<deviant@pooh-corner.com> writes:
On Wed, 17 Jul 1996, Adam Back wrote:
A problem yes. My thoughts were that you would effectively have two filesystems and use them both yourself for real work. That is to say that you would say have some consulting work doing some programming or something, and use the 1st encrypted filesystem for this work. If this work was covered by an NDA, so much the better, as it would provide an understandable reason for encrypting.
Good Idea, but I also like the idea of selective-duress, i.e. not necisarily having a duress key at all.
That was my meaning: either 1 or 2 filesystems, at the users option, and for the file system to look the same to anyone not holding the 2nd key (if there is one) whether or not there is a 2nd hidden file system.
There's also an Idea me and Mouse had, which is to have a fault-tolerant duress system. Its something like this... You have a Duressfs and a Non-Duressfs. If they enter the duress key is entered wrong, but only by a certain percentage of characters (i.e. sex instead of hex), it lets you see the Duressfs. If you do this too many consecutive times, it runs the DuressNuke function (optional?).
More subtle than straight nuke the data, but still they'll have the backup, and the code to reverse-engineer. Another idea might be to have secret shared keys to your encrypted fs, so you can't access your file system without your friend(s) co-operation. That would give your friends an opportunity to nuke their share of the key before they got their dawn raid. You could automate the nuking, with some pre-arranged policy for key destruction (eg the computers could bounce messages off each other, and if this stops the key-portion gets nuked). However, the opposition is already one step ahead: simultaneous dawn raids were the fad during operation Sun-Devil, just in case of such schemes I presume. Adam -- #!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1 lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)