[HN Gopher] PAM Duress - Alternate passwords for panic situations ___________________________________________________________________ PAM Duress - Alternate passwords for panic situations Author : xanthine Score : 327 points Date : 2021-08-22 18:15 UTC (4 hours ago) (HTM) web link (github.com) (TXT) w3m dump (github.com) | f1refly wrote: | There's always a big issue with systems like this: Any | sophisticated attacker will have an image of the machine he's | trying to get into at hand to stop exactly what this pam module | is trying to achieve from happening. | | All this would do is make you appear in a worse light to the | deciding judge when it comes to trial or get your other kneecap | shattered in a not so civil situation. | t0mas88 wrote: | Lawenforcement yes, but I'm not sure most criminals are digital | enough. Especially if it all looks just normal logged in, but | in the background deletes some hidden files. | f1refly wrote: | People who would want the data of someone knowledgable enough | to install a custom pam module and write a script to utilize | it are most likely also sophisticated and informed enough to | know what to look for. This is not some street thug, it's | most likely either law enforcement or organized crime who | know very well what they want and that it's supposed to be on | your machine. | intellix wrote: | So you're saying if I'm held at gunpoint or forced to surrender | my password at the US airport that a password to clear my | account of anything would be useless? | | Neither of them know anything about me. | | It reminds me of the Trezor hardware wallet that allows you to | have multiple passwords into your account. If your forced to | give access you can log into the version with little in it. | Nobody knows that you have secondary accounts with more in | it... | jeroenhd wrote: | If you're held under gunpoint, that script that wipes your | entire hard drive will only make your day worse. | | AFAIK if you actually get detained and questioned at | airports, your drive will already get imaged before any | password is even tried. You may be able to get away with this | on a mobile device where this feature isn't generally | expected (because who uses Linux on a smartphone in the first | place). | | I always wonder at what scenarios like these are supposed to | be about. If saying no is not an option, pissing off your | captors by giving them fake info probably isn't either. | | I don't know what law enforcement would be looking for on my | work drive, but if saying no is no longer an option, my | encryption password isn't worth getting shot over. | Spooky23 wrote: | It's silly nerd porn. | | The "real" problem is either: (a) You know the authorities | want access to your data because <x>, and you travel across | a border with it. (b) You possess sensitive information and | are not aware of law enforcement's desire to get it; (c) | You're swept up at random; (d) You're a criminal, or carry | a paper trail of potential illegal activity. | | Solutions: | | (a) Means you are stupid. The only way to win is not to | play. | | (b) Means you either didn't follow your employer's security | guidelines or aren't aware of the risks associated with | whatever is on your device. You can't solve that problem | without understanding that. | | (c) You should use discretion re: what you cross a border | with and either accept the risk or do something else. | | (d) Don't really care. See (a). | TeeMassive wrote: | > If you're held under gunpoint, that script that wipes | your entire hard drive will only make your day worse. | | Then I'll just use a script that doesn't make it look like | I deleted everything. | nudpiedo wrote: | Why not honeypot into a docker with fake data? Everyone | would be happy (during a first moment). Sure if the attacks | t is well informed then they will double check whether the | target they got in is real or not. | ljm wrote: | "Okay okay! The password is hunter2, go on and try it, | just don't shoot me!" | | _Bad guy types in honeypot password_ A | new update to Docker is available. Restart now to | apply the update or subscribe to a Pro account | to delay this update. | | "Oh, bugger." | varjag wrote: | It doesn't have to wipe your drive, just do reasonable | things like kill your sensitive messenger accounts and | clean up the history. | shawnz wrote: | What does it matter if your drive is imaged if you are | using full disk encryption? | dailyanchovy wrote: | They can try their luck again at having you give access. | shawnz wrote: | The duress login shouldn't reveal that anything is | happening, so they have no reason to suspect you're using | such a feature at all. Thus there would be no reason to | ask you to log in again, and even if they do, you can | simply use the duress credentials a second time. | eurasiantiger wrote: | If they can monitor network connections, they can see the | duress connections, too. | shawnz wrote: | You don't need to make it take any network actions, but | even if you wanted to do that you could just use TLS. It | would easily blend in with all the other services that | use TLS as part of their normal operation. | dredmorbius wrote: | https://xkcd.com/538/ | shawnz wrote: | The duress credentials are exactly how you avoid the | "pipe wrench" scenario. The point