[IP] more on Can you be compelled to give a password?

Ariel Waissbein wata.34mt at coresecurity.com
Mon Aug 7 10:31:15 EDT 2006 

Hi,

Please notice that a second "distress" password becomes useless if the
would-be user of this password has access to the binaries (that is, the
encrypted data), e.g., because he will copy them before inserting the
password and might even try to reverse-engineer the decryption software
before typing anything. So I'm not sure what is the setting here.

Cheers,
Ariel

Ed Gerck wrote:
> List,
> 
> the Subject says it all. This might be of interest
> here, for comments.
> 
> --------------------
> The answer is definitely NO even for the naive user,
> just requiring the tech-savvy for set up. Several
> examples are possible.
> 
> John Smith can set two passwords, one for normal use
> and the other when in distress. The distress password
> may simply announce that the data is expired or, more
> creatively, also make the data unreadable.
> 
> John Smith can also set two passwords, one of them
> unknown to him but known to a third-party (that
> John S does not have to trust) that is subject to
> a different jurisdiction /or rules /or is in another
> place. John Smith may comply with any demand to
> disclose his password but such a demand may not be
> effective for the third-party.
> 
> John Smith can have the data, encrypted with a key
> controlled by his password, sitting on some Internet
> server somewhere. John S never carries the data
> and anyone finding the data does not know to whom it
> belongs to.
> 
> John Smith can also use keys with short expiration
> dates in order to circumvent by delay tactics any
> demand to reveal their passwords, during which time
> the password expires.
> 
> Of course, this is not really a safe heaven for
> criminals because criminal activity is often detected
> and evidenced by its "outside" effects, including
> tracing.
> 
> Cheers,
> Ed Gerck
> 
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
> 

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list