secure file system

[Kemp]

Exactly Pype, it may not be illegal to encrypt your data, but if you're under investigation and you refuse to show them what it is (especially if it appears to be directly related to what you're under investigation for) then they will probably have to assume you're not showing them it because you know it would incriminate you.

[Candy]

Honestly, I don't think so. If someone accuses you of having commited a crime he has to proof that you did that. It's not the other way round. At least in Germany, where there's also no restriction on using cryptographie imho.

It's "beyond a reasonable point of doubt" in nearly all laws. If you encrypt your data visibly and refuse to help them in their research, you're also unnecessarily halting investigation which iirc is also in the law.

Just look at a number of cases in the past. People are being put behind bars for over a month because they're the prime suspect and they can't find anybody else who could've done it (Joran van der Sloot recently in the US Natalee Holloway story, he was put behind bars for over a month for being the last known to see her alive).

[Pyr0Mathic]

Joran van der Sloot recently in the US Natalee Holloway story, he was put behind bars for over a month for being the last known to see her alive

In that case there was also a lot of presure from the US and that the guy was dutch, correct me if am wrong, so he would have left on the next plane back Holland, like any other sane person would do, but u do have a point.

On the other hand if they would catch you whit 10 tera of mp3's then u will have a bigger problem....

and then off-course dont forget that the goverment is able to see what sites you access and how much you download, maybe even what u download. So again you lose...

Then there is another problem since if you encrypt your data on a windows machine it probely has some worms or other mallware in it, which might log every key you press or other things like copy files you just accessed, while they where decrypted. so you would also require a computer whitout windows and no internet connection. but then again if you where to assume this, then you would be better of if you just wouldnt download any illigal content .

[GLneo]

but what about the people who are traced from a floppy or something

http://www.politechbot.com/2005/03/02/its-good-to/
http://www.applefritter.com/node/6703

[blip]

and then off-course dont forget that the goverment is able to see what sites you access and how much you download, maybe even what u download. So again you lose...

Off topic I know, but you could start making it harder by using something like TOR.

[B.E]

The NTFS has an ecription option. It is encrypted on your User ID, now if encrypt a file with that account and then delete the account, if you get cought an they ask you for the decryption method, what are you going they going to say when you can not recover the data?

[Kemp]

Deleting a user account on XP, especially one you've used to the extent of wanting to encrypt data with it, isn't exactly a routine thing and would probably promote a lot of suspicion in these circumstances. Plus I'm sure there's a backdoor, it's a MS product after all.

[B.E]

Deleting a user account on XP.

When the user's prfile is corrupted, microsoft says to delete and recreate the user, your user ID is chenged, so you can't access any of the encrypted files. I had a problem with on of my users profile, and i had to delete it and recreate it.

especially one you've used to the extent of wanting to encrypt data with it isn't exactly a routine thing and would probably promote a lot of suspicion in these circumstances.
[/qoute]
wtf. It is only one setting in the explorer to use encryption, even when you add new files to a encrypted folder it is automaticly encrypted. When you open a file it is decrypted by the file system driver.

My point was, it may be a design problem in the fs. that is not allowing you access(Decode) your file which is not your fault.

BTW. any security paranoide person would encrypt there files.

[guest]

The NTFS encryption is not particularly strong IIRC, the private and public keys are also stored on disk in the user's profile folder (which can be undeleted).

On Linux, the loopback devices support on the fly encryption, just shove all that stuff in there and store the key on removable media or memorise a long password. On the outside it'll just look a normal file, other than the fact that it'll probably be several gb in size it would just look like it was full of garbage as long as they don't find the key. You can also make it less obvious by using dm-crypt to encrypt an entire real partition and deleting it's entry from the MBR. In that case it would just look like free space filled with garbage [recommended that you have the partition at the end of the drive, obviously].

[Solar]

On the jurisdiction side: If you are the one being persecuted, it is your good right - in the US, Germany and many other countries - to refuse testimony if it would speak against you. They have to find evidence without you helping them. I honestly do not think the fact that you are withholding encryption keys can be held against you if you are already on the dock.

In the very least, they have to provide a court order for you to present the keys, which they should only get if the judge deems the evidence to be convincing already.

And if the "key" is a passphrase, well, no-one can sue you for forgetting it.

Regarding Pype's "if you encrypt, you've got something to hide" - that's what the governments are trying to do for many years already, with stunning success. Outlaw something, and only outlaws will have it. It's a stupid, stupid way of thinking. If the postal service would require you to leave your letters open so they are easier to read and tamper with by the government, would you comply? Would you agree with people being deemed suspicious just because they seal their letters? If you don't, why don't you use PGP for all your e-mail, confidential or not?

The crooks and terrorists use steganography anyway.

You know, if everybody would encrypt, or at least sign, all e-mail with the public key of the recepient, that would be a 100% fool-proof spam filter right there. No spammer could afford to get and use all those individual public keys, bye-bye mass mailings. Just filter out any mails that are not signed with your public key.

PS: My PGP fingerprint is 0xA7E3A71B. You are welcome to encrypt any mail you send me, trivial or not.

[Rob]

but cause Windows sometimes has great errors in its filesystem. due to that i already lost lots of data... And if u write it yourself, then u atleast know how is to blame .

Why is it that everyone else in the world is not loosing data
with NTFS or any other serious filesystem? Yes, it may have
some bugs, but I seriously doubt you lost data due to any in
the filesystem driver code (of any major filesystem driver).

I seriously doubt you or a lot of other people (myself included)
can write a more *reliable* driver.

Encryption is one of the hardest things to do right. Especially
in algorithm design but also in implementing it properly (and not
just the algorithm, but everything surrounding it).

I'd much rather trust something like TrueCrypt for encryption
than anything I would program. I am not a security expert,
and neither are most programmers out there.

p.s. I know there have been cases of people loosing data with
NTFS or other filesystems. However, millions of users *AND*
businesses are using it without any problem 24/7!

[Kemp]

Yup, neither me nor anyone I know has lost any data due to a filesystem driver bug, and it's rare we lose any data for any reason (I believe about the only one would be forced or accidental restarts).

[Pyr0Mathic]

Yup, neither me nor anyone I know has lost any data due to a filesystem driver bug, and it's rare we lose any data for any reason (I believe about the only one would be forced or accidental restarts).

still i already got it about 4 times..... still in last 2 years, but still it damaged several partitions on several diverent drives every time, and the most unusual part is that it never happens to my boot drives. So it could also be a virus or something else, not nessecarily a bug.

also it is very true that i probely wont be able to write a secure file system driver whitout any bugs....

Regards.
PyroMathic