of the FDE in that case | is simply to prevent them from looking on the disk | without your supervision. | dredmorbius wrote: | The duress credentials keep the pipe wrench from being | _useful_. | | They don't keep it from being _applied_. | shawnz wrote: | If the pipe wrench is getting applied regardless, that's | a much different situation. In that case you could simply | not comply at all. | | The duress credentials are meant to create plausible | deniability of non-compliance, by giving the appearance | of a genuine login which just reveals nothing. | dredmorbius wrote: | Understood and agreed. This depends heavily on what the | investigator expects to find. If the duress key removes | information known to be present ... out comes the wrench. | | Or you could just be dealing with someone who DGAF. This | ultimately seems to be a chief characteristic of many | situations in which strong crypto is proposed. It's the | breakdown of civil liberties, rights, and rule of law | which might be the true ur-problem here. | nudpiedo wrote: | If the attack is in hot the data is unencrypted, so | getting the login password will (usually) also give | access to the unencrypted disk (already mounted) | [deleted] | tedunangst wrote: | Without knowing what your captor already knows about your | device, deleting data they may expect to find is a pretty | high risk gambit. | EamonnMR wrote: | If your attacker has a full image of your system why are they | bothering with duress? | dogma1138 wrote: | Also depending on the jurisdiction depending on the | circumstances triggering it can be a felony the same as | destroying evidence or tampering with an investigation, if a | court compelled you congrats you've just earned yourself a | contempt of court charge that can last pretty indefinitely. | | In a jurisdiction that doesn't adhere to the rule of law you | are already screwed. | | What people often don't seem to comprehend is that if you get | picked up by a "secret police" in the middle of the night | it's pretty much game over already. | trothamel wrote: | Deleting data, if someone can prove it, also opens you up | to Adverse Inference, which means the jury can consider the | plaintiff's reasonable inference as to what the destroyed | documents contained. | | https://en.wikipedia.org/wiki/Adverse_inference | [deleted] | nickdothutton wrote: | I miss the SecurID stress PIN. | t0mas88 wrote: | You could set this up with three possible passwords, #1 for | normal login, #2 for what looks like normal login but deletes | most sensitive things and #3 that wipes the disk encryption keys | and reboots. If forced by criminals or a not so free government | enter #2 and pretend everything is normal. If pressured by the US | or EU government with your lawyer present enter #3, see it fail | and claim you forgot the encryption keys to make it boot (which | is technically true, just never admit you made it delete them | since that's illegal in most places) | loup-vaillant wrote: | Using #3 could land you in jail indefinitely in the UK I | believe: if they don't believe you forgot the password, they | can interpret that as a refusal to give them the password (or | unlock the computer), and jail you for this... until you give | them the password. | | Which you can't, because there _is_ no password at this point. | So either you admit that you just wiped your computer with the | panic password, or you can shut up and rot in jail until you | die. | | You need a way to make them believe you. Covertly wiping your | computer is probably not going to end well. | jrockway wrote: | Depends on the crime, I guess. If you face execution for | murder or treason because of the data on your hard drive, | life in prison is an upgrade. | akerl_ wrote: | This is why I don't keep evidence of committing | murder/treason on my computer. | dredmorbius wrote: | Evidentiary tests may change. | drexlspivey wrote: | So in the UK they can put you in prison for life without | being charged or found guilty of any crime unless "they | believe you"? Any source on that? | aymendjellal wrote: | I remember Kali Linux had a patched LUKS implementation for full | disk encryption with self destruction password | | https://www.kali.org/blog/emergency-self-destruction-luks-ka... | idlewords wrote: | Real password: | | woD3PRBgELFHH9nuABH]ksD | | Duress password: | | duress123 | t0mas88 wrote: | Duress password "1234", just make sure you have a very good | backup and disable SSH password login. Anyone trying to snoop | around is going to trigger it. | bredren wrote: | This is a joke, but the person under duress also has to sell | that they are under duress. This isn't something you can really | "train" the average person to do on command. | | It reminds me a bit of Jon Lovitz Pathological Liars Anonymous | bit. "Okay! Here's the password...ya that's the ticket." | | https://youtu.be/hV85E2S-Idw?t=45 | als0 wrote: | What I never quite understand is how this can work in practice. | When someone is under real duress, they do not always behave in a | logical way and may be too stressed to remember certain details | like a password that they never use... | drexlspivey wrote: | You don't understand how someone can remember a password under | stress? | INTPenis wrote: | I completely agree. I have long