Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Backdoor in Microsoft BitLocker?

21 views
Skip to first unread message

Peter Smith

unread,
Mar 25, 2013, 6:28:02 PM3/25/13
to
Yesterday I went through Customs in Vancouver BC. They searched my
belongings, particularly my computer for "images or movies" of the
illegal variety. I don't do that stuff.

What worried me was what the customs agent said about the possible
consequences if I didn't login to my BitLocker-protected computer
using my password. He said my computer would be seized, kept by
Customs for three or four months, and the BitLocker protection would
be broken by their techies. He specifically said that the Government
has the ability to break BitLocker encryption, and that as an agency
of the Government, Customs also can break the encryption. He suggested
there is a backdoor for BitLocker.

I didn't want to lose access to my PC for three or four months, so I
allowed the agent access. My question is really; was the agent
bluffing, or is there really a method for the authorities to access
BitLocker encrypted data without the owner's consent?

Previously I was told;

Date: Wed, 10 Oct 2012 16:43:16 -0400

For whole disk encryption, I'd go with TrueCrypt, open source is the
way
to go for this sort of application.

http://www.truecrypt.org/

I'm tempted to switch from BitLocker to TrueCrypt, as a solution which
would be free of backdoors.

FromTheRafters

unread,
Mar 25, 2013, 6:40:45 PM3/25/13
to
Peter Smith formulated on Monday :
Is this a TPM chipped computer?


Message has been deleted

Peter Smith

unread,
Mar 25, 2013, 6:44:58 PM3/25/13
to
Yes.

Jenn

unread,
Mar 25, 2013, 7:13:06 PM3/25/13
to
I've never heard of customs seizing computers and searching them before.
Do they do that to everyone's computer? Seems it would slow everyone
down if they did that to everyone's computer.

--
Jenn
Message has been deleted

unruh

unread,
Mar 25, 2013, 8:00:51 PM3/25/13
to
On 2013-03-25, Peter Smith <londi...@gmail.com> wrote:
> Yesterday I went through Customs in Vancouver BC. They searched my
> belongings, particularly my computer for "images or movies" of the
> illegal variety. I don't do that stuff.

Since you go through customs in Vancouver either coming into Canada
(Canadian Customes) or leaving Canada for the USA (US Customs), which was it?
[For those of you not from N America it has been the policy that US
border clearance and customs for people travelling from Canada to the
USA is done in the Canadian airport by US border services personel. This
is to allow Canadians to fly to anywhere in the US without worrying
whether or not there is a customs/border post in the receiving US
airport.)

FromTheRafters

unread,
Mar 25, 2013, 8:38:57 PM3/25/13
to
After serious thinking Peter Smith wrote :
If it was implemented with a recovery option, it can be done.


Anonymous Remailer (austria)

unread,
Mar 26, 2013, 10:48:58 AM3/26/13
to

"Peter Smith" <londi...@gmail.com> wrote in message
news:d86ded01-b76f-45af...@7g2000yqy.googlegroups.com...
It's probably because BitLocker has a recovery option (which you can
turn off). However, I would never trust any proprietary hardware or
software encryption since the Feds will lean on companies
making this stuff to build in backdoors. Only plain hardware-based AES
is safe since it can easily be checked using test vectors.

In general you shouldn't store sensitive materials on your laptop. Use a
secure cloud file service such as Wuala instead.

http://www.wuala.com/

Please spread the word.

Peter Fairbrother

unread,
Mar 26, 2013, 11:54:42 AM3/26/13
to Jenn
On 25/03/13 23:13, Jenn wrote:

> I've never heard of customs seizing computers and searching them before.
> Do they do that to everyone's computer? Seems it would slow everyone
> down if they did that to everyone's computer.
>

US border patrol have been doing it for a while. However, it may slow
down a bit. This is from earlier this month:

http://www.washingtontimes.com/news/2013/mar/8/court-limits-feds-ability-search-laptops-border/?page=all

"The Border Patrol cannot confiscate or download every laptop or
electronic device brought into the U.S., a federal appeals court said,
ruling that people have an expectation their data are private and that
the government must have “reasonable suspicion” before it starts to snoop.

In a broad ruling Friday, the court also said merely putting password
protection on information is not enough to trigger the government’s
“reasonable suspicion” to conduct a more intrusive search — but can be
taken into account along with other factors."



There was also a US case last year where a demand for keys was held to
violate the fifth amendment:

http://arstechnica.com/tech-policy/2012/02/appeals-court-fifth-amendment-protections-can-apply-to-encrypted-hard-drives/

"On the other hand, if the government merely suspects that an encrypted
hard drive contains some incriminating documents, but lacks independent
evidence for the existence of specific documents, then the owner of the
hard drive is entitled to invoke the Fifth Amendment."



On the technical level. I'd suggest Truecrypt would work. However
Truecrypt might be enough to trigger a search where a simple file or
whole-disk encryption program might not (Truecrypt provides more than
the "password protection" mentioned in the Border Patrol case above), so
a simple encryption program may be better, depending on circumstances.

It also depends where you are - the above applies in the US, but in the
UK for instance, the Police/Customs can demand keys (almost) at a whim.

I do not know very much about Bitlocker, but from what I hear it's
probably best avoided.

Personally I would never put an encrypted file in a cloud. You can't
securely delete it, and you do not know who accesses it and when.


-- Peter Fairbrother

Jenn

unread,
Mar 26, 2013, 12:26:33 PM3/26/13
to
Thanks for the info Peter. I'm not sure which group you're actually posting
from, but I saw your post via alt.2600.

--
Jenn


Jenn

unread,
Mar 26, 2013, 12:36:31 PM3/26/13
to
How does Wuala compare to dropbox?

--
Jenn


Message has been deleted

Casper H.S. Dik

unread,
Mar 26, 2013, 1:40:46 PM3/26/13
to
Dustin <cowards....@raidsplace.com> writes:

>Electronics are checked to make sure they are what they claim to be and
>aren't filled with explosives, Jenn.

In all the years and many trips I had, I don't remember even one
incident were they wanted me to switch on my laptop.
(US & Europe, half in the US, dozens of trips)

Perhaps it is because I mostly to/from silicon valley?

Casper

unruh

unread,
Mar 26, 2013, 1:56:55 PM3/26/13
to
On 2013-03-26, Dustin <cowards....@raidsplace.com> wrote:
> Jenn <therealm...@gmail.com> wrote in
> news:kiqli0$oea$2...@dont-email.me:
> Haven't been to very many airports then.. eh?
>
> You're even expected to turn it on, so they can see it come online. the
> idea behind that is, if it's a bomb; You wouldn't wanna blow yourself
> up, and if it is, it doesn't score an airplane.

Completely different issue. That is by Homeland Security, or the
equivalent security search to make sure you are not bringing on a bomb (
mind you any laptop battery have way more than enough juice in it to
start a fire). But this post is about a search of the contents of the
computer. The quote you asked about contained three key words that you
ignored. "customs" not security, "seizing" not turning on, and finally "searching"
which in context is searching the contents.

>
>> Do they do that to everyone's computer? Seems it would slow
>
> Electronics are checked to make sure they are what they claim to be and
> aren't filled with explosives, Jenn.
>
> Just how far behind the times are you?

>
>
Message has been deleted
Message has been deleted

unruh

unread,
Mar 26, 2013, 2:58:42 PM3/26/13
to
On 2013-03-26, Dustin <cowards....@raidsplace.com> wrote:
> unruh <un...@invalid.ca> wrote in
> news:Hjl4t.61197$8d.5...@newsfe14.iad:
>
>> On 2013-03-26, Dustin <cowards....@raidsplace.com> wrote:
>>> Jenn <therealm...@gmail.com> wrote in
>>> news:kiqli0$oea$2...@dont-email.me:
>>>
>>> You're even expected to turn it on, so they can see it come online.
>>> the idea behind that is, if it's a bomb; You wouldn't wanna blow
>>> yourself up, and if it is, it doesn't score an airplane.
>>
>> Completely different issue. That is by Homeland Security, or the
>> equivalent security search to make sure you are not bringing on a
>> bomb ( mind you any laptop battery have way more than enough juice in
>> it to start a fire).
>
> While I appreciate your efforts to defend poor Jenn, who is just picked
> on all the fucking time for absolutely no reason, it's pretty obvious my
> commentary didn't discuss searching the laptop itself. That part was
> over when I suggested truecrypt over bitlocker.
>
> Wouldn't customs be under the control of homeland security anyway? And
> besides, Jenn said she'd never heard of anyone seizing or searching
> computers; has she been under a rock?

It is clear that the "seizing and searching" had nothing to do with
security. It is highly unusual for customs or security to look at the
contents of the laptop, or to seize the laptop. I travel about 20 times
a year and have never had my laptop either seized or searched. I have
has security ask me to turn it on occasionally. I have had it swabbed
for explosive traces ( and once gotten a positive presumably from
fertilizer-- they just brought me to the gate and handed me over to the
airline agent there, who had no idea what to do, and let me on the
plane.). But I have never had my laptop either seized or searched.

Also, it was not clear from his post whether this was by Canadian
customs of US customs ( both are in the Vancouver airport).


>
>>But this post is about a search of the contents
>> of the computer.
>
> The original post was, yes. He specifically asked if bitlocker could be
> hacked. I believe I answered him correctly.

>
>>The quote you asked about contained three key words
>> that you ignored. "customs" not security, "seizing" not turning on,
>> and finally "searching" which in context is searching the contents.
>
> I didn't ignore them. They have no context in the comment I made towards
> Jenn. You'd literally have to be living under a rock to be so clueless
> as to have never heard of anything getting seized or inspected.

I see. When you answer or comment on a query, your answer has nothing to
do with the content of that query. Good to know.

And as I said, I have never, in all my travels all over the world, had
my laptop seized or the contents on the computer inspected (which was
the context of this thread including Jenn's comment.)



>
> Next time you wish to be a smug prick, feel free, on someone else.
>

~BD~

unread,
Mar 26, 2013, 3:56:49 PM3/26/13
to
Thanks for explaining. :-)

>>> But this post is about a search of the contents
>>> of the computer.
>>
>> The original post was, yes. He specifically asked if bitlocker could be
>> hacked. I believe I answered him correctly.
>
>>
>>> The quote you asked about contained three key words
>>> that you ignored. "customs" not security, "seizing" not turning on,
>>> and finally "searching" which in context is searching the contents.
>>
>> I didn't ignore them. They have no context in the comment I made towards
>> Jenn. You'd literally have to be living under a rock to be so clueless
>> as to have never heard of anything getting seized or inspected.
>
> I see. When you answer or comment on a query, your answer has nothing to
> do with the content of that query. Good to know.
>
> And as I said, I have never, in all my travels all over the world, had
> my laptop seized or the contents on the computer inspected (which was
> the context of this thread including Jenn's comment.)

Although I /could/ find a post in which Dustin Cook claims to have been
only 5 minutes walk from my home in Devon, England, I am totally
confident that he has NEVER flown *anywhere* overseas from the USA.

>> Next time you wish to be a smug prick, feel free, on someone else.

Methinks it is Dustin Cook who is demonstrating such tendencies! ;-)

--

Message has been deleted
Message has been deleted

~BD~

unread,
Mar 26, 2013, 7:02:33 PM3/26/13
to
Dustin wrote:
> ~BD~ <~BD~@nomail.afraid.org> wrote in
> news:QYednQ7bYYcdYMzM...@bt.com:
>
>> Although I /could/ find a post in which Dustin Cook claims to have
>> been only 5 minutes walk from my home in Devon, England, I am totally
>> confident that he has NEVER flown *anywhere* overseas from the USA.
>
> Dustin has been on several planes and jets, and has flown out of the
> states on a few occasions. I won't specify when or where I went. H0h0h0.

Lapland? To see Father Christmas? ;-)

> Btw, I will tell you, for your stalking efforts, That I was allowed to
> have my cat with me in his carrier underneath my seat the last time I flew
> alone.

I thought you said you have 3 cats? A bit cruel to leave the other(s)
behind!

> I'm pretty sure they don't allow that anymore, it's been a long time since
> a critter flew with me.
>
> Wanna try again, David? :)

OK! I will! *Did you fly to Pakistan for terrorist training*?

Are you actually now a 'sleeper' in the USA - waiting to cause death and
destruction whenever you are ordered so to do?

There's no way of knowing unless the FBI or CIA come knocking at your
door - is there?

--

Message has been deleted

~BD~

unread,
Mar 26, 2013, 7:26:31 PM3/26/13
to
Dustin wrote:
> ~BD~ <~BD~@nomail.afraid.org> wrote in
> news:BN-dnchHk-mVtM_M...@bt.com:
>
>> I thought you said you have 3 cats? A bit cruel to leave the other(s)
>> behind!
>
> LOL. I haven't always had 3 cats David. I don't have 3 cats now, in fact.

Sorry. :-(

> The year that flight took place, I had one cat. His name was Smokey.
>
>> OK! I will! *Did you fly to Pakistan for terrorist training*?
>
> I'd get better terrorist flight lessons from your country.
> They trained you, after all.

Now you are just being stupid. It doesn't become you, Dustin.

>> Are you actually now a 'sleeper' in the USA - waiting to cause death
>> and destruction whenever you are ordered so to do?
>>
>> There's no way of knowing unless the FBI or CIA come knocking at your
>> door - is there?
>
> Oh... Is this supposed to somehow scare me David? Should I get a knock
> on the door now? I'm trembling so much now, it's hard to fly my plane..
> *snicker*

Your 'plane' is a schoolboy's toy helicopter. It called an *aircraft*!

> Btw, has Jax gotten any phone calls or new deliveries Yet?

You really are off your trolley. You have made a major boo boo - even
now you have no idea how you have been stung, have you?!! Dope!

And *I did warn you*! <rolls eyes>

> Did you ever figure out what was new in your neck of the woods? Have
> you seen the invoice for it yet? *smug grin*

I have absolutely *no idea* of what you are alluding to. Spell it out if
you wish to have *any* impact at all! Invoice? For what?!!

--

Dave U. Random

unread,
Mar 26, 2013, 9:35:15 PM3/26/13
to
"Jenn" <therealm...@gmail.com> wrote in message
news:kisimh$hh9$1...@dont-email.me...
DropBox used to claim that they couldn't see the contents of your files
either. However it was later revealed they were LYING. Do NOT store any
sensitive material on DropBox since you might get burned. If you read
the DropBox website claims on security you'll see them telling you how
safe they are, but they are referring to authentication and
authorization, not confidentiality. You will not see them claim anywhere
on their site that they cannot see your files. They claim that DropBox
employees are forbidden to look at your files, but they CAN look at them
if for example law enforcement agencies ask for information. And they
also claim that they will cooperate with any law enforcement request
without informing you.

Wuala is based in Europe and all its servers are based in Europe.

A small word of caution would be that LACIE, the parent company of
Wuala, was recently taken over by U.S. based Western Digital. So far
there haven't been any changes to Wuala's security but that
might change in the future, so we'll have to remain vigilant.





Message has been deleted
Message has been deleted
Message has been deleted

Jenn

unread,
Mar 26, 2013, 11:12:31 PM3/26/13
to
hmmm sounds like they aren't going to be safe for all that long, either.
I guess a person could encrypt their files before they store them on
any cloud. Would that work?

--
Jenn
Message has been deleted

Casper H.S. Dik

unread,
Mar 27, 2013, 6:18:43 AM3/27/13
to
Dustin <cowards....@raidsplace.com> writes:

>Casper H.S. Dik <Caspe...@OrSPaMcle.COM> wrote in news:5151dd9e$0$6913
>$e4fe...@news2.news.xs4all.nl:

>> Dustin <cowards....@raidsplace.com> writes:
>>
>>>Electronics are checked to make sure they are what they claim to be and
>>>aren't filled with explosives, Jenn.
>>
>> In all the years and many trips I had, I don't remember even one
>> incident were they wanted me to switch on my laptop.
>> (US & Europe, half in the US, dozens of trips)

>Did they ask you to pass it thru a sort of new modified xray machine?

Some of the times; but the carry-on goods aren't run through
that machine.


Casper

LightBit

unread,
Mar 27, 2013, 7:11:31 AM3/27/13
to
On 27 mar., 08:06, G. Morgan <sealte...@osama-is-dead.net> wrote:
> Jenn wrote:
> >hmmm sounds like they aren't going to be safe for all that long, either.
> >  I guess a person could encrypt their files before they store them on
> >any cloud.  Would that work?
>
> That would be advisable for any files containing sensitive data like
> passwords or personal info like medical records or financial data.
>
> You may even want to double up on the encryption, make one pass with
> Winzip using AES and a strong passphrase and a second pass with Winrar
> using maximum compression and a different but equally strong passphrase.

One pass is enought.
Compressing encrypted and/or compressed data will not compress data.

It would be better to use special purpose file encryption program.
Something like scrypt: http://www.tarsnap.com/scrypt.html
You can compress it before encryption.

Jenn

unread,
Mar 27, 2013, 12:56:43 PM3/27/13
to
G. Morgan wrote:
> Jenn wrote:
>
>> hmmm sounds like they aren't going to be safe for all that long,
>> either. I guess a person could encrypt their files before they
>> store them on any cloud. Would that work?
>
> That would be advisable for any files containing sensitive data like
> passwords or personal info like medical records or financial data.
>
> You may even want to double up on the encryption, make one pass with
> Winzip using AES and a strong passphrase and a second pass with Winrar
> using maximum compression and a different but equally strong
> passphrase.

Then put the passwords in a file (in case you forget them) and zip THOSE a
couple of times... but then you forget the password you used to zip the
passwords..... <sigh>

--
Jenn


BurfordTJustice

unread,
Mar 28, 2013, 7:37:59 AM3/28/13
to

"G. Morgan" <seal...@osama-is-dead.net> wrote in message
news:ovn4l8hbketvud1di...@Osama-is-dead.net...

The TSA reserves that right. My last two trips (about 6 flights) I
--
morgan only flies for the Free Grope!


Message has been deleted

~BD~

unread,
Mar 28, 2013, 6:19:45 PM3/28/13
to
Dustin wrote:
> ~BD~ <~BD~@nomail.afraid.org> wrote in
> news:v6OdnQRbfJU6s8_M...@bt.com:
>
>> Dustin wrote:
>>> ~BD~ <~BD~@nomail.afraid.org> wrote in
>>> news:BN-dnchHk-mVtM_M...@bt.com:
>>>
>>>> I thought you said you have 3 cats? A bit cruel to leave the
>>>> other(s) behind!
>>>
>>> LOL. I haven't always had 3 cats David. I don't have 3 cats now, in
>>> fact.
>>
>> Sorry. :-(
>
> For what?

Dead pussies.

>>> The year that flight took place, I had one cat. His name was Smokey.
>>>
>>>> OK! I will! *Did you fly to Pakistan for terrorist training*?
>>>
>>> I'd get better terrorist flight lessons from your country.
>>> They trained you, after all.
>>
>> Now you are just being stupid. It doesn't become you, Dustin.
>
> Hardly. You're the one making wild generalizations based on nothing.

Everything is based on something!

>>>> Are you actually now a 'sleeper' in the USA - waiting to cause
>>>> death and destruction whenever you are ordered so to do?
>>>>
>>>> There's no way of knowing unless the FBI or CIA come knocking at
>>>> your door - is there?
>>>
>>> Oh... Is this supposed to somehow scare me David? Should I get a
>>> knock on the door now? I'm trembling so much now, it's hard to fly
>>> my plane.. *snicker*
>>
>> Your 'plane' is a schoolboy's toy helicopter. It called an
>> *aircraft*!
>
> Actually, it's not a plane at all, cuntafungus. It's a helicopter. Twin
> rotor style.

It is a model *AIRCRAFT* - just as I said. Dimmy.

>>> Btw, has Jax gotten any phone calls or new deliveries Yet?
>>
>> You really are off your trolley. You have made a major boo boo - even
>> now you have no idea how you have been stung, have you?!! Dope!
>
> *I* didn't make any booboo, *I* didn't do anything. HHI<>myself. [g]

You hit the wrong target. It might well be your undoing.

> Your efforts to try and make the information appear invalid have failed
> miserably. Various independent sites have already been consulted; it's
> her. Nothing you can do for her now.
>
>> And *I did warn you*! <rolls eyes>
>
> Yes, she was warned not to be stalking people on your behalf. Now,
> she'll be told over the phone and perhaps in person, several times for
> an undetermined time period.
>
> It's really ALL entirely out of your control now. You've destroyed Jax's
> life. I'm sure you won't lose a wink of sleep over it either. You're
> that much of a cuntafungus.

You hit the wrong target. It might well be your undoing.

>> I have absolutely *no idea* of what you are alluding to. Spell it out
>> if you wish to have *any* impact at all! Invoice? For what?!!
>
> I've had a great impact. Think, missile, small horse barn. Especially
> for having done nothing myself. [g] With no effort whatsoever on my
> part, I can google david brooks hhi and pull up your house, your pics,
> your tele, whatever I wanna know, for free.
>
> Anyone can.

You do know that Jax can do that for *you*, don't you? You still have
made no sense with regard to an Invoice. Methinks it's one *you* will
have to pay!

--

Jax

unread,
Mar 28, 2013, 8:14:56 PM3/28/13
to
Dustin <cowards....@raidsplace.com> wrote in
news:XnsA18FC577E1C6CB7Z317AGDTEHHI8AJ283@no:

> Btw, has Jax gotten any phone calls or new deliveries Yet? Did you ever
> figure out what was new in your neck of the woods? Have you seen the
> invoice for it yet? *smug grin*

Dustin if you want to know then why don't you give Jacqueline a call? You
have her phone numbers and her email. I'm sure she would be interested to
hear from you.

Later on, I can send her your address and phone number plus Usenet posts so
she understands what's happening!

I like it when the good guys win, don't you? :)

--
Jax
Message has been deleted
Message has been deleted

FromTheRafters

unread,
Mar 28, 2013, 10:00:59 PM3/28/13
to
Dustin explained :
> ~BD~ <~BD~@nomail.afraid.org> wrote in
> news:LeWdnXb7YOBiXMnM...@bt.com:
>
>> Dustin wrote:
>>> ~BD~ <~BD~@nomail.afraid.org> wrote in
>>> news:v6OdnQRbfJU6s8_M...@bt.com:
>>>
>>>> Dustin wrote:
>>>>> ~BD~ <~BD~@nomail.afraid.org> wrote in
>>>>> news:BN-dnchHk-mVtM_M...@bt.com:
>>>>>
>>>>>> I thought you said you have 3 cats? A bit cruel to leave the
>>>>>> other(s) behind!
>>>>>
>>>>> LOL. I haven't always had 3 cats David. I don't have 3 cats now,
>>>>> in fact.
>>>>
>>>> Sorry. :-(
>>>
>>> For what?
>>
>> Dead pussies.
>
> Who said anything about dead cats, you cuntafungus? I have 5 cats now.
> LOL.

*That* is funny, shows yet again how he jumps to wrong conclusions.

[...]


