If it was specified, and then used to open the container, the
container would be written to from the tail end inward. That is to
say, the sectors would be used in reverse order. Call this side "B".
There would be no way to prove that this optional second password
feature has been used, and a user could provide a password to open
side "A" of the container and reveal "less" secure documents.
When the second password is used, the software could size the
container to prevent overwriting of side "A". This could not be done
when side "A" is open without compromising deniability.
Shaun, could such an approach be made to work?
Offshore Guy wrote in message
<0evgaucgfj1qmjq8n...@4ax.com>...
______________________________________________________________________
Posted Via Uncensored-News.Com - Still Only $9.95 - http://www.uncensored-news.com
With NINE Servers In California And Texas - The Worlds Uncensored News Source
if you run this through a debugger, seeing the thing
starting from the back and going to the front is going
to alert anyone that you've given out the dummy
password
remember the entire os is easy to debug, DCPP low level
development was basically done this way, I used a linux box and a
i386 emulator, I had a windows box running within my
linux box, and could watch each cpu instruction execute.
what you really need is for 1 or more containers within your
container but done in a way that does not allow someone who
has the full source code, and can debug your cpu to know if
you've given out the real password or some dummy, the software
itself must not care or be able to tell which is which
I talked to the SecurStar people about just such a system 1 year
ago, but it's on the back burner thanks to other priorities,
one problem with a product like this, is it's hard to think of
a legitimate reason for this sort of product...
In article <0evgaucgfj1qmjq8n...@4ax.com>,
offsh...@offshore.com says...
One I can think of is people living and working in countries without free
speech, or with corrupt governments, where the suspicion of hidden data
would be damaging enough..
hang on - isn't "corrupt government" an oxymoron?
Simon.
but could I make 2 observations:
1. do people living in the third world actually have both a) computers
and b) the money to afford to buy software?
2. for that matter do they even have electricity?
Granted England, probably is getting close to third world levels of civil
liberties, but the unspoken truth is that the overwhelming majority of users
for this solution are not going to be living in the third world, and are not
fighting "the just fight" against "cruel, and ruthless dictators"
In article <1018449421.426.0...@news.demon.co.uk>,
nos...@never.com says...
>
> 1. do people living in the third world actually have both a) computers
> and b) the money to afford to buy software?
yes. especialy westerners helping them such as Amnesty int staff..
> 2. for that matter do they even have electricity?
yes, and soler cells, and cell phones, and satelite tv..
Simon.
this conversation has been dragged hopelessly off-topic, and I don't often
climb onto a public soap box, but here goes:
the "western" Amnesty guys don't set foot in the third world, most if not all
are simply armchair activists issuing press releases in the west about alleged
abuses in these places, yes there are "Amnesty" people all over the third
world
but these guys are basically locals and probably don't own a computer,
never mind a telephone, modem, or an internet account, yes there are NGO's and
western
people in third world places but they're not there to stir up political
descent,
and certainly don't make disparaging remarks about their host countries,
if they did they would be "disappeared"
>
>yes. especialy westerners helping them such as Amnesty int staff..
>
>> 2. for that matter do they even have electricity?
>
>yes, and soler cells, and cell phones, and satelite tv..
>
>
you must have visited a different third world to me,
where exactly in the third world did you visit?,
the oppressed masses of the third world don't have
any of these things, the third world rich do, but the rich are
exactly the people who are not about to blow the whistle on the
local system, because the fact that the masses are the uneducated,
un electrified, exploited, hopeless retches that they are
is exactly why the third world rich are rich
no not at all, E4M source would not be available free now+source if I did not
value privacy and civil liberties, it's just whole "fighter for human rights
thing" is overplayed.
The real trouble is that people in "important" countries are by far the
main users (maybe the only users), and maybe using the product for
things which their countries consider "illegal", but nobody
want's to confront head-on the issue that many western laws are
unjust, especially for example the UK RIP Act, the seizure of property
before trial in the US, not to mention detention without trial in the UK/US,
the UK restrictions on free speech which "incites hatred", the higher
likelihood of minorities facing capital punishment in the US, not to
mention the blanket surveillance of global communications; the banning
in Germany and France of nazi era symbols, the banning of far right
political groups in Germany, the criminal levels of taxation in the OECD,
the attacks on the right of adults to view adult material, etc it's
much easier for western software companies when confronted with these
issues to simply deflect them with the
"fighter for freedom in the third world" argument because the
issues are too controversial! they get away with it because third world
people are excellent scapegoats, most don't have electricity, computers,
phones, TV's and probably cannot even read! Africa for example has only 5
or 6 countries with Internet service providers out of 55 countries
(not counting any new ones which may have popped up there while I was
writing this post); and anyway third world people are far more likely to
need AK's to fight for freedom, than software.
What do you mean 'alert anyone'? You mean 'LEA hackers'
monitoring your system??
>
> remember the entire os is easy to debug
And?
> what you really need is for 1 or more containers within your
> container but done in a way that does not allow someone who
> has the full source code, and can debug your cpu
What are you talking about? Who can debug my CPU? When?
While I am typing the passphrase or loading from the container?
By a stealth key-logger-sort-of debugging utility?
> one problem with a product like this, is it's hard to think of
> a legitimate reason for this sort of product...
Plausible deniability (even stronger than steganography)
In article <8d5e27d5.02041...@posting.google.com>,
flar...@yahoo.com says...
> if you used the system the original poster suggested it wouldn't
> take them long to figure out you'd given up the dummy password
How would they know? Such a feature has already been implemented
in BestCrypt. AFAIK there is no chance to prove that a second
password and a hidden container have been used (no matter if being
debugged). Where is the weakness?