Semi-Deniable Thumbdrive...
Tyler Durden
camera_lumina at hotmail.com
Mon Jan 27 07:04:48 PST 2003
>I think the best way to think about any biometric is as a very cheap,
> >moderately hard to copy identification token. Think of it like a good
> >ID card that just happens to be very hard to misplace or lend to your
> >friends.
Well, if I was smuggling capacitors into Iraq I certainly wouldn't use a
thumbdrive!
But the above is pretty much the way I see it: 'reglar' folks can't 'figure
out' my thumbprint, and couldn't use binoculars or whatever to see my
password.
More importantly, I don't have a lot of time to try to come up with some
soft/hard gadget on my own these days. I pretty much need to be able to BUY
something and come up to speed pretty quickly on how to use it. I need it
like sex: cheap/dirty/fast. I can't really spend a lot of time worrying
about some hyper-evil, hyper-powerful fed (just yet).
Aside from the deniability aspect, another "upgrade" would be for me to be
able to use my thumbprint as a PGP password. Then this thumbdrive wouldn't
be readable via some off-the-shelf pin reader that any helpdesk knucklehead
could buy.
SO both of these upgrades might be available by fairly simple hacks, or by
pestering Trek for them. I wouldn't have to spend a few weeks down in
Dexter's laboratory coming up with a completely new, God-proof device. And
then as further easy upgrades become available, I'll grab 'em. And who
knows? With enough little hacks, some gadgets may eventually morph into
inexpensive but quite fierce little black boxes. (As guitarist Robert Fripp
has said: "Incremental changes are transformative.")
-TD
Cheap, fast, easy, and MASSIVELY scalability: that's the real end-run.
>From: John Kelsey <kelsey.j at ix.netcom.com>
>To: Eugen Leitl <eugen at leitl.org>, Thomas Shaddack
><shaddack at ns.arachne.cz>
>CC: Ben Laurie <ben at algroup.co.uk>, Tyler Durden
><camera_lumina at hotmail.com>, <cypherpunks at minder.net>
>Subject: Re: Deniable Thumbdrive?
>Date: Sun, 26 Jan 2003 22:16:52 -0500
>
>At 10:06 PM 1/24/03 +0100, Eugen Leitl wrote:
>...
>>Frankly, the fingerprint is a lousy secret: you leak it all over the
>>place. You can't help it, unless you're wearing gloves all the time. Ditto
>>DNA.
>
>That's generally true of biometrics. Unless taking the measurement is so
>intrusive it's obvious when it's taken (e.g., maybe the geometry of your
>sinus cavities or some such thing that requires a CAT scan to measure
>properly), there's no secret. People constantly seem to get themselves in
>trouble trying to use biometrics in a system as though they were secret.
>
>The best you can usually do is to make it moderately expensive and
>difficult to actually copy the biometric in a way that will fool the
>reader. But this is really hard. In fact, making special-purpose devices
>that are hard to copy or imitate is pretty difficult. It seems enormously
>harder to find a hard-to-copy, easy-to-use "token" that just happens to
>come free with a normal human body.
>
>I think the best way to think about any biometric is as a very cheap,
>moderately hard to copy identification token. Think of it like a good ID
>card that just happens to be very hard to misplace or lend to your friends.
>
>--John Kelsey, kelsey.j at ix.netcom.com
_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE*
http://join.msn.com/?page=features/virus
More information about the cypherpunks-legacy
mailing list