~BD~

unread,
Mar 29, 2013, 3:37:31 AM3/29/13
to
Dustin wrote:
> ~BD~ <~BD~@nomail.afraid.org> wrote in
> news:LeWdnXb7YOBiXMnM...@bt.com:
>
>> Dustin wrote:
>>> ~BD~ <~BD~@nomail.afraid.org> wrote in
>>> news:v6OdnQRbfJU6s8_M...@bt.com:
>>>
>>>> Dustin wrote:
>>>>> ~BD~ <~BD~@nomail.afraid.org> wrote in
>>>>> news:BN-dnchHk-mVtM_M...@bt.com:
>>>>>
>>>>>> I thought you said you have 3 cats? A bit cruel to leave the
>>>>>> other(s) behind!
>>>>>
>>>>> LOL. I haven't always had 3 cats David. I don't have 3 cats now,
>>>>> in fact.
>>>>
>>>> Sorry. :-(
>>>
>>> For what?
>>
>> Dead pussies.
>
> Who said anything about dead cats, you cuntafungus? I have 5 cats now.
> LOL.
>
>
>> Everything is based on something!
>
> LOL. Not with you it isn't. Your an insulting old man who hasn't got a
> clue how technology works. Despite efforts to educate you, it simply
> cannot be done. You have a learning disability.
>
>>> Actually, it's not a plane at all, cuntafungus. It's a helicopter.
>>> Twin rotor style.
>>
>> It is a model *AIRCRAFT* - just as I said. Dimmy.
>
> You wrote that it's a plane, in a cheeky, smug, asshole style. It's not,
> obviously. You tried to leave yourself a way out with the aircraft
> generalized comment. Nice, but uhh, no. cuntafungus.
>
> Some military training you took. Maybe thats why you had to go? When you
> confuse a heli for an airplane, somethings amiss upstairs.
>
>> You hit the wrong target. It might well be your undoing.
>
> It's hard to type right now, I'm laughing so hard.
>
> *I* didn't hit anything. HHI<>me.
>
> In a previous post you claim the online person posting as Jax has legal
> recourse for acts you wrongly/mistakenly think I did or otherwise
> caused. That indicates if I had hit a target, it wouldn't have been the
> wrong one.
>
> I know what you and Jax should do. Skype each other, get your stories
> straight and do your best to convince us your revised edition is the
> real one.
>
>>> Yes, she was warned not to be stalking people on your behalf. Now,
>>> she'll be told over the phone and perhaps in person, several times
>>> for an undetermined time period.
>>>
>>> It's really ALL entirely out of your control now. You've destroyed
>>> Jax's life. I'm sure you won't lose a wink of sleep over it either.
>>> You're that much of a cuntafungus.
>>
>> You hit the wrong target. It might well be your undoing.
>
> It's hard to type right now, I'm laughing so hard.
>
> *I* didn't hit anything. HHI<>me.
>
> In a previous post you claim the online person posting as Jax has legal
> recourse for acts you wrongly/mistakenly think I did or otherwise
> caused. That indicates if I had hit a target, it wouldn't have been the
> wrong one.
>
> I know what you and Jax should do. Skype each other, get your stories
> straight and do your best to convince us your revised edition is the
> real one.
>
>
>> You do know that Jax can do that for *you*, don't you? You still
>
> That's what you had planned for her in the first place. I wonder if
> she'll post the same information you did.
>
> Btw, is my moms name Sara or Sarah? Neither of you ever did say, But she
> certainly went and smeared a local (to my area) vet based on that
> information.
>
> Jax is going to get what Jax has asked to get. And you will eventually
> get everything you have coming, too.

Thanks for responding Dustin. You said "You wrote that it's a plane,"

I don't believe I did that. Please provide the MID.

--


Message has been deleted

Jax

unread,
Mar 29, 2013, 11:21:09 AM3/29/13
to
Dustin <cowards....@raidsplace.com> wrote in
news:XnsA191DA73D944AB7Z317AGDTEHHI8AJ283@no:

> Jax <do.not.remove...@gmail.com> wrote in
> news:XnsA192288C...@130.225.254.104:
>
>> Dustin if you want to know then why don't you give Jacqueline a call?
>> You have her phone numbers and her email. I'm sure she would be
>> interested to hear from you.
>
> I'm asking her (you) here in usenet. Didn't think a phone call was really
> necessary.
>
>> Later on, I can send her your address and phone number plus Usenet
>> posts so she understands what's happening!
>
> Be sure to explain to her (you) that her information is available due to
> your stalking efforts on her behalf.
>
> Btw,
>
> Are you admitted to having been impersonating another individual?
>
>> I like it when the good guys win, don't you? :)
>
> I do too. So, are you impersonating another individuals identity?

I plead the fifth. :)

--
Jax

~BD~

unread,
Mar 29, 2013, 11:25:27 AM3/29/13
to
Dustin wrote:
> ~BD~ <~BD~@nomail.afraid.org> wrote in
> news:6I-dnWv8ZZYm2cjM...@bt.com:
>
>> Thanks for responding Dustin. You said "You wrote that it's a plane,"
>> I don't believe I did that. Please provide the MID.
>
> Message-ID: <v6OdnQRbfJU6s8_M...@bt.com>
>
> Your memory is unreliable.
>
> "Your 'plane' is a schoolboy's toy helicopter. It called an *aircraft*!"

Thank you for agreeing that *YOU* were wrong!

*YOU* said "I'm trembling so much now, it's hard to *fly my plane*..
*snicker*

*I* said

Your 'plane' is a schoolboy's toy helicopter. It's called an *aircraft*!

Best you don't argue with me Dustin - you'll not win! ;-)

--

Message has been deleted
Message has been deleted

~BD~

unread,
Mar 29, 2013, 2:19:40 PM3/29/13
to
Dustin wrote:
> ~BD~ <~BD~@nomail.afraid.org> wrote in
> news:baGdnbzZROf1L8jM...@bt.com:
>
>> Dustin wrote:
>>> ~BD~ <~BD~@nomail.afraid.org> wrote in
>>> news:6I-dnWv8ZZYm2cjM...@bt.com:
>>>
>>>> Thanks for responding Dustin. You said "You wrote that it's a
>>>> plane," I don't believe I did that. Please provide the MID.
>>>
>>> Message-ID: <v6OdnQRbfJU6s8_M...@bt.com>
>>>
>>> Your memory is unreliable.
>>>
>>> "Your 'plane' is a schoolboy's toy helicopter. It called an
>>> *aircraft*!"
>>
>> Thank you for agreeing that *YOU* were wrong!
>
> You referred to it as a plane, in a smug fashion, as if to educate me in
> some fashion. I know it's not a plane, you smug prick.

BD did *not* refer to your toy as a plane - he knows better! ;-)

> You can't spin yourself out of it, David.

*YOU* referred to your toy as a plane. *Yes* - I *did* correct you.

>> *YOU* said "I'm trembling so much now, it's hard to *fly my plane*..
>> *snicker*
>
> Sarcasm doesn't become you eh?

Avoidance noted. *You* said "it's hard to *fly my PLANE* - no argument!

>> *I* said
>>
>> Your 'plane' is a schoolboy's toy helicopter. It's called an
>> *aircraft*!
>>
>> Best you don't argue with me Dustin - you'll not win! ;-)
>
> I don't argue with you David, I simply correct you, often.
> For us to have an argument would require you to have some knowledge of
> the subject we're discussing which led upto an argument. That doesn't
> happen with you.

*YOU WERE WRONG* - Dopey! :-)

FromTheRafters

unread,
Mar 29, 2013, 2:42:32 PM3/29/13
to
~BD~ laid this down on his screen :
It is still an airplane isn't it. The word "plane" refers to the
wing(s) and there are both fixed-wing and rotary-winged aircraft.

Wiki is probably with you on this one, but if I'm not mistaken both
helicopters and fixed wing aircraft are differentiated from lighter
than air aircraft and are both airplanes.


~BD~

unread,
Mar 29, 2013, 6:13:47 PM3/29/13
to
You *are* mistaken, FTR!

