User: Password:
Subscribe / Log in / New account

Security quotes of the week

Security quotes of the week

Posted Jul 19, 2012 23:16 UTC (Thu) by nix (subscriber, #2304)
In reply to: Security quotes of the week by jake
Parent article: Security quotes of the week

No, but the law does not require 'foolproof'. That's why judges have discretion, and why laws that prevent judges from exercising that discretion are so bad.

(Honestly, the police aren't likely to realise that a bunch of random noise *is* encrypted unless it has a header from a major encryption program attached to it, and if you keep files of astronomical noise around you probably have a reason for it which you can tell the judge. Most people don't keep files of white noise lying around just for the hell of it. Now the law *is* evil: among other things, it presumes that people who keep encrypted stuff around are either hiding something from the police or don't mind the police rifling through their private stuff, which is an unjustified assumption. But it's not *quite* as bad as all that, and Falkvinge's complaint is making a mountain out of, not a molehill, but a worm cast.)

(Log in to post comments)

Security quotes of the week

Posted Jul 20, 2012 0:09 UTC (Fri) by jake (editor, #205) [Link]

> Honestly, the police aren't likely to realise that a bunch of random
> noise *is* encrypted unless it has a header from a major encryption
> program attached to it

hmm, you seem to have some faith in police and judges that I lack I guess ... since you can't *prove* in any sense of that term that any random data you have lying around isn't some kind of encrypted "bad stuff" (defined, of course, by said police and judges), it just gives them license to lock you up for not providing the "key" should they wish to ...

not at all saying this is some UK-specific problem, btw, I imagine these kinds of games could be played anywhere ...


Security quotes of the week

Posted Jul 20, 2012 13:06 UTC (Fri) by nix (subscriber, #2304) [Link]

Note that judges in the UK are not elected, so don't have to pander to the lowest common denominator, make every decision in the light of future election campaigns, and so forth. Faith in the judiciary in the UK is a *lot* higher than in the US, and is not declining. This may not always be justified, but the judiciary (the libel-tourist-friendly antics of Mr Justice Eady notwithstanding) is a lot more trustworthy, and trusted, than most other arms of UK public life right now.

suspicious-looking random files

Posted Jul 21, 2012 0:08 UTC (Sat) by giraffedata (subscriber, #1954) [Link]

This raises a question I haven't encountered before: for many purposes for which encryption is used, the very existence of the document might be what you're trying to keep private. So is there a common encryption format that doesn't make it obvious that the file is encrypted?

I guess that wouldn't be enough. A carefully preserved file of random data with no header at all would obviously be something encrypted. You'd probably have to go full steganography and make the file appear to be something else (like a telescope image).

suspicious-looking random files

Posted Jul 21, 2012 13:46 UTC (Sat) by nix (subscriber, #2304) [Link]

If you really wanted an evil approach to hiding confidential data, build up a Gentoo or other source-based system, then encrypt your data and conceal it in plausible-sounding ELF sections in chosen binaries (sections that could perfectly well be there otherwise, are often quite large, but have little impact if filled with arbitrary junk: .debug_types in a file that actually has its debugging information in DWARF 3, something like that). (If you want to be really evil, take a legitimate ELF section and perturb it, using alternate representations of DIEs and instruction choices and the like to steganographically encode your data.)

Note that the binaries still work because the addition of a non-loaded section won't affect them at all. Hash checking for modified binaries to find the hacked ones won't work because the distro is source-based and everyone has different hashes anyway. Looking at the binaries to find suspiciously random info won't work because binaries have lots of random info in them anyway (this would be doubly true if DWARF debugging sections were gzipped, but they're not, oh well). The only way anyone would find info stashed in a random-but-plausible ELF section like this is to know what e.g. a legitimate .debug_types section looks like, dump all of them and find the ones that don't look right -- and nobody's going to do that who doesn't already know what they'll find. And even that will be fooled by the steg-encoding approach.

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds