[Cryptography] stegophone

iang iang at iang.org
Mon Apr 3 00:37:15 EDT 2017 

On 29/03/2017 15:39, John Denker via cryptography wrote:

> Here's yet another major threat to privacy:  In the context of
> warrantless and suspicionless searches, on 02/25/2017 08:26 AM,
> Ian G wrote:
> ...
>> which means we will now start thinking about 'duress' devices which
>> will further complicate everyone's life.
> ...
> What I would like to see is something very simple, which I call a
> stegophone, although the idea applies to all devices, including
> laptops, not just phones.  The specifications are as follows:
>   *) There are two passcodes:  one for normal use, and one for duress.
>   *) Unlocking the phone using the normal passcode results in a completely
>    normal phone.
>   *) Unlocking it with the other passcode results in a sanitized phone:

Right, this is what I meant by a 'duress' device.  But when I say this 
will further complicate everyone's life, it is because I suspect that 
such a design doesn't work _in practice_.  By which I mean, when grandma 
as owner of the device is faced by (a) customs or (b) extortionist or 
(c) burglar or (d) husband, she has a low probability of operating the 
device, *and* carrying off that there is no secret or stegophonic mode.


> Consider the following threat scenario:
>    Suppose the adversary grabs you by the neck and takes your phone
>    by force, then demands that you hand over the passphrase.  Further
>    suppose that your normal passcode is constructed using diceware:
>      https://xkcd.com/936/
>    and your duress passcode is constructed using the Blackberry method,
>    i.e. a full-length cyclic permutation of the normal passcode.  Now
>    you are screwed, because it will stick out like a sore thumb:
>       orrectHorseBatteryStapleC
>
> Therefore the duress passcode MUST be constructed independently.  It
> MUST NOT follow the Blackberry example.
>
> Also, it must be easy to remember, even in a panic situation.

Depending on the nature of the attacker, her fear and confusion in 
getting it wrong could be damning, could indeed be much worse than if 
she just handed the whole open phone over.  Interrogators, prosecutors, 
border guards are trained in spotting stress.  Is grandma?

iang

More information about the cryptography mailing list