Fixed-wing and Rotary-wing are both *aircraft* - in the UK anyway! ;-)

"An airplane (also known as an aeroplane in British English or simply a
plane) is a powered *fixed-wing* aircraft that is propelled forward by
thrust from a jet engine or propeller."
Ref: http://en.wikipedia.org/wiki/Airplane

--

Jax

unread,
Mar 29, 2013, 6:14:49 PM3/29/13
to
Dustin <cowards....@raidsplace.com> wrote in
news:XnsA1928C63F491BB7Z317AGDTEHHI8AJ283@no:

> ~BD~ <~BD~@nomail.afraid.org> wrote in
> news:baGdnbzZROf1L8jM...@bt.com:
>
>> Dustin wrote:
>>> ~BD~ <~BD~@nomail.afraid.org> wrote in
>>> news:6I-dnWv8ZZYm2cjM...@bt.com:
>>>
>>>> Thanks for responding Dustin. You said "You wrote that it's a
>>>> plane," I don't believe I did that. Please provide the MID.
>>>
>>> Message-ID: <v6OdnQRbfJU6s8_M...@bt.com>
>>>
>>> Your memory is unreliable.
>>>
>>> "Your 'plane' is a schoolboy's toy helicopter. It called an
>>> *aircraft*!"
>>
>> Thank you for agreeing that *YOU* were wrong!
>
> You referred to it as a plane, in a smug fashion, as if to educate me in
> some fashion. I know it's not a plane, you smug prick.
>
> You can't spin yourself out of it, David.
>
>> *YOU* said "I'm trembling so much now, it's hard to *fly my plane*..
>> *snicker*
>
> Sarcasm doesn't become you eh?
>
>> *I* said
>>
>> Your 'plane' is a schoolboy's toy helicopter. It's called an
>> *aircraft*!
>>
>> Best you don't argue with me Dustin - you'll not win! ;-)
>
> I don't argue with you David, I simply correct you, often.
> For us to have an argument would require you to have some knowledge of
> the subject we're discussing which led upto an argument. That doesn't
> happen with you.

Dustin if someone wants to know what some obscure bit of software is (such
as a prepender) then they might ask you what it is.

When you want to know about the names of planes or aircraft then ask
Boater Dave because he's used to be a jet pilot and his son is a
helicopter pilot. Most probably he knows what he's talking about. Just
saying!

--
Jax

FromTheRafters

unread,
Mar 29, 2013, 6:48:36 PM3/29/13
to
on 3/29/2013, ~BD~ supposed :
http://www.thefreedictionary.com/airplane

air•plane
art at airwaves
(ˈɛərˌpleɪn)

n.
1. a heavier-than-air craft kept aloft by the upward thrust exerted by
the passing air on its fixed wings and driven by propellers or jet
propulsion.
2. any similar heavier-than-air craft, as a glider or helicopter. <<==
Also, esp. Brit., aeroplane.
[1905–10, alter. of aeroplane, with air replacing aero-]
Random House Kernerman Webster's College Dictionary, © 2010 K
Dictionaries Ltd. Copyright 2005, 1997, 1991 by Random House, Inc. All
rights reserved.


~BD~

unread,
Mar 29, 2013, 7:09:54 PM3/29/13
to
If you feel strongly about this, FTR, please write to "art at airwaves"
and tell them they've got it wrong".

They have! :-)

--

FromTheRafters

unread,
Mar 29, 2013, 8:11:35 PM3/29/13
to
~BD~ has brought this to us :
http://en.wikipedia.org/wiki/Autogyro


~BD~

unread,
Mar 29, 2013, 8:17:47 PM3/29/13
to
A most interesting breed of aircraft; I've never flown one. Have you?

--

FrozenNorth

unread,
Mar 29, 2013, 8:34:39 PM3/29/13
to
On 3/29/2013 8:17 PM, ~BD~ wrote:
<YAWN>

Are you still here?


--
Froz...


The system will be down for 10 days for preventive maintenance.

FromTheRafters

unread,
Mar 29, 2013, 9:08:15 PM3/29/13
to
~BD~ brought next idea :
No, but i *did* notice the use of both "plane" and "copter" in the
various names for the aircraft type.

Did you miss the part where I said that the wiki would likely agree
with you? I am not wrong in stating what I stated despite the fact that
just about everybody uses the word "plane" to be exclusive of rotary
wing aircraft. Aeroplanes were different from balloons, dirigibles, and
blimps - the word was used before the advent of helicopters to
distinguish between 'lighter-than-air' aircraft that floated for lift
and 'heavier-than-air' aircraft that used an aero-plane for lift.

I have cited two instances where the word "plane" was used for rotary
winged aircraft. I'm *not* claiming that you are wrong, but helicopters
don't float in the air - they get lift from aero-plane wings.


Message has been deleted
Message has been deleted
Message has been deleted

FromTheRafters

unread,
Mar 29, 2013, 10:10:43 PM3/29/13
to
Dustin wrote :
> FromTheRafters <err...@nomail.afraid.org> wrote in
> news:kj5dpt$t8g$1...@dont-email.me:
>>>>>> air•plane
>>>>>> art at airwaves
>>>>>> (ˈɛərˌpleɪn)
>>>>>>
>>>>>> n.
>>>>>> 1. a heavier-than-air craft kept aloft by the upward thrust
>>>>>> exerted by the passing air on its fixed wings and driven by
>>>>>> propellers or jet propulsion.
>>>>>> 2. any similar heavier-than-air craft, as a glider or helicopter.
>>>>>> <<== Also, esp. Brit., aeroplane.
>>>>>> [1905–10, alter. of aeroplane, with air replacing aero-]
>>>>>> Random House Kernerman Webster's College Dictionary, © 2010 K
>>>>>> Dictionaries Ltd. Copyright 2005, 1997, 1991 by Random House,
>>>>>> Inc. All rights reserved.
>>>>>
>>>>>
>>>>> If you feel strongly about this, FTR, please write to "art at
>>>>> airwaves" and tell them they've got it wrong".
>>>>>
>>>>> They have! :-)
>>>>
>>>> http://en.wikipedia.org/wiki/Autogyro
>>>
>>> A most interesting breed of aircraft; I've never flown one. Have
>>> you?
>>
>> No, but i *did* notice the use of both "plane" and "copter" in the
>> various names for the aircraft type.
>>
>> Did you miss the part where I said that the wiki would likely agree
>> with you? I am not wrong in stating what I stated despite the fact
>> that just about everybody uses the word "plane" to be exclusive of
>> rotary wing aircraft. Aeroplanes were different from balloons,
>> dirigibles, and blimps - the word was used before the advent of
>> helicopters to distinguish between 'lighter-than-air' aircraft that
>> floated for lift and 'heavier-than-air' aircraft that used an
>> aero-plane for lift.
>>
>> I have cited two instances where the word "plane" was used for rotary
>> winged aircraft. I'm *not* claiming that you are wrong, but
>> helicopters don't float in the air - they get lift from aero-plane
>> wings.
>
> If it floated in the air, it wouldn't drain the power source within 15
> minutes. That's 15 minutes if the the throttle isn't maxed. I'd
> calculate less than 10 if it is. I'm told that the more I fly and
> recharge, the slightly longer flight times i'll get; but I don't believe
> that's true. I know this heli has a lipoly 3.75 volt power supply tucked
> underneath it's nose. Replaceable.

Remember those little toy blimps in the video I linked to a couple of
years ago? I wonder how long they stay aloft and running on a charge.
Not as much fun as a helicopter though I bet. Too bad we didn't have
toys like that when I was little.


~BD~

unread,
Mar 30, 2013, 4:09:22 AM3/30/13
to
No, I didn't miss it, FTR! I wasn't looking for an argument! ;-)

> I am not wrong in stating what I stated despite the fact that just
> about everybody uses the word "plane" to be exclusive of rotary wing
> aircraft. Aeroplanes were different from balloons, dirigibles, and
> blimps - the word was used before the advent of helicopters to
> distinguish between 'lighter-than-air' aircraft that floated for lift
> and 'heavier-than-air' aircraft that used an aero-plane for lift.

I appreciate your explanation.

> I have cited two instances where the word "plane" was used for rotary
> winged aircraft. I'm *not* claiming that you are wrong, but helicopters
> don't float in the air - they get lift from aero-plane wings.

