[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Dead mans stick
-----BEGIN PGP SIGNED MESSAGE-----
- ->
From: "Alan (Miburi-san) Wexelblat" <[email protected]>
To: [email protected]
Subject: Give me your password- OR ELSE!
It seems like it would be relatively simple to program in a sort of dead-man
switch at the time of creation of the secret key.
[...]
As you can imagine, there are increasing levels of personal security you
might employ. For example, using the duress phrase might be set up to
change the pass-phrase to something *you* don't know but which is known by a
trusted other party (wife, mother, agent/lawyer, etc.). Knowing this phrase
doesn't help them since that phrase can't access your secret until *after*
you've given the duress phrase and the software has disabled your normal
access phrase.
<-
The problem with the duress phrase seems to be this:
One would use such a phrase when physical site security had been
compromised no?
Let's assume government types (which seems to be the hint I get when
you suggest the alternate pass phrase being held by your lawyer.
It's fairly easy to duplicate the key and stick it somewhere
on a floppy and try the passwords extracted from you
via rubber hose method on the copy rather than the original.
In fact, if people being to use duress codes, it seems that this would
become standard practice, if it's not already.
In as far as the idea behind a duress code is to keep you from being
beaten repeatedly by making it impossible for you to decode the
information alone, copying the encrypted key defeats this method.
:(
- ->
- --Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard
Media Lab - Advanced Human Interface Group [email protected]
Voice: 617-258-9168, Pager: 617-945-1842 PUBLIC KEY available by request
"To pleasure!" "To passion!" "To paradise!" "To pain!" "Tonight!"
<-
-----BEGIN PGP SIGNATURE-----
Version: 2.3
iQCVAgUBLPmWBhibHbaiMfO5AQEQuQQApDtaIxVjjZvdUYD9Jl6FZGdq62SpPM+y
KMqsIvSOhPOK2kOsoAyLuIN4+bXVUyTHiAkYX/ye2q2gqj9yrOLvkGyH6yak5YFi
xoOCYx6qGScHeoqwpJKoRTTwUjAo79ZmXupA+ylX527eQDILwZJa+W+wSln/rXhG
zajsBTeG/mw=
=B4y+
-----END PGP SIGNATURE-----