-----BEGIN PGP SIGNED MESSAGE----- On Wed, 17 Jul 1996, Adam Back wrote:
Date: Wed, 17 Jul 1996 12:03:46 +0100 From: Adam Back <aba@dcs.ex.ac.uk> To: jpb@miamisci.org Cc: maldrich@grci.com, deviant@pooh-corner.com, WlkngOwl@unix.asb.com, cypherpunks@toad.com, aba@dcs.ex.ac.uk Subject: Re: Opiated file systems
Joseph Block <jpb@miamisci.org> writes:
At 10:44 AM -0400 7/16/96, Mark O. Aldrich wrote:
One problem, however, would be how to keep the "decoy" data, accessible with only the ambush key, "fresh" in that it must undergo a certain amount of turbulence to appear real.
A problem yes. My thoughts were that you would effectively have two filesystems and use them both yourself for real work. That is to say that you would say have some consulting work doing some programming or something, and use the 1st encrypted filesystem for this work. If this work was covered by an NDA, so much the better, as it would provide an understandable reason for encrypting.
Good Idea, but I also like the idea of selective-duress, i.e. not necisarily having a duress key at all.
The two file systems would essentially have to mirror each other, one with the juicy bits and one with the decoy bits. It would seem to be practically impossible to just build two file systems as one would 'disappear' when only the ambush key was used. Wouldn't it be sort of obvious that something was wrong if half the disk vanished?
I don't think nuking the data is the way to go, from what I understand of the way these things work, is that they kick down the door in the dead of night and make sure you don't get to touch the equipment. Also they'd be sure to take a sector level backup of the drive as a first step.
I have several friends that this has happened to, and pretty much it goes like this... round 7:00 AM, when your just going to bed (well, some of us don't have jobs till nighttime.. thank god.), they knock down your doors and windows (yes, they do come through windows), and they take the equipment, disks, tv's, CD players (yes, i know somebody who had their CD player taken. And a pile of CDs. Music ones even.), clock radios, pretty much everything electronic they can cary. If you ever DO get any of it back, most likely it is not the same equipment, i.e. they coppied it all and kept the original. I do agree that nuking the data isn't the way to go. Most of the time if you crypted something, you're probably gonna want it back. There's also an Idea me and Mouse had, which is to have a fault-tolerant duress system. Its something like this... You have a Duressfs and a Non-Duressfs. If they enter the duress key is entered wrong, but only by a certain percentage of characters (i.e. sex instead of hex), it lets you see the Duressfs. If you do this too many consecutive times, it runs the DuressNuke function (optional?). If you put the Duress key in correctly it runs the DuressNuke function. If you put the secret key in, it gives you the non-Duress version. that way if they didn't beleive you're "near-duress" key, you can give them the actual duress key to nuke the data. Just an idea. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMe2dpzAJap8fyDMVAQF4tgf9F0urSb+4D/Cwl4eb4Y5t1FeGEt5FEmDZ irKOo8ndGj22f0Qb3QEaAaVz85t41YG85FuG3eTsTEUDQmKi/YSqvlo0zgaIJ0tb /xLMSiFWEWoekxChzXoJtR8XSVc+wOmxLSBWCa73JjU4YPdYLtYdgK2C0E3wNfWF WoSGe18FnejnrdvSnlF2rpF1wFgYnRrArlRvCZpmDp8bZAhm0rhLqOZ7MyVoUBjA TKPzNVtskEYsNWQZ6eMrIJHHCUEzQ7IrUoWjP5v4QOQOxngijkgkpZZINMvVCp/e k7aoot75XoUk23cPgGucR63r8jz+T1s/usBxuIYSE7ZujnpJ+Q10rA== =/nXP -----END PGP SIGNATURE-----