[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Subject: [IP] more on Can you be compelled to give a password?
Begin forwarded message: From: Ed Gerck <edgerck@nma.com> Date: August 8, 2006 5:49:21 PM EDT To: Ariel Waissbein <wata.34mt@coresecurity.com> Cc: Cryptography <cryptography@metzdowd.com> Subject: Re: [IP] more on Can you be compelled to give a password? Ariel Waissbein wrote:
Please notice that a second "distress" password becomes useless if thewould-be user of this password has access to the binaries (that is, theencrypted data), e.g., because he will copy them before inserting thepassword and might even try to reverse-engineer the decryption softwarebefore typing anything. So I'm not sure what is the setting here.
The worst-case setting for the user is likely to be when the coercer can do all that you said and has the time/resources to do them. However, ifthe distress password is strong (ie, not breakable within the time/ resources available to the coercer), the distress password can be used (for example)
to create a key that decrypts a part of the code in the binary data thatsays the distress password expired at an earlier date -- whereas the access
password would create a key that decrypts another part of the code. There are other possibilities as well. For example, if the binary datacontains code that requires connection to a server (for example, to supply
the calculation of some function), that server can prevent any furtheraccess, even if the access password is entered, after the distress password is given. The data becomes inaccessible even if the coercer has the binary data.
Another possibility is to combine the above with threshold cryptography. Cheers, Ed Gerck --------------------------------------------------------------------- The Cryptography Mailing ListUnsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
------------------------------------- To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Powered by eList eXpress LLC