[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Opiated file systems




Rob <[email protected]> writes:
> On 16 Jul 96 at 19:21, Mark M. wrote:
> > > A problem with a c'punk-style encrypted fs with source code and wide 
> > > distribution is, of course, that attackers will KNOW that there is a 
> > > duress key.
> > 
> > I don't see how this would effect the security of such a filesystem.
> > There is absolutely nothing that an attacker can do to get the real
> > key.  An attacker would just ignore all computers that have duress
> > key capability.
> 
> [attack on duress system]
>
> 3. reverse-engineer file system driver to figure out how the
> duress-key works,

I thought the presumption was that source code was provided (for the
duress feature too)?

The whole system should be designed to withstand scrutiny as to
whether or not there is a duress file system on any given disk, on the
assumption that the opponent as full access to the source.

ie. the attacker can not tell without the hidden file system key (if
one exists) whether the unused space on your drive is really just
that: unused space filled with garbage, or whether it is in fact
another encrytped filesystem.

They might be suspicious, but I don't think they would be able to
claim you were in comptempt of court, if you provide the 1st key and
claim there is no other key: the software has support for either 1 or
2 filesystems.

Adam