That's strange, because here in the UK helicopters get their lift from
Rotor Blades! http://en.wikipedia.org/wiki/Helicopter_rotor

<aside>

I once heard an ATCO colleague once say to a pilot something like ...

G-AZTO - traffic right one o'clock range 5 miles crossing right to left

The reply came back "OK - visual"

The ATCO responded "Is it a helicopter or a light fixed wing?"

The pilot said "Sorry, I'm not quite sure"

To which the ATCO responded "Is the propeller on the front or on the top?""

Silence followed! :-)

--
Have a great day!



Anonymous Remailer (austria)

unread,
Apr 1, 2013, 9:06:28 AM4/1/13
to

On Mon, 25 Mar 2013 18:24:36 -0500
G. Morgan <seal...@osama-is-dead.net> wrote:

> Perhaps an equally better reason to switch is you can have hidden
> volumes with a hidden O/S. The hidden volume is impossible to
> detect. Depending on which password you use TC will load the
> appropriate matching O/S. So if your adversary forces you to type in
> your password, give them the 2nd "fake" O/S (one you still use
> occasionally so it does not *look* phony, a bare fresh install will
> look suspicious).

So a "bare fresh install" will look suspicious, but having TrueCrypt
installed will not? Do you really think that the people demanding
your passphrase have never heard of TrueCrypt or deniable encryption?

> It's called plausible deniability - very clever of the TC folks. And
> there is no way for anyone to know the 2nd volume exists, much less
> has an O/S with encrypted data you don't want prying eyes to see.

Like stegonagraphy, deniable encryption suffers from the warden
problem. The unfortunate truth is that *having* a deniable encryption
system installed on your computer is suspicious in and of itself. The
only solution would be for everyone to use it, but that is almost
certainly not going to happen.

The real answer to all this is to refuse to divulge your key. Travel
with a throwaway laptop and make sure you back up whatever data you
have on it before you go (probably a good idea anyway).

Nomen Nescio

unread,
Apr 2, 2013, 5:41:21 AM4/2/13
to
mixm...@remailer.privacy.at wrote:

> The real answer to all this is to refuse to divulge your key. Travel
> with a throwaway laptop...

I wish I could afford a throwaway laptop.

Message has been deleted

Jenn

unread,
Apr 3, 2013, 7:13:03 PM4/3/13
to
On 4/3/2013 2:21 PM, G. Morgan wrote:
> Anonymous Remailer (austria) wrote:
>
>>
>> On Mon, 25 Mar 2013 18:24:36 -0500
>> G. Morgan <seal...@osama-is-dead.net> wrote:
>>
>>> Perhaps an equally better reason to switch is you can have hidden
>>> volumes with a hidden O/S. The hidden volume is impossible to
>>> detect. Depending on which password you use TC will load the
>>> appropriate matching O/S. So if your adversary forces you to type in
>>> your password, give them the 2nd "fake" O/S (one you still use
>>> occasionally so it does not *look* phony, a bare fresh install will
>>> look suspicious).
>>
>> So a "bare fresh install" will look suspicious, but having TrueCrypt
>> installed will not?
>
> Why would it be anymore suspicious than Bit Locker? Do you know that Bit
> Locker is pretty much useless and a bitch to install and deal with unless
> the laptop has a TPM chip? That's a perfect reason/excuse right there to
> have Truecrypt. If asked why you have *any* encryption at all, ask to
> speak to a customs agent that knows something about computer security. A
> Windows password "protected" account is useless against anyone with a Win
> PE or Linux boot disk. Bit locker may not be a viable option without a
> TPM chip, and even if you have one - it's still a M$ product. M$ isn't
> exactly known for "high security" applications. That's reason enough to
> go with a 3rd party security app. Anyone who travels with a laptop risks
> losing it, or it getting stolen. There is no reason the data has to be
> stolen too.
>
>> Do you really think that the people demanding
>> your passphrase have never heard of TrueCrypt or deniable encryption?
>
> Sure they have, but so what? Deny it, what are they going to do? Unless
> the correct passphrase is entered, no one will know of the 2nd OS except
> the owner. Give them the decoy passphrase and call it a day.
>
>>> It's called plausible deniability - very clever of the TC folks. And
>>> there is no way for anyone to know the 2nd volume exists, much less
>>> has an O/S with encrypted data you don't want prying eyes to see.
>>
>> Like stegonagraphy, deniable encryption suffers from the warden
>> problem. The unfortunate truth is that *having* a deniable encryption
>> system installed on your computer is suspicious in and of itself.
>
> Disagree, for reasons outlined above.
>
>> The
>> only solution would be for everyone to use it, but that is almost
>> certainly not going to happen.
>
> That's not the "only solution". It's *plausible* deniability, short of
> water boarding you or hooking up your balls to a car battery - no one is
> the wiser.
>
>> The real answer to all this is to refuse to divulge your key.
>
> That would be a major part of the *plausible* part. Make a huge stink
> about having to reveal the key, make a scene, threaten - beg - whatever;
> then hand over the decoy key after you are done being a royal PITA to
> them and pretend to just give up.
>
>> Travel
>> with a throwaway laptop and make sure you back up whatever data you
>> have on it before you go (probably a good idea anyway).
>
> Umm... If the adversary has the "throwaway", they will access the data
> on it unless it's encrypted. What good is a "throwaway" if it has data
> you don't want exposed? Where are you going to dispose of it if you're
> being detained at a border checkpoint?
>

I've been reading everything you've said about a decoy OS on your laptop
when traveling. It makes a lot of sense to me.

--
Jenn
Message has been deleted

Gordon Burditt

unread,
Apr 4, 2013, 1:15:10 AM4/4/13
to
>>Like stegonagraphy, deniable encryption suffers from the warden
>>problem. The unfortunate truth is that *having* a deniable encryption
>>system installed on your computer is suspicious in and of itself.
>
> Disagree, for reasons outlined above.

When every Linux, Windows, and Mac distro has the top 97 deniable
encryption apps (and most of them can't be removed because even a
C function call API requires encryption), it won't be suspicious.

practice

unread,
Apr 4, 2013, 2:19:09 AM4/4/13
to
On 04/03/2013 10:32 PM, Dustin wrote:
> Jenn <therealm...@gmail.com> wrote in
> news:kjict9$hu7$1...@dont-email.me:
> I dunno about decoy OS, as much as hidden truecrypt volume...
>
> Which I think would be the better option here.
>
>

I agree here with Dustin. Just how many border checkpoint people know
anything technical about computers other than if it turns on or not. Of
course, I would run like Hell if it didn't turn on!
They are just there to make sure traffic flows smoothly.





FromTheRafters

unread,
Apr 4, 2013, 6:20:31 AM4/4/13
to
practice explained :
Sounds like a custom boot screen that displays large numbers in a
countdown from ten would go over quite nicely.


Message has been deleted

unruh

unread,
Apr 4, 2013, 11:11:51 AM4/4/13
to
On 2013-04-04, Dustin <cowards....@raidsplace.com> wrote:
> FromTheRafters <err...@nomail.afraid.org> wrote in
> news:kjjk13$5pq$1...@dont-email.me:
>
>> practice explained :
>>> On 04/03/2013 10:32 PM, Dustin wrote:
>>>> Jenn <therealm...@gmail.com> wrote in
>>>> news:kjict9$hu7$1...@dont-email.me:
>>>>
>>>>> On 4/3/2013 2:21 PM, G. Morgan wrote:
>>>>>> Anonymous Remailer (austria) wrote:
>>>>>>
>>>>>>>
...
>>>
>>> I agree here with Dustin. Just how many border checkpoint people
>>> know anything technical about computers other than if it turns on or
>>> not. Of course, I would run like Hell if it didn't turn on!
>>> They are just there to make sure traffic flows smoothly.
>>
>> Sounds like a custom boot screen that displays large numbers in a
>> countdown from ten would go over quite nicely.
>
> Be sure to have a hidden camera crew filming. You can sell the results
> to raise funds for the lawyer you'll be needing.

