[Cryptography] stegophone (was: escalating threats to privacy)
Richard Outerbridge
outer at interlog.com
Wed Mar 29 23:18:08 EDT 2017
> On 2017-03-29 (88), at 19:27:55, Michael Marking <marking at tatanka.com> wrote:
>
> On Wed, Mar 29, 2017 at 12:39:45PM -0700, John Denker via cryptography wrote:
>> Date: Wed, 29 Mar 2017 12:39:45 -0700
>> From: John Denker via cryptography <cryptography at metzdowd.com>
>> To: cryptography at metzdowd.com
>> Subject: [Cryptography] stegophone (was: escalating threats to privacy)
>>
>> [...]
>> What I would like to see is something very simple, which I call a
>> stegophone, although the idea applies to all devices, including
>> laptops, not just phones. The specifications are as follows:
>> *) There are two passcodes: one for normal use, and one for duress.
>> *) Unlocking the phone using the normal passcode results in a completely
>> normal phone.
> […]
[….]
> This is a problem I haven't seen addressed, even by people like
> Blackphone.
>
> But it's a great idea, I'd love to see it implemented, and I'd sign up
> for some part of it myself.
Blackphone does provide for Remote Wipe, so if you leave your Remote
Wipe credentials with, say, your lawyer, and she doesn’t hear from you
at least once, say, every 24 hours…
> The two-key app suggested by John Denker, though, is a nearly flawless
> idea if you make the decoy key trigger suicide: if you enter the wrong
> passphrase, then the memory is scrambled, and you have to restore from
> backup.
What about two modes of operation? If the phone is not unlocked within,
say, eight hours of when it was last unlocked, next time it wakes up it wipes
itself, period. If unlocked with the Distress PIN/password it wipes immediately.
Hiding the App is still a problem.
__outer
More information about the cryptography
mailing list