[vox-tech] Which cipher to use?

Ryan vox-tech@lists.lugod.org
Tue, 4 Jun 2002 16:12:28 -0700 

On Tuesday 04 June 2002 10:03 am, Joel Baumert wrote:
> > > > I'm able to memorize fairly long passwords of random garbage... M=
y
> > > > password for stuff I want secure (pgp private key, disks) is over=
 200
> > > > bits of random garbage (counting 6.5 bits per char)
> > >
> > > Sounds great, although if someone throws your ass in jail till you
> > > give up your key, you will have a difficult choice.  To easily dest=
roy
> > > the key in a unrecoverable way makes it harder to be held in contem=
pt
> > > of course since you can't get the key back even if you want to.
> >
> > I thought the 5th amendment would prevent that. Am I just ignorant?
>
> There are two problems with that argument.  First, it does not protect =
you
> in a civil trial where you did not necessarily break the law, but you a=
re
> being sued (or harassed) for something non-criminal.
>
> Second, I'm not sure, but I think that the password can be subpoenaed f=
rom
> you even in criminal matters because it probably is not directly crimin=
al.
> I guess you could claim your 5th amendment rights by having a password
> like "I killed Nicole Simpson" and if you were OJ you might be protecte=
d.
>
> Even then they could probably give you transactional immunity on the
> password or firewall the password from the prosecution and either make
> you tell it or hold you in contempt.
>
> Wasn't that part of the Mitnick trial??? You would have to ask a lawyer
> about the second one.
>
> When you want to keep something from being subpoenaed, I think your bes=
t
> defense is to have a zero knowledge file system.  My understanding of
> this is a little weak, but from what I remember each file password
> combination get equally distributed on the file system.  I think that
> the prosecution has to ask for something specific, but again IANAL.

It seems to me that asking for a password is about the same as asking whe=
re=20
somethings been hidden, or asking what's in a safe/wanting something from=
 a=20
safe, except that the 'safe' provided by encryption isn't crackable in a=20
reasonable amount of time. If they just wanted some records (say, logs of=
=20
what that script kiddie that used my box as a proxy was doing) they don't=
=20
need my password, just the data.