-----BEGIN PGP SIGNED MESSAGE----- - -> From: "Alan (Miburi-san) Wexelblat" <wex@media.mit.edu> To: cypherpunks@toad.com Subject: Give me your password- OR ELSE! It seems like it would be relatively simple to program in a sort of dead-man switch at the time of creation of the secret key. [...] As you can imagine, there are increasing levels of personal security you might employ. For example, using the duress phrase might be set up to change the pass-phrase to something *you* don't know but which is known by a trusted other party (wife, mother, agent/lawyer, etc.). Knowing this phrase doesn't help them since that phrase can't access your secret until *after* you've given the duress phrase and the software has disabled your normal access phrase. <- The problem with the duress phrase seems to be this: One would use such a phrase when physical site security had been compromised no? Let's assume government types (which seems to be the hint I get when you suggest the alternate pass phrase being held by your lawyer. It's fairly easy to duplicate the key and stick it somewhere on a floppy and try the passwords extracted from you via rubber hose method on the copy rather than the original. In fact, if people being to use duress codes, it seems that this would become standard practice, if it's not already. In as far as the idea behind a duress code is to keep you from being beaten repeatedly by making it impossible for you to decode the information alone, copying the encrypted key defeats this method. :( - -> - --Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard Media Lab - Advanced Human Interface Group wex@media.mit.edu Voice: 617-258-9168, Pager: 617-945-1842 PUBLIC KEY available by request "To pleasure!" "To passion!" "To paradise!" "To pain!" "Tonight!" <- -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLPmWBhibHbaiMfO5AQEQuQQApDtaIxVjjZvdUYD9Jl6FZGdq62SpPM+y KMqsIvSOhPOK2kOsoAyLuIN4+bXVUyTHiAkYX/ye2q2gqj9yrOLvkGyH6yak5YFi xoOCYx6qGScHeoqwpJKoRTTwUjAo79ZmXupA+ylX527eQDILwZJa+W+wSln/rXhG zajsBTeG/mw= =B4y+ -----END PGP SIGNATURE-----