Two Factor Authentication
>While cracking PGP would seem a pretty tall order, surely using a password
>cracker to throw random passwords at it would stand a fair chance of success,
>given that most non-techie people dont really get the need for complex
>passwords
My guess is a lot of people in these nefarious circles do understand strong passwords -- and even if they have a weak one, many are smart enough to use two-factor authentication. You probably don't want the 2nd factor to be your fingerprints which you can be forced to provide :D
Yeah, you can rainbow table at the password.
So you use passphrase like, "Whn in th Cours of human vnts it bcoms ncssary for on popl to dissolv th political bands which hav connctd thm with anothr and to assum among th powrs of th arth, th sparat and qual station to which th Laws of Natur and of Natur's God ntitl thm, a dcnt rspct to th opinions of mankind rquirs that thy should dclar th causs which impl thm to th sparation."
Very common phrase, not that tough to memorize, readily available in most libraries or having a book with that phrase in your house isn't attention getting in case you forget it. And deleting the "e"s just make it that much tougher for a rainbow table to be generated since plain words alone aren't enough. That would take one heck of a rainbow table to match.
But that's absolutely useless without knowing the keyfile.
So I open up my favorite ASCII editor and from memory, or just a common history book in my house or any library, type out:
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. "
And now let's reverse a couple lines...
"but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue,"
And let's use search-and-replace to get rid of "u" and replace "a" with "xyz734" and finally just sequentially change the 4 in a repeating pattern that's easy to memorize but means simple substitutions alone are not sufficient:
"bt pon probxyx734ble cxyx735se, spported by oxyx736th or xyx737ffirmxyx738tion, xyx739nd pxyx734rticlxyx734rly describing the plxyx733ce to be sexyx732rched, xyx731nd the persons or things to be seized. The right of the people to be secre in their persons, hoses, pxyx734pers, xyx735nd effects, xyx736gxyx737inst nrexyx738sonxyx739ble sexyx734rches xyx733nd seizres, shxyx732ll not be violxyx731ted, xyx734nd no wxyx735rrxyx736nts shxyx737ll isse"
Save it, open the encrypted partition using my password and the keyfile. Then use a shredder program to erase the keyfile -- after all, I know the three simple steps to recreate it in the future.
Oh, and you might even give them plausible deniability and a low-value "win" -- an encrypted partition within and encrypted partition that can not be proven to exist by the standards of a court of law. So you put the child porn you only obtained off the internet in the outer partition, "Blimy, you got me, I give up! Give me my 2 years in jail and 10 years of probation!" Of course the pictures you produced yourself are hidden in the inner encrypted partition you don't tell them about.
Will this save you from active police or intelligence surveillance? Nope. Keyloggers, hidden cameras, etc could all provide the clues they need to figure out what you're doing.
But it will pretty darn well fustrate them if they didn't do the surveillance and are instead relying on you being intimidated to being self incrimination.