[Cryptography] When your security is too secure

[Peter Gutmann]

Jon Callas <jon at callas.org> writes:

>The operational considerations include nervousness in the heat of the moment,
>and this ends up resembling a related bad idea, that of duress codes. Duress
>codes have the issue that when someone is genuinely under duress, that's the
>time they're most likely to make an error, particularly since they have not
>rehearsed nor practiced that code.

Many emergency-use-only systems are like that, they assume the user will be
able to fly the thing blind, to carry out a complex operation they've never
done before correctly the very first time while under stress.  There's some
point between dealing with a fire alwarm (find an exit, get out) and
overriding failsafes in an emergency where the ability of most humans to cope
breaks down.

Peter.