1996-07-19 - Re: Opiated file systems

Header Data

From: Adam Back <aba@dcs.ex.ac.uk>
To: deviant@pooh-corner.com
Message Hash: b43dd1f849905e67d7b6fbcef1869c3dbc1ab32b3a6e8839f9cd51f85f891d89
Message ID: <199607182215.XAA00331@server.test.net>
Reply To: <Pine.LNX.3.94.960718015546.9976B-100000@switch.sp.org>
UTC Datetime: 1996-07-19 02:41:49 UTC
Raw Date: Fri, 19 Jul 1996 10:41:49 +0800

Raw message

From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 19 Jul 1996 10:41:49 +0800
To: deviant@pooh-corner.com
Subject: Re: Opiated file systems
In-Reply-To: <Pine.LNX.3.94.960718015546.9976B-100000@switch.sp.org>
Message-ID: <199607182215.XAA00331@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain



<deviant@pooh-corner.com> writes:
> On Wed, 17 Jul 1996, Adam Back wrote:
> > A problem yes.  My thoughts were that you would effectively have two
> > filesystems and use them both yourself for real work.  That is to say
> > that you would say have some consulting work doing some programming or
> > something, and use the 1st encrypted filesystem for this work.  If
> > this work was covered by an NDA, so much the better, as it would
> > provide an understandable reason for encrypting.
> 
> Good Idea, but I also like the idea of selective-duress, i.e. not
> necisarily having a duress key at all.

That was my meaning: either 1 or 2 filesystems, at the users option,
and for the file system to look the same to anyone not holding the 2nd
key (if there is one) whether or not there is a 2nd hidden file system.

> There's also an Idea me and Mouse had, which is to have a fault-tolerant
> duress system.  Its something like this...  You have a Duressfs and a
> Non-Duressfs.  If they enter the duress key is entered wrong, but only by
> a certain percentage of characters (i.e. sex instead of hex), it lets you
> see the Duressfs.  If you do this too many consecutive times, it runs the
> DuressNuke function (optional?).

More subtle than straight nuke the data, but still they'll have the
backup, and the code to reverse-engineer.

Another idea might be to have secret shared keys to your encrypted fs,
so you can't access your file system without your friend(s)
co-operation.  That would give your friends an opportunity to nuke
their share of the key before they got their dawn raid.  You could
automate the nuking, with some pre-arranged policy for key destruction
(eg the computers could bounce messages off each other, and if this
stops the key-portion gets nuked).

However, the opposition is already one step ahead: simultaneous dawn
raids were the fad during operation Sun-Devil, just in case of such
schemes I presume.

Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)





Thread