[vox-tech] Which cipher to use?

Joel Baumert vox-tech@lists.lugod.org
Tue, 4 Jun 2002 10:03:33 -0700


> > > I'm able to memorize fairly long passwords of random garbage... My
> > > password for stuff I want secure (pgp private key, disks) is over 200
> > > bits of random garbage (counting 6.5 bits per char)
> >
> > Sounds great, although if someone throws your ass in jail till you
> > give up your key, you will have a difficult choice.  To easily destroy
> > the key in a unrecoverable way makes it harder to be held in contempt of
> > course since you can't get the key back even if you want to.
> 
> I thought the 5th amendment would prevent that. Am I just ignorant?

There are two problems with that argument.  First, it does not protect you
in a civil trial where you did not necessarily break the law, but you are
being sued (or harassed) for something non-criminal.

Second, I'm not sure, but I think that the password can be subpoenaed from 
you even in criminal matters because it probably is not directly criminal.  
I guess you could claim your 5th amendment rights by having a password 
like "I killed Nicole Simpson" and if you were OJ you might be protected.

Even then they could probably give you transactional immunity on the 
password or firewall the password from the prosecution and either make
you tell it or hold you in contempt.

Wasn't that part of the Mitnick trial??? You would have to ask a lawyer
about the second one.

When you want to keep something from being subpoenaed, I think your best
defense is to have a zero knowledge file system.  My understanding of
this is a little weak, but from what I remember each file password 
combination get equally distributed on the file system.  I think that
the prosecution has to ask for something specific, but again IANAL.

Joel