[IP] more on Can you be compelled to give a password?

[Ed Gerck]

Ariel Waissbein wrote:

> Please notice that a second "distress" password becomes useless if the
> would-be user of this password has access to the binaries (that is, the
> encrypted data), e.g., because he will copy them before inserting the
> password and might even try to reverse-engineer the decryption software
> before typing anything. So I'm not sure what is the setting here.

The worst-case setting for the user is likely to be when the coercer can
do all that you said and has the time/resources to do them. However, if
the distress password is strong (ie, not breakable within the time/resources
available to the coercer), the distress password can be used (for example)
to create a key that decrypts a part of the code in the binary data that
says the distress password expired at an earlier date -- whereas the access
password would create a key that decrypts another part of the code.

There are other possibilities as well. For example, if the binary data
contains code that requires connection to a server (for example, to supply
the calculation of some function), that server can prevent any further
access, even if the access password is entered, after the distress password
is given. The data becomes inaccessible even if the coercer has the binary data.

Another possibility is to combine the above with threshold cryptography.

Cheers,
Ed Gerck

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com