Patrick Cahalan wrote: > A> Second, I wanted to add three additional vectors that could > A> be used to compromise almost any data in any state of > A> being - rubber hose cryptography by thugs or economic > A> criminals, threatened torture or death of a loved one, and > A> finally the types of torture represented by extreme > A> rendition, Abu Ghraib, and Guantanamo. > > RJ> Allen, the threat of an AK47 PIN extraction tool cannot be > RJ> overlooked, although thankfully it is not a serious threat > RJ> for most people. In such an environment, unless some other > RJ> mechanism is provided, the use of a "duress" PIN should be > RJ> considered - one that would cause immediate zeroization of > RJ> the keys. > > Given the proper user scenario, this can be workable. However, it is > equivalent to giving the cyanide pill to your secret agent -> you're > still relying upon the captured agent to decide (a) he's caught (b) > escape is not feasible (c) irresistible torture is coming and > therefore DEATH BEFORE DISHONOR.
Actually, how about a three time error lock/zeroization? What you do is mistype because of the stress of them holding the M16 to your head and a message pops up that says something like: "This is a high security computer. You have entered an incorrect username or password. This computer will be locked for thirty minutes before a retry will be allowed. If three failures occur within 24 hours the data will be locked until an authorized Security Agent can be located to reset the username and password." If the password was a thirty+ character string the odds of getting it right in the first place are not all that good when the stress level is high. Or, a far more elegant solution would be to have a preloaded section of preloaded bogus "secret" data that the entry of one pin code reveals the real data, and the other code the bogus. Have the bogus section update in the background when the computer is running under the regular code and is connected to the net. So then you hand over the bogus PIN code and they get the bogus data. Can they tell the difference? Possibly, given human error. Look at the funny psyops errors that have occurred throughout human history. Best, Allen _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
