paperkey // ? feature request

[Robert J. Hansen]

vedaal at hush.com wrote:
> but unless you choose a sufficiently long and random passphrase, 
> symmetric crypto with a passphrase string-2-key is much less
> protected than when the session key is encrypted to an unknown
> asymmetric key

The moral of the story is to (a) use the right tool for the job, and (b)
use the tool correctly.

I don't see how you can on the one hand assume that the person is going
to be technologically savvy enough to do all of this, and at the same
time dumb enough to use his mother's maiden name as a passphrase.

You may say "I'm not assuming he'll be dumb, I'm just allowing for the
possibility he will be" -- which is good, and it's a good maxim for
system design.  But making the system more complex (asymmetric crypto is
infamously complicated) in order to make the human factor simpler is a
bad tradeoff.  It's not a choice of system complexity or human
complexity.  Good protocol design reduces both; buying one at the
expense of the other is a bad idea.

> the first one that comes to mind: burn it and dump the residue in a
> sewer

"привет, горожанин.  The security footage says you were in this internet
cafe when this treasonous message was sent.  You were at the affected
PC.  You used a USB token.  And shortly afterwards your neighbors saw
you burning something in your backyard, but you didn't put the remains
in the trash.  We know, because we checked.  Would you come with us,
please?"

Present them with a fake USB token -- "We're sorry.  The GUID is
different.  Would you care to revise your story, or shall we just send
you to the gulag now for lying to investigators?"

If you're taking heat from serious opponents, you need to drop any
pretense about technology being your friend.  It's not.  If you're in a
serious heat situation, run away from anything with a battery.

> ok, sounds interesting what sources do you recommend reading ?

The Digital Forensics Research Workshop has some great articles.  The
latest fad is memory analysis: subvert someone's laptop for 30 seconds
to make a dump of memory, then snarf it up and parse through the memory
image at your leisure.

Or consider a hibernation file.  When your laptop goes into hibernation
mode, your laptop copies its entire internal state to disk so that when
you open your laptop again it can pick up right where it left off.  That
hibernation file doesn't get deleted once the laptop is done with it.
Let's say you're storing data on a TrueCrypt container.  The police grab
your laptop.  They're foiled -- they don't have the password!  But then
they look through your hibernation file and find your password hiding
there in cleartext.

Yes, it's kind of impressive seeing this stuff done.  It's also
disturbing and frightening.

If you're interested in hibernation file analysis, the current hot guy
is a French college student named Matthieu Suiche.  He's done a lot of
great work and he's only something like 20 years old.  It's a very new
field and there's a lot of room for dedicated amateurs to make an
impression.

Read his papers -- they're very eye-opening.