The following appears to be a bone fide case of a threat model in action against the PGP program.
...
Two comments:
a. It sure seems like it would be a pain to enter a long passphrase on one of these things, so that seems like the most plausible attack. But I agree that it would be nice to know more about actual fielded attacks. (The problem is that if you're actually using them to gather information, you won't want to disclose your methods.)
b. A nasty (likely to backfire) trick would be to generate a long random password, use it to encrypt a bunch of data, and then forget the password. Something as simple as the MD5 of the results of typing into a buffer for a couple minutes would do fine. No attacker will ever guess it. Of course, the judge may not believe you when you explain why you don't know those passwords, and the cops may try to beat the answers out of you if they're convinced enough that you're a bad guy....
--John Kelsey, [EMAIL PROTECTED] PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
