|
 |
somebody wrote:
> Fair enough, didn't check that first. Although, OS alone does not of course
> ensure anything in principle. There's much OS out there which I doubt more
> than one person ever looked at the source. Depends on how many developers
It's a well known product. You might as well not trust gpg, pgp, or
anything else you don't code yourself.
> are actually working on it. Also, the backdoor may not be visible in the
> code. It's possible to develop a novel encryption scheme for which only you
> know the weakness. It may take a while for others to discover the problem.
They use, or at least offer, standard well known encryption schemes
(assuming you mean algorithms). Stick to those if you want to be safe.
>>> Also, if the investigators fill with true random bits the sections that
> you
>>> have encrypted, before turning it over, can you sue them for lost data?
>
>> But then, how do they know that they are overwriting encrypted data?
>
> They don't need to know. They can low level fill all unused sectors.
I'm not sure you get it.
I can create a file (call it outer) that is a container for my
encrypted stuff. Within it, I can create another hidden container.
The hidden container appears to be unused space only after you decrypt
the outer container.
If you don't decrypt outer, then the whole space outer appears as a
file - not as an unused sector. The idea is that if someone does not
know that the file outer is actually an encrypted container, then that
someone will not be able to figure it out. It looks just like any other
data file.
So unless they actually decrypt something first, the technique you
describe will only delete stuff that had already been deleted, so to
speak, and of little relevance to anyone.
--
DO NOT REMOVE THIS TAG (UNDER PENALTY OF LAW)
/\ /\ /\ /
/ \/ \ u e e n / \/ a w a z
>>>>>>mue### [at] nawaz org<<<<<<
anl
Post a reply to this message
|
|
