From: “Philippe Nave” <pdn@dwroll.dw.att.com>
To: cypherpunks@toad.com
Message Hash: d556ed4e62fab04a357d81227ca6a0b26a1bbc48ab1acaf7e55d24aa2dd22c69
Message ID: <9311240450.AA01367@toad.com>
Reply To: <9311240019.AA06621@bilbo.suite.com>
UTC Datetime: 1993-11-24 04:53:04 UTC
Raw Date: Tue, 23 Nov 93 20:53:04 PST
From: "Philippe Nave" <pdn@dwroll.dw.att.com>
Date: Tue, 23 Nov 93 20:53:04 PST
To: cypherpunks@toad.com
Subject: Give me your password- OR ELSE!
In-Reply-To: <9311240019.AA06621@bilbo.suite.com>
Message-ID: <9311240450.AA01367@toad.com>
MIME-Version: 1.0
Content-Type: text/plain
Jim Miller writes :
>
> Assume you use strong crypto to protect your secrets.
>
> Assume a lot of people start using crypto to protect their secrets.
>
> Assume there are people who want to discover these secrets.
>
>
> Might we some day see an increase in the number physical attacks as bad guys
> resort to rubber-hose methods to get at the keys that protect the secrets?
>
I think this phenomenon is more or less inevitable, unless serious thought
is given to a way to prevent it. Let's take a simple example and progress
to a more complex scenario:
If I want your money, I could steal your ATM card and try to deduce the PIN
number (tough), or I could wait in the bushes with a .44 until you use the
ATM and either steal the money you get out (easy) or convince you to tell me
the PIN number (harder, although a .44 is remarkably persuasive). However,
it's easy for you to lock me out of your accounts by changing the PIN number
the next day - to get continued access to your account, I'd have to get the
PIN number and then kill you (begging your pardon, of course). Even if I did
all that, all I'd have is a bank account. Hardly worth it.
If I want your *life* (metaphorically speaking; your network connections, your
digicash, your 'reputation capital', etc.) and all I have to do to get it is
beat your PGP pass phrase out of you and kill you afterwards, you're in much
more danger. I could lie in wait, get your pass phrase, (ahem) remove the
evidence, and step into your net.shoes the next day.
Bottom line: As the value protected by our encryption systems increases, we
must devote more effort to the solution of problems like the thug with the .44
(or the jealous co-worker; insert favorite bogey-man here) who wants our
password. Key revocation certificates are nice, for example, assuming you are
able to issue one - 'dead men revoke no keys,' however. Duress codes seem
like a better deal; even though the enemy may kill you after you give him
a code that (seemingly) works, your 'estate' would be protected. What we
*really* need is a hat trick that makes strong-arm tactics useless -
any ideas? When the tactic of beating a pass phrase out of a citizen becomes
as stupid as killing for a PIN number, we'll know we've succeeded.
<Shudder>
Damn! My coffee's gone cold. I'm off to get a refill- talking about killing
people has given me a definite chill. Not my favorite topic.
........................................................................
Philippe D. Nave, Jr. | The person who does not use message encryption
pdn@dwroll.dw.att.com | will soon be at the mercy of those who DO...
Denver, Colorado USA | PGP public key: by arrangement.
Return to November 1993
Return to “szabo@netcom.com (Nick Szabo)”