On 18 Jul 96 at 11:01, Adam Back wrote:
For plausibility it would probably be best if very few people used the duress key feature.
And how can you guarantee that? Also: an attacker doesn't care about what percentage of (other) users use duress feature of not. His concern is whether you use it. Note that you'd have to be careful of what you say and do over email in the clear (or encrypted to someone cooperating with an attacker): if you post an excerpt of source code or maybe somehting like Edupage, or if you save mail, there might be reason enough for the attacker to expect to see some of that on your encrypted fs after he's rubber-hosed your key from you. If he doesn't, and he knows you have a possibility of using the duress-key feature... Oh yeah. Psychology is a good way of determining the likelihood of using a duress system. With the extra work and overhead of a duress system, you're better off using stego on some gifs or graphics files. Rob --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto) AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com> Send a message with the subject "send pgp-key" for a copy of my key.