[Enigmail] Enigmail beginner

Sat Dec 27 15:31:18 PST 2008

> If you have a truecrypt volume of (say) 1G in size, and show that you
> can fit almost 1G of data, allowing for filesystem overhead, wouldn't
> that be sufficient to show that you don't have a hidden volume?

Yes.  No.  Depends entirely on how large of a hidden volume the
authority figure thinks you'd need for the secret.  If you can
definitively show there's not enough room in the TrueCrypt container for
_any_ hidden volume, then sure, you're probably good.  But that's a hard
road to hoe, given how small volumes can be and how large most TrueCrypt
containers are.

The same argument can be used for steganography, by the by: there's a
line of reasoning that says steganography is dangerous to innocent
people, because if steganography works then anyone can fall under
suspicion for having any kind of forbidden data imaginable.
Fortunately, steganography doesn't work.  (See Moulin & O'Sullivan, _An
Information-Theoretic Analysis of Data Hiding_, if you want to dig into
the math; it was published about ten years ago and is absolutely
fascinating reading.)

Incidentally, I think this conversation right now is on topic for the
list.  We like to keep the list a good place for people to learn how to
think about computer security, not just a place to learn how to use
Enigmail.  The ideas that we've been talking about in the context of
TrueCrypt also appear in OpenPGP.

Every few months, on one mailing list or another, some well-meaning but
misinformed person will say something like, "I sign everything, so that
nobody can forge a message from me."  This is another proof issue.  With
the TrueCrypt example, you want to prove that you don't have a hidden
container.  With this OpenPGP example, you want to be able to not only
prove you wrote something -- you want to be able to prove you didn't.

OpenPGP can help you, or other people, prove you wrote something.
OpenPGP cannot help you, or others, prove you didn't.

I came up with an example when I was in grad school of an undergrad who
decides to get revenge on me for a poor grade by posting vile messages
to skinhead forums under my name.  These get discovered and I get hauled
into the dean's office.  I explain to the dean, "but I sign all my
messages!  Those weren't signed, therefore I didn't send them!"

The dean, who is no dummy, shrugs and says, "Or you chose not to sign
them, in order to be able to deny them later.  We're sorry, Rob, but we
have to put you on suspension while we conduct our investigation."

The TrueCrypt scenario is exactly the same as this frame-job scenario.
All that changes are the technologies used.

TrueCrypt will not allow you to prove you don't have a hidden container.
OpenPGP will not allow you to prove you didn't author a particular
message.