Shaun

Nice to hear from you. I hope you are well and prospering in 2014 -
at the very least, as one of the pioneering cryptographers (up there
with Schneier and co, at the very least), you deserve to.

I like the inverted commas around "official" - as a euphemism, I think
we all (the few who still scan this group) know what it means esp. in
post-Snowden times.

To the point:

Your commentary relates predominantly to what I call "easy
encryption". That is, standard container encryption with a key.
Practically anyone with an IQ over 70 can create a container and
encrypt it -most such encryption will, until the advent of quantum
computing proper, remain unbreakable (within reasonable computing
time).

The other end of the spectrum, to which I was referring, is the
complex, plausible-deniability driven hidden OS type encryption. These
technologies, of which two stand out (DCPP and TC), are both driven by
AES256, are reasonably complex to implement properly and safely and
are those which aggravate the snooping authorities to the greatest
degree because there is not only little if any difference at raw level
between unformatted platters and hidden OS partition if the key to the
sacrificial OS is provided, but there is no leakage from the hidden OS
(and in the case of TC, rendering of all other drives "read only" -
I'm not certain what the analagous case is with DCPP). An encrypted
container sticks out like a sore thumb and is what is used typically
by say 95% of those in medicine, law, accounting, public services and
so on - the knowledge it is there is often good enough for the snoops.
The law takes over in many countries and there is a jail sentence for
failure to disclose the key(s).

There is no such equivalent knowledge available to the snoops in
respect of DCPP and TC. Those partitions are ascertainable, but the
contents are indistinguishable from a raw partition. At medium
sophistication, they do not know whether the sacrificed OS keys
represent the only encrypted component of the drive, or whether the
partitioning is a clue that there is another OS. Not enough to invoke
the law regarding disclosure of keys if there is no reasonable
evidence that there is indeed some encrypted component of the drive to
which such keys would relate. Only clearly evident containers have
been taken to court under the disclosure laws.

So, in my view the primary target of official approaches to encryption
organisations would be to somehow either backdoor FDE with hidden OS
(at the preboot stage) or somehow allow for identification that there
exists a hidden OS in the free space of the sacrificial. Both
approaches would be protected by law in the US - that is, there would
be an embargo on disclosure by the private organisation (so much for
the constitution).

The devs of TC protect themselves by being completely anonymous. No
one knows who the heck they are and probably never will. An approach
cannot be made to a shadow, which he/they are.

In your case, Securestar is incorporated in Deutschland, which has
much stronger digital privacy laws than the US and as far as I know,
no mandatory key disclosure laws. The totalitarian history of Germany
also means that there is a much stronger will to protect private data
- lest the drift back to Hitlerian ways of thought begin. In my view,
it is the best country in which to incorporate and operate an
encryption developement business. I therefore have no doubt that (a)
probably there has been no NSA level attempt at coercing a backdoor or
tag into your preboot authentication protocol; (b) if there has, it
would have been easily repulsed as the non-disclosure laws relating to
such contacts/requests/requirements do not obtain in Germany; and (c)
you personally have a reputation for integrity of the highest order
and, as the primary asset in Securestar, that integrity is
unimpeachable.

In my view however there is a problem with plausible deniability in
DCPP pre-authentication which doesn't appear to trouble TC - that is
(from memory - I haven't used DCPP now for at least 5 or 6 years or
more) that it was then at least discernable from the PB routine that
there were two pathways - one to the sacrificial OS and the other to
the hidden. This may have been fixed but from memory was present when
I last used DCPP and would be open to forensic proof that there was,
on balance, an encrypted system in the encrypted system. This can't
be ascertained in TC forensics.

As both systems are used in countries which do have mandatory key
disclosure laws, with jail sanctions, this is/was an important
difference.

You mentioned in your reply that "such a thing would be leaked". Well
no, Shaun, not when the full weight of the NSA or its equivalent in
most countries (GCHQ, ASIO etc) is brought to bear and the leaker
would probably disappear into a black hole for a very long time. The
"hidden devs"which many rail about have an excellent defence - they
are unknowable and their identitied have never been leaked. Are they
NSA? Who knows - if they are, then only national security would force
the backdoor open (not trivial FBI local enforcement issues) and the
entire tableau would be closed off, sealed and dropped into permanent
obscurity - Director's eyes only stuff. They probably aren't and
that's why I use TC - and I don't deal in national security matters,
I'm relatively happy with the status quo so for my purposes, TC is
suitable (business matters, patents, marketing, invoicing, etc).

All of this is a little more than academic for me after Snowden (lol,
in lieu of BC, AD etc - AS - "after Snowden") as I am a libertarian of
the highest order. Snowden set back the Orwellian march by decades.

By the way, it seems that in these times NNTP traffic is probably the
last reasonably secure means of communication on the planet. Pick an
NSP whose servers can sit out of the US, and is incorporated in
another country (astraweb comes to mind - EU servers and inc in HK)
and NNTP is fairly much ok. At least for these types of issues which
we are discussing.

kind regards

thang