[34584] in cryptography@c2.net mail archive
Re: [IP] more on Can you be compelled to give a password?
daemon@ATHENA.MIT.EDU (Ariel Waissbein)
Mon Aug 7 11:04:08 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 07 Aug 2006 11:31:15 -0300
From: Ariel Waissbein <wata.34mt@coresecurity.com>
To: Ed Gerck <edgerck@nma.com>
Cc: Cryptography <cryptography@metzdowd.com>
In-Reply-To: <44CA6C5C.7010402@nma.com>
Hi,
Please notice that a second "distress" password becomes useless if the
would-be user of this password has access to the binaries (that is, the
encrypted data), e.g., because he will copy them before inserting the
password and might even try to reverse-engineer the decryption software
before typing anything. So I'm not sure what is the setting here.
Cheers,
Ariel
Ed Gerck wrote:
> List,
>
> the Subject says it all. This might be of interest
> here, for comments.
>
> --------------------
> The answer is definitely NO even for the naive user,
> just requiring the tech-savvy for set up. Several
> examples are possible.
>
> John Smith can set two passwords, one for normal use
> and the other when in distress. The distress password
> may simply announce that the data is expired or, more
> creatively, also make the data unreadable.
>
> John Smith can also set two passwords, one of them
> unknown to him but known to a third-party (that
> John S does not have to trust) that is subject to
> a different jurisdiction /or rules /or is in another
> place. John Smith may comply with any demand to
> disclose his password but such a demand may not be
> effective for the third-party.
>
> John Smith can have the data, encrypted with a key
> controlled by his password, sitting on some Internet
> server somewhere. John S never carries the data
> and anyone finding the data does not know to whom it
> belongs to.
>
> John Smith can also use keys with short expiration
> dates in order to circumvent by delay tactics any
> demand to reveal their passwords, during which time
> the password expires.
>
> Of course, this is not really a safe heaven for
> criminals because criminal activity is often detected
> and evidenced by its "outside" effects, including
> tracing.
>
> Cheers,
> Ed Gerck
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
