From: Black Unicorn <unicorn@access.digex.net>
To: cypherpunks@toad.com
Message Hash: 0e931bcbf4e2903320f705cde89b23e4bdf89bb05b0d92fd51dd104fb708073f
Message ID: <199311290629.AA06511@access.digex.net>
Reply To: N/A
UTC Datetime: 1993-11-29 06:30:09 UTC
Raw Date: Sun, 28 Nov 93 22:30:09 PST
From: Black Unicorn <unicorn@access.digex.net>
Date: Sun, 28 Nov 93 22:30:09 PST
To: cypherpunks@toad.com
Subject: Dead mans stick
Message-ID: <199311290629.AA06511@access.digex.net>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
- ->
From: "Alan (Miburi-san) Wexelblat" <wex@media.mit.edu>
To: cypherpunks@toad.com
Subject: Give me your password- OR ELSE!
It seems like it would be relatively simple to program in a sort of dead-man
switch at the time of creation of the secret key.
[...]
As you can imagine, there are increasing levels of personal security you
might employ. For example, using the duress phrase might be set up to
change the pass-phrase to something *you* don't know but which is known by a
trusted other party (wife, mother, agent/lawyer, etc.). Knowing this phrase
doesn't help them since that phrase can't access your secret until *after*
you've given the duress phrase and the software has disabled your normal
access phrase.
<-
The problem with the duress phrase seems to be this:
One would use such a phrase when physical site security had been
compromised no?
Let's assume government types (which seems to be the hint I get when
you suggest the alternate pass phrase being held by your lawyer.
It's fairly easy to duplicate the key and stick it somewhere
on a floppy and try the passwords extracted from you
via rubber hose method on the copy rather than the original.
In fact, if people being to use duress codes, it seems that this would
become standard practice, if it's not already.
In as far as the idea behind a duress code is to keep you from being
beaten repeatedly by making it impossible for you to decode the
information alone, copying the encrypted key defeats this method.
:(
- ->
- --Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard
Media Lab - Advanced Human Interface Group wex@media.mit.edu
Voice: 617-258-9168, Pager: 617-945-1842 PUBLIC KEY available by request
"To pleasure!" "To passion!" "To paradise!" "To pain!" "Tonight!"
<-
-----BEGIN PGP SIGNATURE-----
Version: 2.3
iQCVAgUBLPmWBhibHbaiMfO5AQEQuQQApDtaIxVjjZvdUYD9Jl6FZGdq62SpPM+y
KMqsIvSOhPOK2kOsoAyLuIN4+bXVUyTHiAkYX/ye2q2gqj9yrOLvkGyH6yak5YFi
xoOCYx6qGScHeoqwpJKoRTTwUjAo79ZmXupA+ylX527eQDILwZJa+W+wSln/rXhG
zajsBTeG/mw=
=B4y+
-----END PGP SIGNATURE-----
Return to November 1993
Return to “Black Unicorn <unicorn@access.digex.net>”
1993-11-29 (Sun, 28 Nov 93 22:30:09 PST) - Dead mans stick - Black Unicorn <unicorn@access.digex.net>