On 8/8/06, Ed Gerck [EMAIL PROTECTED] wrote:
The worst-case setting for the user is likely to be when the coercer can
do all that you said and has the time/resources to do them. However, if
the distress password is strong (ie, not breakable within the time/resources
available to the coercer),
On 8/9/06, Ed Gerck [EMAIL PROTECTED] wrote:
A debugger cannot decrypt without the key, which is produced only
with the access password.
Ah okay.
By the way, an interesting link from Schneier's blog, mentions
copyright and randomly-generated numbers:
On 8/8/06, Travis H. [EMAIL PROTECTED] wrote:
Or, nobody has the data:
http://monolith.sourceforge.net/
http://www.schneier.com/blog/archives/2006/03/monolith.html
Grr... remind me not to read the comments on old blogs, it's
irritating to see so much misrepresentation...
The monolith model
Ariel Waissbein wrote:
Please notice that a second distress password becomes useless if the
would-be user of this password has access to the binaries (that is, the
encrypted data), e.g., because he will copy them before inserting the
password and might even try to reverse-engineer the
Hi,
Please notice that a second distress password becomes useless if the
would-be user of this password has access to the binaries (that is, the
encrypted data), e.g., because he will copy them before inserting the
password and might even try to reverse-engineer the decryption software
before
List,
the Subject says it all. This might be of interest
here, for comments.
The answer is definitely NO even for the naive user,
just requiring the tech-savvy for set up. Several
examples are possible.
John Smith can set two passwords, one for normal use
and the other