[Cryptography] Rubber-hose resistance?

Matt Palmer matt at hezmatt.org
Wed Dec 20 00:05:10 EST 2017


On Wed, Dec 20, 2017 at 01:49:28AM +0000, Peter Gutmann wrote:
> Howard Chu <hyc at symas.com> writes:
> >Peter Gutmann wrote:
> >> I cross borders with a wiped-clean laptop and scp in anything
> >> work-related that I need once I get there.  That seems to be a common strategy
> >> among IT-savvy travellers who are worried about travelling with
> >> NDA'd/commercially sensitive material.
> >
> >I do this too. But just out of curiosity, what do you use for ssh credentials
> >when traveling?
> 
> A password.  That's the one thing that's completely deniable (when it's used,
> as in this case, to scp something over from some random server at some random
> IP address).

Do you take into account the possibility of MitM attacks post-border
crossing, by making a record of the remote host key?  And if so, how?  Or is
your threat model focused on the border itself, and you don't have to worry
so much about on-going attacks thereafter?

- Matt



More information about the cryptography mailing list