Hi, Please notice that a second "distress" password becomes useless if the would-be user of this password has access to the binaries (that is, the encrypted data), e.g., because he will copy them before inserting the password and might even try to reverse-engineer the decryption software before typing anything. So I'm not sure what is the setting here.
Cheers, Ariel Ed Gerck wrote: > List, > > the Subject says it all. This might be of interest > here, for comments. > > -------------------- > The answer is definitely NO even for the naive user, > just requiring the tech-savvy for set up. Several > examples are possible. > > John Smith can set two passwords, one for normal use > and the other when in distress. The distress password > may simply announce that the data is expired or, more > creatively, also make the data unreadable. > > John Smith can also set two passwords, one of them > unknown to him but known to a third-party (that > John S does not have to trust) that is subject to > a different jurisdiction /or rules /or is in another > place. John Smith may comply with any demand to > disclose his password but such a demand may not be > effective for the third-party. > > John Smith can have the data, encrypted with a key > controlled by his password, sitting on some Internet > server somewhere. John S never carries the data > and anyone finding the data does not know to whom it > belongs to. > > John Smith can also use keys with short expiration > dates in order to circumvent by delay tactics any > demand to reveal their passwords, during which time > the password expires. > > Of course, this is not really a safe heaven for > criminals because criminal activity is often detected > and evidenced by its "outside" effects, including > tracing. > > Cheers, > Ed Gerck > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] > --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
