
-----BEGIN PGP SIGNED MESSAGE----- On Mon, 15 Jul 1996, Mark O. Aldrich wrote:
Date: Mon, 15 Jul 1996 17:43:28 -0400 (EDT) From: "Mark O. Aldrich" <maldrich@grci.com> To: Deranged Mutant <WlkngOwl@unix.asb.com> Cc: Adam Back <aba@dcs.ex.ac.uk>, cypherpunks@toad.com Subject: Re: Opiated file systems
[Usefull stuff >/dev/null]
The payload of getting false data out of a crypto algorithm, such that the data looks "real", when a duress key is input to the algorithm is not something that I've seen approached in any reasonable manner. Probably because it's just too damn hard and the notion of "real looking" data is a little hard to define scientifically. A combination stego/crypto solution may be more appropriate, but close examination of the box is going to reveal what happened (assuming the desired solution must withstand some protracted forensics?). The nuke_the_data or nuke_the_keys solutions are easier to do, and have been implemented in several situations of which I am aware.
But, on the other hand, it wouldn't be to hard to have the user set both keys (yeah, so that didn't actually say anything, so what...), and then do an every-other-byte type thing (although that would be slow... every other block would be more efficient), and have 2 EFS's in one file, and make it so that on the "duress" one the extra space appears to be "free". One could make it a real file system, and add a fake disk error to prevent over-writing of the "non-duress" filesystem.
------------------------------------------------------------------------- |Just as the strength of the Internet is |Mark Aldrich | |chaos, so the strength of our liberty |GRCI INFOSEC Engineering | |depends upon the chaos and cacophony of |maldrich@grci.com | |the unfettered speech the First Amendment|MAldrich@dockmaster.ncsc.mil | |protects - District Judge Stewart Dalzell| | |_______________________________________________________________________| |The author is PGP Empowered. Public key at: finger maldrich@grci.com | | The opinions expressed herein are strictly those of the author | | and my employer gets no credit for them whatsoever. | -------------------------------------------------------------------------
This will sound odd, but did you know that "dockmaster" was the name of the NSA's first unclassified computer? just wondering.... ;) --Deviant -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMetbfTAJap8fyDMVAQGN7Af+Jck2zofxtJOBLuceEhGmaZwoodxGHITb PrdLwsrYVdWbyzhtmCy9iDm0cMh0BW6dRGXDQWml4Ed0ObAPBwQz4wwpbS+4OOBS VSsTQ+A5JctbxeaA24XPPCbVOLrCCFaWiNZacSft/hUPDn4etYPKwtVDFfFsKtWF VohL28TyLAskNUFarKKr1YFVAlZ632XZy9xEDXnNi7lDwj5cSHtCL89Kt0F8qSiq 6Qz+cfWmwpx4Pv/CyenTUHu+Q6orgxSGIY7hBGywcUzm4lRKmOJrzFjqjM3Af4dQ 78lasplnScvu2Pw6ofCxFBHpf0r4DH/XdeKH0BzKoQnBlu8X4bjg0A== =/T4e -----END PGP SIGNATURE-----