Deniable Thumbdrive?
John Kelsey
kelsey.j at ix.netcom.com
Sun Jan 26 19:39:48 PST 2003
At 06:05 PM 1/24/03 +0000, Ben Laurie wrote:
...
>Nice! Get them to cut _all_ your fingers off instead of just one.
>
>Just say no to amputationware.
This whole idea was talked to death many years ago on sci.crypt, and
probably before that other places. The good news is that it's not too hard
to come up with a design that lets you encrypt a large hard drive in such a
way that there's no way to determine how many "tracks" of secret data are
there. I believe one of Ross Anderson's students did a design for this; it
doesn't seem like a really hard problem to solve if you don't mind losing
most of your effective disk capacity. The bad news is that you *really*
need to think about your threat model before using it, since there's
necessarily no way for you to prove that there no more tracks of secret
data. It takes no imagination at all to think of ways you might end up
wishing you *could* convince someone you'd given them the key to all the
tracks.
IMO, the only way to do this kind of thing is to have the data, or at least
part of the key, stored remotely. The remote machine or machines can
implement duress codes, limits to the number ot password guesses allowed
per day, number of invalid password guesses before the thing just zeros out
the key and tells the person making the attempt it has done so, etc. Trust
me, you *want* the server to loudly announce that it will zero the key
irretrievably after the tenth bad password....
>Cheers,
>
>Ben.
--John Kelsey, kelsey.j at ix.netcom.com
More information about the cypherpunks-legacy
mailing list