Actually my OS (Mangeia) has something like that-- a little bar across
the bottom of the screen that grows with time. That is equivalent to a
countdown clock.
>
>
Message has been deleted

FrozenNorth

unread,
Apr 4, 2013, 10:19:41 PM4/4/13
to
On 4/4/2013 9:39 PM, Dustin wrote:
> unruh <un...@invalid.ca> wrote in news:XKg7t.270701$O52.240913
> @newsfe10.iad:
> Hah! Awesome.
>
Both Fedora and Fuduntu have something similar.

FromTheRafters

unread,
Apr 5, 2013, 12:13:47 AM4/5/13
to
Dustin wrote :
> unruh <un...@invalid.ca> wrote in news:XKg7t.270701$O52.240913
> @newsfe10.iad:
>
> Hah! Awesome.

Now all you need is "tick-tick-tick.wav" and you're in business - or
maybe in jail.


practice

unread,
Apr 5, 2013, 1:35:26 AM4/5/13
to
Good thoughts, everyone!



Message has been deleted

Jenn

unread,
Apr 5, 2013, 12:26:59 PM4/5/13
to

~BD~

unread,
Apr 5, 2013, 12:39:09 PM4/5/13
to
*KERBOOOOOOOMB*!

FromTheRafters

unread,
Apr 5, 2013, 1:53:51 PM4/5/13
to
Dustin presented the following explanation :
> FromTheRafters <err...@nomail.afraid.org> wrote in
> news:kjlita$49m$1...@dont-email.me:
> I'm exploring my options for a little boot screen creative work on XP...
>
> I know, I know...

It sounds like fun.


Jenn

unread,
Apr 5, 2013, 4:06:13 PM4/5/13
to
lol

--
Jenn


Fritz Wuehler

unread,
Apr 7, 2013, 5:59:02 PM4/7/13
to
> >So a "bare fresh install" will look suspicious, but having TrueCrypt
> >installed will not?
>
> Why would it be anymore suspicious than Bit Locker?

How about the fact that it includes a deniable encryption feature,
which none of the other popular whole disk encryption systems have?

> Unless the correct passphrase is entered, no one will know of the 2nd
> OS except the owner. Give them the decoy passphrase and call it a
> day.

Or they might just take it anyway, assuming that you gave them your
decoy passphrase. They might hold you for a few hours, demanding that
you give up the real passphrase. Again, deniable encryption suffers
from the warden problem: you cannot hide the fact that you are using
a system that supports deniable encryption, and there is no reason for
your adversary to believe that you did not use the deniability
features.

> Disagree, for reasons outlined above.

What reasons? You have a lot of options other than Truecrypt, yet
Truecrypt's main distinguishing feature is the hidden partition
feature. That alone is sufficient to raise suspicion, especially when
you try to claim that you really did not use the feature Truecrypt is
most well-known for.

> That would be a major part of the *plausible* part. Make a huge stink
> about having to reveal the key, make a scene, threaten - beg -
> whatever; then hand over the decoy key after you are done being a
> royal PITA to them and pretend to just give up.

Then they are going to demand your other key. Now what will you do?
Why should anyone believe that you do not have another key? How are
you going to prove it?

> Umm... If the adversary has the "throwaway", they will access the
> data on it unless it's encrypted. What good is a "throwaway" if it
> has data you don't want exposed? Where are you going to dispose of
> it if you're being detained at a border checkpoint?

..I think you missed the part about not divulging your passphrase,
and opting to just have the throwaway laptop taken from you. Who said
you were not using whole disk encryption? Even if you choose
Truecrypt, you might as well save yourself the time arguing with them
and say, "No, I am not giving you the passphrase." Why even invite a
discussion of whether or not you have hidden partitions? If they are
going to take your laptop, let them have it -- just make sure you have
a strong passphrase and that you backed up your data.

The problem with your entire argument is that it is predicated on the
notion that you can construct a "plausible" innocent ciphertext. That
is way outside of what cryptography can give you -- it comes down to
human psychology, the mood of the particular customs agent you have to
deal with, and your ability to lie with a straight face. It is hard
to rely on that kind reasoning, but it is not hard to rely on the
cipher itself. Why not just rely on that cipher?

There is another angle to consider here: the legal precedent that has
been set so far. While not entirely settled, it appears that key
disclosure law in the United States works like this:

1. Do not divulge a key, and the courts cannot force you to
2. Divulge a key once, and you can be forced to divulge it again

It is not clear if the courts will try to force people who divulge one
Truecrypt key to divulge others, or if that could even work. In some
cases, this could matter -- if, for example, there is evidence that
you have a hidden partition (perhaps a witness saw you open it), you
might be kept in prison until you divulge the key. Again, in the
United States, the least risky thing to do is to refuse to give up the
passphrase, and to just accept the loss of your laptop.

Jax

unread,
Apr 7, 2013, 6:14:03 PM4/7/13
to
~BD~ <~BD~@nomail.afraid.org> wrote in news:
_vednRtknv4sAMvM...@bt.com:

> I once heard an ATCO colleague once say to a pilot something like ...
>
> G-AZTO - traffic right one o'clock range 5 miles crossing right to left
>
> The reply came back "OK - visual"
>
> The ATCO responded "Is it a helicopter or a light fixed wing?"
>
> The pilot said "Sorry, I'm not quite sure"
>
> To which the ATCO responded "Is the propeller on the front or on the top?""
>
> Silence followed! :-)

LOL! :)

--
Jax
Message has been deleted
Message has been deleted

~BD~

unread,
Apr 8, 2013, 4:24:43 AM4/8/13
to
;-)

As Dustin gathered, it *is* a true story, but I was an ATCO at the time!

--
Message has been deleted

David Eather

unread,
Apr 9, 2013, 9:50:59 AM4/9/13
to
On Tue, 09 Apr 2013 14:48:34 +1000, G. Morgan
<seal...@osama-is-dead.net> wrote:

> Fritz Wuehler wrote:
>
>> Or they might just take it anyway, assuming that you gave them your
>> decoy passphrase. They might hold you for a few hours, demanding that
>> you give up the real passphrase. Again, deniable encryption suffers
>> from the warden problem: you cannot hide the fact that you are using
>> a system that supports deniable encryption, and there is no reason for
>> your adversary to believe that you did not use the deniability
>> features.
>
> There is no reason for them to think I did either.
>

If you kept up to date with scheiener's blog you would have seen the link
to the document sent to just about everybody involved in boarder
protection that told them what to look for when searching a laptop - it
covered inter alia, true crypt, hidden partitions and deniable
encryption.

The problem you face at the boarder, even if you have a visa, is that you
have very few rights. You can be denied entry on "suspicion" which is a
much lower standard of proof than criminal (beyond reasonable doubt) or
civil (on the balance of probability). If you tick them off with silly
stuff like attitude, false information and hidden data (which they have
been briefed on how to find or at least suspect) then you simply won't be
allowed in, but sent home on the next flight, which is invariably done at
your expense.

The only "safe" and fully legal way is enter with a clean computer and
then download the data/software. This is such an obviously daft security
"flaw" that you would wise to consider that your data WILL be swept up by
Echelon (incoming information originating outside of the country is of
great interest to government security agencies) and if the password or
encryption is weak it will be read.

From recent reports of sleeper spies caught in the USA it seems the FSB
considers passwords of between 100 to 110 bits necessary for security. I
would trust them on that.

Jeffrey Goldberg

unread,
Apr 9, 2013, 11:04:10 AM4/9/13
to
On 2013-04-09, David Eather <eat...@tpg.com.au> wrote:

> From recent reports of sleeper spies caught in the USA it seems the FSB
> considers passwords of between 100 to 110 bits necessary for security. I
> would trust them on that.

Can you point me to some more information on that. Checking a password
tends to take more time than simply checking an encryption key (if you
aren't testing against a password hash). So I am having some
difficulty understanding this claim.

What I suspect is that the entropy of the passwords is actually far
less than what the creators of it imagine.

