[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Give me your password- OR ELSE!



Jim Miller writes :
> 
> Assume you use strong crypto to protect your secrets.
> 
> Assume a lot of people start using crypto to protect their secrets.
> 
> Assume there are people who want to discover these secrets.
> 
> 
> Might we some day see an increase in the number physical attacks as bad guys  
> resort to rubber-hose methods to get at the keys that protect the secrets?
> 

I think this phenomenon is more or less inevitable, unless serious thought
is given to a way to prevent it. Let's take a simple example and progress
to a more complex scenario:

If I want your money, I could steal your ATM card and try to deduce the PIN
number (tough), or I could wait in the bushes with a .44 until you use the 
ATM and either steal the money you get out (easy) or convince you to tell me
the PIN number (harder, although a .44 is remarkably persuasive). However,
it's easy for you to lock me out of your accounts by changing the PIN number
the next day - to get continued access to your account, I'd have to get the
PIN number and then kill you (begging your pardon, of course). Even if I did
all that, all I'd have is a bank account. Hardly worth it.

If I want your *life* (metaphorically speaking; your network connections, your
digicash, your 'reputation capital', etc.) and all I have to do to get it is
beat your PGP pass phrase out of you and kill you afterwards, you're in much
more danger. I could lie in wait, get your pass phrase, (ahem) remove the 
evidence, and step into your net.shoes the next day.     

Bottom line: As the value protected by our encryption systems increases, we
must devote more effort to the solution of problems like the thug with the .44
(or the jealous co-worker; insert favorite bogey-man here) who wants our 
password. Key revocation certificates are nice, for example, assuming you are
able to issue one - 'dead men revoke no keys,' however. Duress codes seem 
like a better deal; even though the enemy may kill you after you give him 
a code that (seemingly) works, your 'estate' would be protected. What we
*really* need is a hat trick that makes strong-arm tactics useless - 
any ideas? When the tactic of beating a pass phrase out of a citizen becomes
as stupid as killing for a PIN number, we'll know we've succeeded.

<Shudder>
 
Damn! My coffee's gone cold. I'm off to get a refill- talking about killing
people has given me a definite chill. Not my favorite topic.

........................................................................
Philippe D. Nave, Jr.   | The person who does not use message encryption
[email protected]   | will soon be at the mercy of those who DO...
Denver, Colorado USA    | PGP public key: by arrangement.