[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Give me your password- OR ELSE!

To: [email protected]
Subject: Give me your password- OR ELSE!
From: "Alan (Miburi-san) Wexelblat" <[email protected]>
Date: Wed, 24 Nov 93 11:18:49 -0500
In-Reply-To: "Philippe Nave"'s message of Tue, 23 Nov 1993 21:49:49 -0700 (MST) <[email protected]>

It seems like it would be relatively simple to program in a sort of dead-man
switch at the time of creation of the secret key.  As with other double-pass
systems, use of the second phrase works once, but either/both sends a silent
alarm and changes the passphrase to get the secret key.  If you want to get
fancy, you might even program in a script that, on activation of the 2nd
"duress" phrase would run around re-encrypting everything with a second
private key.

As you can imagine, there are increasing levels of personal security you
might employ.  For example, using the duress phrase might be set up to
change the pass-phrase to something *you* don't know but which is known by a
trusted other party (wife, mother, agent/lawyer, etc.).  Knowing this phrase
doesn't help them since that phrase can't access your secret until *after*
you've given the duress phrase and the software has disabled your normal
access phrase.

Depends how paranoid you want to be and how valuable your data is, I
guess...

--Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard
Media Lab - Advanced Human Interface Group	[email protected]
Voice: 617-258-9168, Pager: 617-945-1842	PUBLIC KEY available by request
"To pleasure!" "To passion!" "To paradise!" "To pain!" "Tonight!"

References:
- Give me your password- OR ELSE!
  - From: "Philippe Nave" <[email protected]>

Prev by Date: Re: strong crypto => increase in rubber-hose attacks?
Next by Date: ANNOUNCEMENT: Markey Bill debuts in house.
Prev by thread: Give me your password- OR ELSE!
Next by thread: Re: Give me your password- OR ELSE!
Index(es):
- Date
- Thread