passphrases. | | The only way I can imagine remembering a duress passphrase is | to make it slightly different in some way. | | So that means I'd have to keep updating my duress passphrase | alongside my regular passphrase. | | Either way I love this idea and I might actually start using | it. I'm just trying to figure out how to set a practical | passphrase I will be able to remember. My passphrases generally | are in muscle memory after having entered them for a few days. | | Edit: A simple system I just came up with is to use one of the | numbers in the passphrase and increment it by one to indicate | each level of duress. | C19is20 wrote: | Practise. | MonadIsPronad wrote: | 'In practice' is correct, no? | marton78 wrote: | I think they meant "you should practise your duress | password". | joefife wrote: | Don't be that person, especially when you're wrong. Both | forms are acceptable. | | "In Australian and British English, 'practise' is the verb | and 'practice' is the noun. In American English, 'practice' | is both the verb and the noun." | bonzini wrote: | I thought he wrote that reply as a suggestion, i.e. that | you should practise typing the duress password beforehand. | michael-ax wrote: | perhaps i could use that as a screensaver password to share with | my girlfriend? it would close spreadsheets, emacs, un-mount | journals and personal drives. PAM's used to reauth from the | screen-saver, right? | DangitBobby wrote: | This could result in serious personal harm if the individual(s) | causing the duress sense something is up, which they almost | certainly will if things start magically disappearing or locking | up. You better make sure that whatever you are protecting with | this is more important than your personal safety. | bredren wrote: | I think they would be more likely to notice that you did not | put up enough fight. Most people are not great actors. | | Also, if you're being physically compelled to provide a | passwords it seems your personal safety is already compromised. | DangitBobby wrote: | Your safety is compromised, but that does not mean the danger | cannot be escalated. If you are mugged at gunpoint, are you | going to hand over all your cash and keep your hands up as | much as possible or are you going to swiftly cut up your | credit cards? | solatic wrote: | I mean, that's pretty cool, but who enables password logins for | SSH anymore? If I'm an attacker, I'm going to wonder why my | target of duress is giving me a password and not a private key; | most likely if I have access to my target of duress, then I have | access to some kind of client / endpoint that my target uses to | connect to the network, and that client will have the SSH private | keys likely already loaded into ssh-agent. | | Maybe a more modern concept would be to both a) have a duress | private key, that triggers duress scripts in the same way, b) an | implementation of ssh-agent that adds the duress private key when | a duress password is entered? | jstanley wrote: | I don't think this is specific to SSH. | | You could just as easily use this on your client machine and | have it delete your private keys if you try to login with the | duress password. | tyingq wrote: | Pam is for more than just ssh. This could wipe data on a Linux | machine for a local login, gdm, sudo, and so on. | xaduha wrote: | I think it should be pretty trivial to have a hidden dualboot, | let's say you have some plain boring Windows that takes 10% of | you drive and 90% is unassigned. In reality that's encrypted LVM | disk with bootloader on a flash drive that is easily tossed away | if necessary. Or zapped in a microwave if you watched too much of | Mr. Robot. | zeusk wrote: | or you know, just a vm disk image that is deleted with the | duress password. | mszcz wrote: | I think VeraCrypt already enables this. It's called Hidden OS | or something like that. | sodality2 wrote: | https://veracrypt.eu/en/docs/hidden-operating-system/ | | Not sure if there's a linux alternative. | flenserboy wrote: | Would love this as a standard option for phones / desktop logins. | ascar wrote: | > _This is transparent to the person coersing the password from | the user as the duress password will grant authentication and | drop to the user 's shell._ | | I would assume the user shouldn't understand that he was given a | duress password, so is transparent the right term here? | rafael859 wrote: | Nice, pretty cool stuff. In high-school I worked on something | similar (https://github.com/rafket/pam_duress), though this seems | to have a somewhat cleaner implementation which is nice to see, | and hopefully a more eager maintainer. | codetrotter wrote: | I'm reading the readme of your project, and got to the part | where it says | | > for example a mail could be automatically sent from his | computer to a rescuer, a script could delete sensitive files in | his hard-disk or a certain Rick Astley song could be | appropriately played | | And I'm just imagining someone having set two duress passwords; | one for kidnapping situations and one that they put there as a | joke. And then they get kidnapped and they try to input the one | supposed to call for help, but they misremember so they input | the rickroll trigger instead. | | And the kidnappers are like "hey what the hell, you think this | is