From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Thu, 18 Jul 1996 14:16:39 +0800
To: "Mark M." <markm@voicenet.com>
Subject: Re: Opiated file systems
Message-ID: <199607172125.RAA09158@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 16 Jul 96 at 19:21, Mark M. wrote:

> > A problem with a c'punk-style encrypted fs with source code and wide 
> > distribution is, of course, that attackers will KNOW that there is a 
> > duress key.
> 
> I don't see how this would effect the security of such a filesystem.  There
> is absolutely nothing that an attacker can do to get the real key.  An attacker
> would just ignore all computers that have duress key capability.

1. Confiscate computer (along with physical drive) with duress-capable
encrypted file system; 2. back up the encrypted sectors; 3. reverse-engineer file 
system driver to figure out how the duress-key works, if there are 
multiple keys, where data is stored; 4. make sure you've rubber-hosed 
or subpeoned all passphrases or keys; 4a. if the system destroys data, 
you've got backups ("Very funny kiddo; now give us the real key...")
4b. even if there are two filesystems, the attacker will want access 
to both, just to make sure...

Duress keys rely on a form of security through obscurity.

They make sense for real-time situations where the attacker has to 
rush in, gain access quickly, and leave real fast (ie, bank 
robberies).   If the attacker has plenty of time, he can prepare for 
that possibility.

Rob
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.