From: dmandl@lehman.com (David Mandl)
To: Jim_Miller@suite.com
Message Hash: 4853e288145c533eb6c24fe80bd1069fb5a86533bdacb7c55258c4005e4c3a09
Message ID: <9311241437.AA07209@disvnm2.lehman.com>
Reply To: N/A
UTC Datetime: 1993-11-24 14:38:46 UTC
Raw Date: Wed, 24 Nov 93 06:38:46 PST
From: dmandl@lehman.com (David Mandl)
Date: Wed, 24 Nov 93 06:38:46 PST
To: Jim_Miller@suite.com
Subject: Re: strong crypto => increase in rubber-hose attacks?
Message-ID: <9311241437.AA07209@disvnm2.lehman.com>
MIME-Version: 1.0
Content-Type: text/plain
> From: jim@bilbo.suite.com (Jim Miller)
>
> Assume you use strong crypto to protect your secrets.
>
> Assume a lot of people start using crypto to protect their secrets.
>
> Assume there are people who want to discover these secrets.
>
> Might we some day see an increase in the number physical attacks as bad guys
> resort to rubber-hose methods to get at the keys that protect the secrets?
Maybe.
This doesn't change the need for strong crypto, though. It's a lot easier
to simply intercept someone's (unencrypted) electronic mail from the comfort
of your home/office than to send thugs over to her house to kneecap her.
Why make it easier for them than we have to?
The people who I consider to be the bad guys (governments, corporations)
don't have the time or resources to use physical violence against all of their
enemies, though of course they do use it against some. It's also bad PR (in
the USSR, this wouldn't have stopped them, of course). So if the ONLY means
available to the forces of evil were physical attacks, I wouldn't worry too
much. Not that physical attacks are pleasant, mind you, but that threat can
be addressed separately (as some folks have on this last have done in the last
few days).
It's also easier for us and harder for them if they're visible.
--Dave.
Return to November 1993
Return to “dmandl@lehman.com (David Mandl)”
1993-11-24 (Wed, 24 Nov 93 06:38:46 PST) - Re: strong crypto => increase in rubber-hose attacks? - dmandl@lehman.com (David Mandl)