Encryption and risk

[dsr-mzpnVDyJpH4k7aNtvndDlA at public.gmane.org (Dan Ritter)]

On Tue, Oct 06, 2009 at 10:56:26AM -0400, Richard Pieri wrote:
> On Oct 6, 2009, at 10:27 AM, Dan Ritter wrote:
> > Everyone seems to be ignoring the real brute force attack:
> > rubber-hose cryptanalysis.
> 
> I did not ignore it; I simply chose not to address it.  But since you  
> asked... :)
> 
> Obviously, no algorithm can be proof against a rubber hose attack.   
> Securing against rubber hoses is a matter of implementation.  One  
> possible mechanism is something similar to standard code signing  
> practice with multi-factor authentication.  The user has a pass phrase  
> (virtual key).  The site has a hard token of some sort.  That token is  
> stored in a secured area (physical key).  The user does not have  
> access to said secured area and must make a request through physical  
> security to sign out the token and sign it back in after the code  
> signing is complete.  And, of course, physical security monitors the  
> checked-out token at all times.

A: Mallory kidnaps your user's family and explains that even more
awful things will happen unless the secret information is
delivered right quick.

B: Mallory offers ten million dollars and a new identity in
Bermuda to your chief of security.

Threat models, value of secrets to you, value of secrets to
enemies, and thanks for bringing up the next point of consideration:

"What are you willing to trade off in security versus
usability?"


-dsr-

-- 
http://tao.merseine.nu/~dsr/eula.html is hereby incorporated by reference.
You can't defend freedom by getting rid of it.