On 2/19/2015 7:07 AM, Edward Ned Harvey (blu) wrote:
From: Discuss [mailto:discuss-bounces+blu=nedharvey....@blu.org] On
Behalf Of Rich Braun
Please, flippant answers like that aren't helpful.
No, Rich. Gordon is right. Your argument was "thug gets bank statement, holds gun to
head," and you want plausible deniability, which you lost at "thug gets bank
statement."
The tiny grain of truth in your argument was that by forcing you to log into
*any* password manager, they've gained access to *all* your stuff. Which is an
argument against using any password manager, or anything other than memorizing
different passwords for every site you ever use. So your argument was pretty
much bunk and the grain of truth is completely impossible to ever satisfy ...
except as Gordon said ... basically don't own anything.
Plausible deniability is important in some cases. Not compatible with a
password manager.
Nobody likes having to deal with thugs; it's a tragedy of the modern
age. I sympathize with those whom have had to bear that weight.
This is the awkward place that Alice and Bob arrive at whenever we have
to talk about security: cryptography-by-force is a recognized threat and
must be considered. That is why bank safes have time locks, why
safety-deposit boxes need two keys to open them, and why any effective
computer security system must assume that any single individual can be
compromised.
As far as the difference between password-locker programs and having
individual passwords in my head, I don't see the point of eschewing the
password-locker: I'm going to give a thug anything (s)he wants when my
life is threatened.
FWIW. YMMV.
Bill
--
E. William Horne
339-364-8487
_______________________________________________
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss
