[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Opiated file systems

To: [email protected]
Subject: Re: Opiated file systems
From: Adam Back <[email protected]>
Date: Thu, 18 Jul 1996 23:15:29 +0100
CC: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
In-reply-to: <[email protected]> (messagefrom The Deviant on Thu, 18 Jul 1996 02:12:44 +0000 (GMT))
Sender: [email protected]

<[email protected]> writes:
> On Wed, 17 Jul 1996, Adam Back wrote:
> > A problem yes.  My thoughts were that you would effectively have two
> > filesystems and use them both yourself for real work.  That is to say
> > that you would say have some consulting work doing some programming or
> > something, and use the 1st encrypted filesystem for this work.  If
> > this work was covered by an NDA, so much the better, as it would
> > provide an understandable reason for encrypting.
> 
> Good Idea, but I also like the idea of selective-duress, i.e. not
> necisarily having a duress key at all.

That was my meaning: either 1 or 2 filesystems, at the users option,
and for the file system to look the same to anyone not holding the 2nd
key (if there is one) whether or not there is a 2nd hidden file system.

> There's also an Idea me and Mouse had, which is to have a fault-tolerant
> duress system.  Its something like this...  You have a Duressfs and a
> Non-Duressfs.  If they enter the duress key is entered wrong, but only by
> a certain percentage of characters (i.e. sex instead of hex), it lets you
> see the Duressfs.  If you do this too many consecutive times, it runs the
> DuressNuke function (optional?).

More subtle than straight nuke the data, but still they'll have the
backup, and the code to reverse-engineer.

Another idea might be to have secret shared keys to your encrypted fs,
so you can't access your file system without your friend(s)
co-operation.  That would give your friends an opportunity to nuke
their share of the key before they got their dawn raid.  You could
automate the nuking, with some pre-arranged policy for key destruction
(eg the computers could bounce messages off each other, and if this
stops the key-portion gets nuked).

However, the opposition is already one step ahead: simultaneous dawn
raids were the fad during operation Sun-Devil, just in case of such
schemes I presume.

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)

References:
- Re: Opiated file systems
  - From: The Deviant <[email protected]>

Prev by Date: Alternative Journalism
Next by Date: Re: Opiated file systems
Prev by thread: Re: Opiated file systems
Next by thread: Re: Opiated file systems
Index(es):
- Date
- Thread