with a chainsaw "to make sure it doesn't happen again" .
It's called Deniable encryption and it's difficult to do correctly
Thanks for posting this. I am the maintainer of DoxBox. If you have any questions or want to flame me about the name, go ahead.
There are no pedophiles in Britain. Paedophiles on the other hand ....
Where exactly does the law state that? There's no "then and only then"
It was the law I quoted immediately above it. I even bolded the relevant part.
(my emphasis) Note the word 'AND'.
Hopefully most people understand that X = a AND b means you need to test b if and only if a is true.
even the CPS themselves highlight that your earlier interpretation
This is a press release from the CPS - not an argument made in court. We don't know what was said in court. We do know, for certain, what the law says and it's quite clear. The prosecution do NOT need to prove 'beyond reasonable doubt' that someone remembers their password, as you claimed they do, except in exceptional circumstances.
someone stupid enough to incriminate himself
The information we have is that he behaved consistently with someone who was being as helpful as possible to the police, but had forgotten his password.
Note that there is little special status in England for 'self-incriminating' evidence, unlike America. If you refuse to answer the police questions on the grounds that they are 'self-incriminating' the prosecution can and will use this in court.
, he admitted he had set the password,
So are you saying he should have lied to the police? Will any encryption software will let you encrypt data /without/ setting a password?
:
To recap, you said
Similarly there's a lot of FUD about RIPA's password clause by people who haven't read the law which explicitly states that police have to prove beyond reasonable doubt that someone has a key before they can be prosecuted for not handing it over
(my emphasis) I quoted the exact law, which 'explicitly states' the precise opposite of what you claimed - implying that you yourself 'haven't read the law'.
You also said, about people being imprisoned for apparently forgetting their password:
it's never happened
I gave a example of precisely that happening.
This is a far cry from simply saying ... "I forgot it". As I said, no such case to date has ever happened -
from the press release:
So this is exactly what happened.
Some people, if they were caught out so badly wrong about so many things they were so dogmatic about, might think "when you're in a hole - stop digging".
But I'm glad you don't because it gives me an opportunity to repeat this point about which there certainly is 'a lot of FUD':
Basically, based on the few contested cases that have come up so far, if the police demand a password to some file you encrypted, only 2 things can happen:
a) you give them the password
or
b) you go to prison.
Except in special circumstances, saying 'I forgot my password' is NOT a valid defence.
The claim that the prosecution always have to prove 'beyond reasonable doubt' that you remember it is clearly false. It's up to the victim to show 'sufficient evidence' they have forgotten it, something that has never happened, and may be impossible in practice.
The following are also not defences:
This
Similarly there's a lot of FUD about RIPA's password clause by people who haven't read the law which explicitly states that police have to prove beyond reasonable doubt that someone has a key before they can be prosecuted for not handing it over
Except it doesn't.
The actual quote from the law is:
IOW the defence has to show "sufficient evidence ... to raise an issue", and then and only then does the prosecution have to prove 'beyond a reasonable doubt'.
So this is a completely new standard of proof introduced into the British criminal system after 1000 years of using only the 'proof beyond a reasonable doubt' test.
How do you show 'sufficient evidence' that you have forgotten a password? Nobody knows.
AFAIK (and IANAL) no judge has yet accepted the defence has shown 'sufficient evidence'. How do you show a negative - that you don't know something? Maybe judges think (correctly) that it's impossible to 'raise an issue', so the prosecution never has to prove anything apart from that you didn't hand over a password.
This is what's known as the 'reverse burden of proof' introduced in RIPA. You don't have to prove 'beyond a reasonable doubt' you forgot the password, but you do have to show 'sufficient evidence', or - if you don't hand over a password - you're automatically guilty.
What's more the Home Office code of practice says that even if you have 'sufficient evidence' - it might not even be allowed in court 'if the person fails to raise some doubt as to whether he still had the key when the notice was given'.
it's never happened, everyone prosecuted to date has been like the plonker in yesterday's news story who incriminated themselves for the simple reason they were actually dickheads.
Perhaps you're assuming no judge would be that corrupt,so here's a case of someone who quite plausibly forgot his password being imprisoned:
Incidentally, if you do get ordered to hand over a password - even to sometimes else's data you happen to have - you're not allowed to tell anyone, presumably not even to ask for the password.
'Extremism' is an evil concept. An 'extremist' implies someone on the edges of the bell curve of belief - but guess what - most people think of themselves as being in the middle of that curve, no matter what their own beliefs. So in practice 'extremist' means 'extremely different from me'.
The purpose of law enforcement should be to stop acts of violence, terrorism, subversion, whatever - but never to stop mere difference. In a violent society, peace is extremist. In a dictatorship, freedom is extremist. In a racially segregated society, equality is extremist.
It's no wonder authorities love the word 'extremism', it's a slur for any kind of dissent.
Remember, the direct opposite of 'extremism' is 'conformism'.
See, a rational person would have looked at what's going and concluded that the NSA's position is "of course you're more likely to be an extremist" rather than "of course you must be an extremist".
This is a comment in the actual code used by the NSA:
The source also says the NSA refers to "the Linux Journal - the Original Magazine of the Linux Community", and calls it an "extremist forum".
So yes, the NSA, in their own words, do indeed believe if you use TAILS, or read The Linux Journal, you are an extremist.
Someone please mod parent up.
I'm the developer of squte.com, I'm glad you like the simple look of it - I tried to model it after Slashdot at its prime. If there's anything else that you like, or that needs improving, let me know. I also use soylentnews and pipedot. The owner of pipedot (bryan) also responds to suggestions.
The only other open-source option for windows is FreeOTFE, which is also no longer developed. It works on Windows 7 with a hack
You can use luks with loopback files (e.g. http://paolobertasi.wordpress....) (1). FreeOTFE on Windows can open LUKS volumes (2). So only (5) is missing.
This is an unusual event because its part of a series of 4 lunar eclipses in a row (in subsequent 6 full moon cycles), a tetrad which occurs once per 33 years on average. The term 'blood moon' is sometimes used for a lunar eclipse, but it's been popularised for this tetrad by John Hagee to promote his book and claim that it means the end of the world.
we should kick them off Terra
someone capable of swinging a sword and lopping the heads off marauders intent on dragging off the young women and torching the village.
I doubt a post-apocalyptic world will be much like the mediaeval times portrayed in Game of Thrones. In fact the medieval world wasn’t much like that.
Swords were very expensive and used only by the nobility. The peasants use staffs or slings - i.e. sticks and stones, or long bows at certain periods.
As others have pointed out, there can be expected to be plenty of rusting machinery available, so the economy & warfare would be different. It's a lot cheaper to get iron by melting a car engine block - no matter how rusted - than smelting it from iron ore.
So maybe weapons would be different, too. Perhaps with more metal available everybody would have a metal bow, or perhaps with fewer forests and less firewood, metal would be more expensive and nobody would have swords.