[Dshield] Fw: [ISN] Judge: Man can't be forced to divulge encryption passphrase
Brad Tilley
brad.tilley at vt.edu
Tue Dec 18 01:14:13 GMT 2007
There will be no back doors. OpenPGP is a IETF standard (rfc-2440 &
rfc-4880). There is also
a FSF/GNU implementation called Gnupg (http://gnupg.org/). The
corporate implementations may have backdoors, they may in fact have
them now, who knows? If you are concerned about this, use Gnupg.
Also, look at TrueCrypt's 'Plausible Deniability' option... it
addresses this very scenario. In many countries, the opposite is true
to this ruling... one can be held in contempt of court and jailed for
not disclosing encryption pass phrases (UK). With plausible
deniability, one can give the fake password to their encrypted 'tax
documents' while never disclosing the password to the secret, hidden
volume that contains the criminal material.
On Dec 17, 2007 6:15 PM, <aihomes at comcast.net> wrote:
> This case has some pretty far reaching implications.
>
> If a precedent like this survives higher appeals court scrutiny, does this spell doom for future forensic investigations of any kind because PGP or other encryption solution is implemented by the bad guys?
>
> Maybe I'm reading this wrong...
>
> Even more critical, will PGP take cues and start building a backdoor into later releases of their solution?
More information about the list
mailing list