[Cryptography] Rubber-hose resistance?
Tom Mitchell
mitch at niftyegg.com
Wed Dec 20 15:37:34 EST 2017
On Tue, Dec 19, 2017 at 5:49 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz>
wrote:
> Howard Chu <hyc at symas.com> writes:
> >Peter Gutmann wrote:
> >> I cross borders with a wiped-clean laptop and scp in anything
> >> work-related that I need once I get there. That seems to be a common
> strategy
> >> among IT-savvy travellers who are worried about travelling with
> >> NDA'd/commercially sensitive material.
> >
> >I do this too. But just out of curiosity, what do you use for ssh
> credentials
> >when traveling?
>
> A password. That's the one thing that's completely deniable (when it's
> used,
> as in this case, to scp something over from some random server at some
> random
> IP address).
This I like... start with a single password.
A little raspberry pi can host multiple web servers by name and on a list
of ports 80, 82, 84.
Or knock knock on the login port to enable a login or scp on that port+N.
There are numerous tools that lockout attempts to login for a specific name
and those scripts could do more, even the reverse and open a port.
Next scp a nicely locked private key file that you can recover the key to
with a pad and pencil cypher. HTTPS and HTTP can be moved to about any port.
multiple machines, chroot or virtual machines...
Login to a gateway machine then into one of many behind that apparently
paper thin but
opaque wall.
Time windows. port+hour=PortToUse ; port+min=PortToUse || knock.
Call the office... hello Bob in IT. I am safe in Moscow/HotelName with
Art/Arthur please open
a port and VPN for me. Bob knows the code phrases to validate or not.
Should have been Carol.
Login has the notion of the message of the day which could be part of a
passphrase.
Companies can protect their data... they need a policy employees can grock
and follow first.
One class of data that needs special handling is the transfer of shared
secrets.
Shared secrets for company data links are interesting topics for the rubber
hose crowd.
Modern clocks allow a lot of time of day tricks for software and users.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20171220/1eea576f/attachment.html>
More information about the cryptography
mailing list