6 posts • joined 23 Sep 2011
We need Plausible Deniability (i.e. What No TrueCrypt?)
Mostly good points but you should/can also throw TrueCrypt into the mix.
Apart allowing creation of a standard password based encrypted volume, one unique feature in TrueCrypt is the support for "Plausible Deniability". This is an encrypted volume with two passwords. One password provides access to the standard outer volume, and the other will decrypt a hidden volume inside the outer volume. Thus the user, if demanded his password under RIPA to decrypt the data, he simply gives up his outer volume password. By examining the encrypted data alone, even after decryption with the outer volume password, there should be no way for anyone to prove a hidden volume exists - hence he can plausibly deny existence of anything the authorities might be after.
This is not to say it's completely foolproof as it could still be compromised under certain circumstances.
Regardless of copyright / trademark laws etc...
I wholeheartedly agree with the last paragraph
"By choosing to go the DMCA route, rather than just picking up a telephone and asking DigitalRev nicely, the company may have shot itself in the foot..."
And I hope most readers do too... otherwise cilvilisation is doomed and terminator lawyers will rule the world.
Agree with Diffie
Surely the persistence of malware, if anything, should mean encryption is ever MORE important?
As ever, the problem with encryption is key management. But technologies to solve this problem (at least partially) are already widely available in the form of TPM, smart cards and ARM TrustZone. They're just not well integrated into OS platforms.
For TPM naysayers, yes it *could* be abused by industry to restrict access, creativity and openness, but that doesn't mean the technology itself is "evil", anymore than knives are just because they could be used for murder. Ultimately, if used sensibly, hardware protection is an excellent way of mitigating against software attacks.
DES was originally designed by IBM (as Lucifer) though admittedly weakened by the NSA (from 64 bit to 56 bit), but not in secret. After decades of scrutiny no backdoor has yet been found.
The AES specification is a result of a world-wide public contest. The winning entry, Rijndael, is specified by Joan Daemen and Vincent Rijmen, two Belgian researchers. The AES finalists include entries from all over the wrold. It was organised by NIST, an agency of the U.S. Department of Commerce (and not NSA).
Re: I don't know...
Hey Otto, good news - that's exactly what we have developed at Hoverkey and we're very glad that people are starting to realise the what a great idea it is to authenticate on a mobile device via NFC! And it's all done with proper crypto & stuff. Now if we can just get Google's attention...
Just a glitch in the Matrix
All will be fixed in the next release.