Opiated file systems
Deranged Mutant
WlkngOwl at unix.asb.com
Wed Jul 17 23:16:39 PDT 1996
On 16 Jul 96 at 19:21, Mark M. wrote:
> > A problem with a c'punk-style encrypted fs with source code and wide
> > distribution is, of course, that attackers will KNOW that there is a
> > duress key.
>
> I don't see how this would effect the security of such a filesystem. There
> is absolutely nothing that an attacker can do to get the real key. An attacker
> would just ignore all computers that have duress key capability.
1. Confiscate computer (along with physical drive) with duress-capable
encrypted file system; 2. back up the encrypted sectors; 3. reverse-engineer file
system driver to figure out how the duress-key works, if there are
multiple keys, where data is stored; 4. make sure you've rubber-hosed
or subpeoned all passphrases or keys; 4a. if the system destroys data,
you've got backups ("Very funny kiddo; now give us the real key...")
4b. even if there are two filesystems, the attacker will want access
to both, just to make sure...
Duress keys rely on a form of security through obscurity.
They make sense for real-time situations where the attacker has to
rush in, gain access quickly, and leave real fast (ie, bank
robberies). If the attacker has plenty of time, he can prepare for
that possibility.
Rob
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto)
AB1F4831 1993/05/10 Deranged Mutant <wlkngowl at unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.
More information about the Testlist
mailing list