On 16 Jul 96 at 13:30, Jim Gillogly wrote:

"Deranged Mutant" <WlkngOwl@unix.asb.com> writes:

...

A problem with a c'punk-style encrypted fs with source code and wide distribution is, of course, that attackers will KNOW that there is a duress key.

Good point. This suggests a design desideratum for any such system should be that the user may choose not to have a duress key, maintaining semi-plausible deniability for those who choose to have one.

Semi-plausible. (See my other reply to this: an attacker could get ahold of the HD and your system, reverse engineer the driver used, to see what you're doing; backups of the encrypted partition in case of destructive measures are helpful ... they could even return your computer to you and take it apart carefully.) The problem with a duress key is that it relies on "security through obscurity". Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto) AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com> Send a message with the subject "send pgp-key" for a copy of my key.