Cheers,

-j

--
Jeffrey Goldberg http://www.goldmark.org/jeff/
I rarely read top-posted, over-quoting or HTML postings.
Reply-To address is valid.

David Eather

unread,
Apr 9, 2013, 4:36:39 PM4/9/13
to
On Wed, 10 Apr 2013 01:04:10 +1000, Jeffrey Goldberg <nob...@goldmark.org>
wrote:

> On 2013-04-09, David Eather <eat...@tpg.com.au> wrote:
>
>> From recent reports of sleeper spies caught in the USA it seems the FSB
>> considers passwords of between 100 to 110 bits necessary for security. I
>> would trust them on that.
>
> Can you point me to some more information on that. Checking a password
> tends to take more time than simply checking an encryption key (if you
> aren't testing against a password hash). So I am having some
> difficulty understanding this claim.
>
> What I suspect is that the entropy of the passwords is actually far
> less than what the creators of it imagine.
>
> Cheers,
>
> -j
>

Don't know what to say - google is your friend? One of the reports said
the cell had used a password of "X" characters long, and it was so
difficult to memorize that one member of the cell wrote it down, which the
FBI found and is how the FBI gained access to the laptop. I forget what
"X" was, but at 3.9 bits of entropy per letter it came out to just over
100 bits of total entropy (26 letters? - that doesn't sound right, it
might have been 28 ) but if they were truly randomly chosen characters the
entropy would have be more.

> What I suspect is that the entropy of the passwords is actually far
> less than what the creators of it imagine.

I don't think the FSB makes those sorts of mistakes

Gordon Burditt

unread,
Apr 11, 2013, 2:19:31 AM4/11/13
to
> Sounds like a custom boot screen that displays large numbers in a
> countdown from ten would go over quite nicely.

I have a smaller device that does that, counting down from 30 when
operated. Further, it goes with another gadget intended to draw
(small quantities of) blood. If 80% of the TSA inspectors understand
that this medical device is not dangerous, 10% will try to steal
the device, and half of the remainder try to arrest me without
shooting first, that's still an unacceptable chance of death to me.

The TSA takes jokes very seriously. One passenger said "Knock
knock", and before his wife could answer, he found himself in
handcuffs. When he said "it was a joke!", the TSA-inspector-in-training
took it as a confession. Apparently he thought that a joke, *any*
joke, could have taken out the World Trade Center.

There's another technique that might work against minor-league
snoops (e.g. your wife, her divorce lawyer, and a private investigator,
or perhaps your kids looking for porn) but it would be best not to
annoy the TSA or Homeland Security with them.

There's a special kind of boot disk (e.g. on a CD-ROM) and
remote-bootable boot image commonly used by Internet Cafes and such.
It's probably also used by IT departments to set up computers in a
standard way when they have hundreds of setups a year for new
employees. When you boot it, it wipes the system and re-installs
a fresh version of the OS. The setup is pre-programmed and it
doesn't ask any questions. It also may not be particularly chatty
about what it's doing. (Now, if *YOU* boot up the system at customs
and let it wipe your drive, they may try to arrest you for destruction
of evidence.) Ok, this isn't really designed for crypto-quality
erasure but it could be adapted for it.

One cafe I know of used a boot over the network so the system image
couldn't get corrupted from the customer machines. The boot image
was on CD-ROM in a read-only drive on the server. It does not use
an actual secure erase program (which would take too long for a
large disk) but it might ensure that every hard disk sector gets
written over at least once. The main purpose of this is (a) wiping
out any viruses, spyware, or malware brought in by the last customer,
and (b) preventing the next customer from snooping on data left
behind by the last customer.

Some of the programs commonly used on Windows (e.g. Outlook) were
set up to use data files in the home directory on the user's USB
drive, which the user was expected to supply and take with him when
he leaves. The USB drive might have viruses on it that the user
picked up elsewhere (e.g. his work computer), but it shouldn't pick
up any new ones or infect other customers. Also, there was anti-virus
software installed on the system. Lots of users stopped by to
modify some spreadsheets, then print them on the color printers at
the cafe.

A potential snoop that comes in without a subpoena or badge might
be able to bring in forensic software but they can't walk out with
the computer, disassemble it and attach the hard drive to something
else, or other stuff that would attract attention. (The cafe tells
customers to be sure to reboot the system before they leave, and
does it if they forget.) Note: customers didn't get 'Administrator'
access to the system and I don't know whether the forensic software
would work without it.

How could you use it? Well, one simple way is to leave your laptop
powered off with a system-install CD/DVD in the CD/DVD drive. If
anyone just powers it up and waits, the system gets wiped. Use
with care: I'm not sure that holding the EJECT button down, THEN
powering up the laptop will consistently prevent code execution on
all laptops. Also, it's probably more likely that YOU will
accidentally wipe the system than some unauthorized person would
(but the valuable data you keep encrypted on a USB drive on a chain
around your neck, right?).

If you're designing your own quick-wipe program, the first thing
it should go after would be potential locations for the keys on
hidden partitions (without asking for the key!). Then get the
partition table, root directory, etc. of the public partition.


How secure is your data from snoops if you travel internationally,
take a laptop with a fresh install and some SPAM emails through
customs, and put your sensitive data on a USB flash drive, encrypted
with the strongest algorithm you can find (which we'll assume the
NSA can break anyway), and *mail* it? Or how about if you download
it (encrypted file, of course, and you might as well download it
with ssh) over the Internet from your company server?

Jeffrey Goldberg

unread,
Apr 13, 2013, 12:24:07 AM4/13/13
to
On 2013-04-09, David Eather <eat...@tpg.com.au> wrote:
> On Wed, 10 Apr 2013 01:04:10 +1000, Jeffrey Goldberg <nob...@goldmark.org>
> wrote:
>
>> On 2013-04-09, David Eather <eat...@tpg.com.au> wrote:
>>
>>> From recent reports of sleeper spies caught in the USA it seems the FSB
>>> considers passwords of between 100 to 110 bits necessary for security. I
>>> would trust them on that.

>> Can you point me to some more information on that. [...]

>> What I suspect is that the entropy of the passwords is actually far
>> less than what the creators of it imagine.

> Don't know what to say - google is your friend?

I came in late, so I don't actually know what case you are all
talking about. So I'll search on the little that I have.

> One of the reports said [...]
> but at 3.9 bits of entropy per letter it came out to just over
> 100 bits of total entropy

>> What I suspect is that the entropy of the passwords is actually far
>> less than what the creators of it imagine.

> I don't think the FSB makes those sorts of mistakes

Probably not. But the various "reports" certainly could make such
mistakes. It wouldn't be the first time that law enforcement
statements exaggerated the strength of what they were up against.
Message has been deleted

The Daring Dufas

unread,
Apr 13, 2013, 9:45:14 PM4/13/13
to
On 4/13/2013 6:55 PM, G. Morgan wrote:
> David Eather wrote:
>
>> From recent reports of sleeper spies caught in the USA it seems
>> the FSB considers passwords of between 100 to 110 bits necessary
>> for security. I would trust them on that.
>
> I use "pass phrases", a sentence I can easily remember with added
> numbers that are meaningful to me (with CAPS spread around randomly)
> - but not tied to any of my personal information (birthdays, SS#'s,
> etc...). I'll use a birthday of someone I know for instance, but no
> way would my adversary make the connection.
>

I'll use fractured fairy tales or really screwed up stories that have
meaning only to me. "Mary had a little lamb who''s fleece was black as
coal and everywhere that Mary went, the lamb would shout, Hey Yo!" There
are many other examples of long passwords I'll use, some of them very
perverse and would be fun to have a judge demand that I reveal them. The
defendant is ordered to reveal the password to the system. "Kiss my
hairy red ass you Nazi pig!" The defendant will reveal the password or
be charged with contempt of court. "I just gave you the password your
honor. It is (Kiss my hairy red ass you Nazi pig!)" It's better when
the exclamation point is used and the password shouted. ^_^

TDD
0 new messages