>Date: Tue, 3 Mar 2009 19:21:46 -0500 >From: David Shaw <ds...@jabberwocky.com> >Subject: Re: surrendering one's passphrase to authorities
>> Folks on this list have said for years that rubber-hose key >extraction >> is orders of magnitude faster than brute-force computation. > >... and cue the XKCD: http://www.xkcd.com/538/ well, here is another aspect of a 'crypto-nerd's' imagination ;-) : suppose the goal would be to design an encrypted laptop where even authorities willing to use torture, would concede that the contents are not decryptable and that no information would be obtainable by even the most effective torture, how would one go about it? possible suggestion: [1] encrypt the drive to a passphrase and also a smart-card (let's dream and make the smart-card 4k rsa or better ;-) ) (and as long as we're dreaming anyway ... ;-) ) [2] allow the smart-card to be identifiable by the laptop as the correct one, with a unique identifier code when inserted into the laptop [3] enable the smart-card with a data self-erase, and data self- destruct mechanism, but leaving the identifier intact [4] once the smart-card has the self-erase and self-destruct mechanism activated by the bearer, the laptop bearer can surrender the smart-card, the laptop reads it and reports: *** smart-card indentity verified *** *** smart-card passphrase unreadable *** *** smart-card 'Self-Destruct Hardware' (Tm, copyleft GPL) was activated *** smart-card no longer functional *** *** decryption no longer possible *** and while the authorities might be tempted to vengefully harm the bearer, it would be clear that they would be unable to access the laptop through torture vedaal any ads or links below this message are added by hushmail without my endorsement or awareness of the nature of the link -- Become a medical transcriptionist at home, at your own pace. http://tagline.hushmail.com/fc/BLSrjkqfMmf8sLiFIoOZL0LR8m6TVV6xrgEpMB2LlLbSjeejQXO92bUj0q8/ _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
