Somewhat OT, encryption question
vendor at billoblog.com
Thu Nov 27 16:34:19 UTC 2014
On Wed, 26 Nov 2014, Bruno Wolff III wrote:
> On Wed, Nov 26, 2014 at 20:47:25 +0000,
> Bill Oliver <vendor at billoblog.com> wrote:
>> On Wed, 26 Nov 2014, Bill Oliver wrote:
>> Actually, let me be more specific. Let's say I have data on a flash
>> drive that is encrypted using gpg. We can even say the flash drive
>> itself is encrypted.
>> Now let's say that flash drive is stolen, lost, etc. *and* the
>> passphrase is compromised. I want the data on the flash drive to be
>> available *only on one computer* even if the passphrase is known.
> If you don't need to decrypt data in the field, you can use public key
> encryption. You won't be able to decrypt the data without the private key.
> (Which you wouldn't have with you or the flash drive.)
> TPMs provide a way to keep a secret on a computer that can't easily be
> extracted (otherwise you could supply the data in an emulated environment). I
> don't know if there is anything in Fedora for using say, luks with a TPM in a
> way that prevents the TPM info from being sniffed in a similar manner to how
> your passphrase is compromised. There has been some work with using TPMs with
> luks, but I don't know how the process works.
> Note, that if this scenario comes about because someone grabs you and the
> flash drive, but not your computer, there could be dire consequences to not
> being able to decrypt the drive. Particularly if the people holding don't
> believe you, when you say you can't decrypt it.
That's part of the point. Were I to be carrying a flash drive, for instance, and be required to provide a passphrase, I need to be able to provide it *and* a cogent, truthful, and believable explanation of why it doesn't work and there's *nothing I can do" to make it work short of returning home and retrieving my computer. There are many situations nowadays where people can be coerced into giving up their passphrases. In the US, this can happen at the border. In other countries, every move you make is under some sort of surveillance, often covert, and getting information in and out can be problematic.
What I would like to be able to do is go to a remote site, acquire/select data for my personal access and use at my office, encrypt it using a public key, and then not be able to decrypt it until I got back to my office and put it in *my* computer.
The personal danger really isn't all that great, as long as you stay out of Islamic countries, and go around with an escort (the latter being the key). In doing this for 30 years -- for the US military, for a state police agency, as an academic, and for the occasional NGO, I've only been directly and realistically threatened with death three times (not including the general threat of being in an active theater). All three were in the US, two involving gangs and one involving a distraught parent who accused us of covering up the murder of his daughter and decided to even things out with a shotgun.
Frankly, it's more dangerous to be a lawyer for some of these people. I remember a case some years ago where I testified about an execution-style murder. I didn't know anything about the case, really. When I got into the courtroom and got on the stand, I was a bit surprised. There were four defendants, and they looked like something out of central casting for a low budget action flick. They had tattoos all over their faces with "MS13" on their foreheads and necks, fu-manchu mustaches, shaved heads and mohawks, etc.
After I got through testifying, I was excused and the judge ordered a recess. I walked out of the court to the elevator along with a man who had been in the court who I didn't know, but seemed to be involved in the case. I turned to him and asked, "Hey, that's quite a cast in there. Do you know the story? What did these guys do?"
He replied "Well, it's our position they did nothing all, but between you and me, I'm scared shitless. These are the kind of people who kill you if they don't think you did a good job for them. And the evidence is pretty clear. They are going to be convicted."
"Heh. I gather you're on the defense team, then."
"Yes, God help me."
Happily, my interest in the case stops the minute I walk out the door. I don't know who they were or how the case turned out.
Interestingly, from a forensic medicine practice perspective, most people are happy for you to just do your job and move on. I once talked to a forensic pathologist from the Soviet Union back in the day and asked him how he could practice in a country where they played with the truth so much. Did he get a lot of pressure to change his findings? He laughed and said not at all. The Kremlin wanted to know the truth, and he was free to tell it to them no matter how unpleasant it was. He was one of the few people in Moscow who didn't have to censor what he told people in the Kremlin. He just couldn't tell anybody else.
More information about the users