At 06:05 PM 1/24/03 +0000, Ben Laurie wrote: ...
This whole idea was talked to death many years ago on sci.crypt, and probably before that other places. The good news is that it's not too hard to come up with a design that lets you encrypt a large hard drive in such a way that there's no way to determine how many "tracks" of secret data are there. I believe one of Ross Anderson's students did a design for this; it doesn't seem like a really hard problem to solve if you don't mind losing most of your effective disk capacity. The bad news is that you *really* need to think about your threat model before using it, since there's necessarily no way for you to prove that there no more tracks of secret data. It takes no imagination at all to think of ways you might end up wishing you *could* convince someone you'd given them the key to all the tracks.Nice! Get them to cut _all_ your fingers off instead of just one.Just say no to amputationware.
IMO, the only way to do this kind of thing is to have the data, or at least part of the key, stored remotely. The remote machine or machines can implement duress codes, limits to the number ot password guesses allowed per day, number of invalid password guesses before the thing just zeros out the key and tells the person making the attempt it has done so, etc. Trust me, you *want* the server to loudly announce that it will zero the key irretrievably after the tenth bad password....
Cheers, Ben.
--John Kelsey, [EMAIL PROTECTED]
