On 12/22/2006 01:57 PM, Alex Alten wrote:

> I'm curious as to why the cops didn't just pull the plugs right away. 

Because that would be a Bad Idea.  In a halfway-well-designed
system, cutting the power would just do the secret-keepers' job
for them.

> It would probably
> take a while (minutes, hours?) to encrypt any significant amount of
> data.  

That's why you don't do it that way.  If you want it to work, you
use an encrypting disk system so that everything on disk (including
swap) is encrypted all the time, and gets decrypted "as needed" when
it is read.

> Not to
> mention, where is the master key? 

It should be in volatile unswappable RAM.  Cutting the power is one
way (among many) to obliterate it.  Overwriting it with randomness
suffices if there is any chance that the RAM might be non-volatile.
The time and cost of obliterating a key are negligible.

> The guy couldn't have jumped up and typed
> in a pass phrase to generate it in handcuffs? 

That's another reason why you don't do it that way.

> Even if it got erased,
> it's image could
> be recovered from a disk or RAM.  My understanding is that even
> tamperproof cards
> one can get keys from them with the right equipment from the right folks.

Once something is gone from RAM, it's really, really gone.  The circuit
structure and the laws of thermodynamics ensure it.  No power on earth
can do anything about that.

========================

There are, however, some things the cats can do to improve their chance of
success in this cat-and-mouse game.

  *) For starters, the cats must anticipate the possibility that the
   mice might try to secure their data.  The early-adopter mice benefit
   from a certain amount of security-through-obscurity, insofar as the
   cats have not heretofore fully appreciated the possibilities.

 *) The mice have a dilemma:  If they do not cache the passphrase somewhere,
  they will need to constantly re-enter it, which makes them vulnerable to
  shoulder-surfing, sophisticated key-loggers, unsophisticated rubber-hose
  methods, et cetera.  Conversely, if the mice do cache the passphrase for
  long periods of time, there is the possibility that the cats will capture
  the whole system intact, passphrase and all, and will be able to make a
  permanent copy of the passphrase before the system realizes that a compromise
  has occurred.  The cats can improve their chances by causing 
not-too-suspicious
  power failures and seeing how the mice handle the ensuing passphrase issues.
  The mice can improve their odds by ensuring good physical security, ensuring
  personnel reliability, providing easy-to-use panic buttons, rotating their
  passphrases, and so forth.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to