funny man? turn that off" and the kidnapped person cries for | having messed up their one chance at calling for help. | qorrect wrote: | Was a good story :). | oasisbob wrote: | Training is very important in duress systems. | | I once worked in a place with a keypad duress code on the | security system. If you prefixed your security PIN with NN-, it | was the duress version of the code and would trigger a silent | alarm. | | This was setup long-ago, and not communicated. One night, the | keypad was acting glitchy. Partially out of frustration | (countdown is running), and partially to test, I ended up | accidentally engaging the duress code by tapping a convenient | corner number, which resulted in NNNNNNNNN-PIN. | | After law enforcement had surrounded the building, a quick chat | and search alongside a few officers got it all sorted. | dheera wrote: | An interesting way to use this PAM-Duress system would be to | write a program that | | (a) begins recording your microphone and webcam video | immediately upon login | | (b) Aggressively try the hell out of every passwordless Wi-Fi | network it can detect, then use headless chrome to aggressively | smack every button to get past the stupid login pages | | (c) Stream that video and audio to a server that saves it. | dredmorbius wrote: | Use Emergency SOS on your iPhone | | https://support.apple.com/en-us/HT208076 | unglaublich wrote: | or use a cellular network | yosito wrote: | Comments are full of gunpoint scenarios, but I think a far more | likely scenario for most HN readers is law enforcement / customs | agents asking you to unlock your device during travel or some | other random checkpoint so they can scan it. In that case, I | doubt the officer would even have a clue about the use of a | duress password to selectively and silently delete some private | data. I think the biggest risk would be that a scan of your | device could detect the PAM config and duress script which could | be a flag to monitor you more closely, or might possibly be | considered illegal itself in some jurisdictions. | leephillips wrote: | That is a gunpoint scenario. | Spooky23 wrote: | In the US, at minimum you're lying to a federal agent. Never a | good idea. | yosito wrote: | I don't know the legal implications, but if the duress | password unlocks your device and simply deletes a directory | or two, and the officer only asked you to unlock your device | (without a warrant, by the way), how is that lying? | hirundo wrote: | Even if it isn't lying, it's destruction of evidence. 18 | U.S. Code 1519: | | > Whoever knowingly alters, destroys, mutilates, conceals, | covers up, falsifies, or makes a false entry in any record, | document, or tangible object with the intent to impede, | obstruct, or influence the investigation or proper | administration of any matter within the jurisdiction of any | department or agency of the United States or any case filed | under title 11, or in relation to or contemplation of any | such matter or case, shall be fined under this title, | imprisoned not more than 20 years, or both. | yosito wrote: | Would that apply to a warrantless search? | salawat wrote: | Yes. Sadly. | Spooky23 wrote: | Despite rumors to the contrary, the police aren't stupid. | They are trained to ask questions in ways that elicit a | confession or falsehood. | | The simplest example is asking "Do you know why I pulled | you over?". Typically, people spontaneously confess to | speeding, sometimes they break down and admit that someone | is wrapped up in a rug in the trunk. | | The courts have consistently ruled that customs is | different and you can be searched without a warrant. Don't | cross borders with contraband or evidence of criminal | acts/dissident identity/your email correspondence with | foreign agents/etc. | muti wrote: | "You could even spawn a process to remove the pam_duress module | so the threat actor won't be able to see if the duress module | was available" | | This scenario was considered by the author | yosito wrote: | Ah, thanks! I didn't read closely enough. | stalkingvictim wrote: | Is my account still censored? Why? | ape4 wrote: | I'd like an option like this for Password Safe | sleavey wrote: | The Hello World example shows echoing to stdout from the duress | script. Seems like a bad idea. I don't want to get beaten or shot | when some rm -rf fails with an I/O error, alerting the attacker | to what's going on. It seems like it would be more sensible for | the module to suppress all output by design. | dheera wrote: | Just do this in your script rm -rf | /secret/files > /dev/null 2>&1 | | That pipes STDOUT to /dev/null and redirects STDERR to STDOUT. | sleavey wrote: | Seems like this should be baked in to the module. There don't | seem to be any circumstances where you would want | stdout/stderr from duress.d scripts to appear. | bredren wrote: | The "guy with the gun" narrative comes up a lot, so this seems to | counter that? I love the concept. It seems like something that | would work well in a movie but fail miserably in real life. | simonlc wrote: | This is really good, I've had a gun pointed at my head more | than enough times with all my bitcoins wiped, finally a | solution to my every day problem. | mgerdts wrote: | The company that was pitching my employer retina scanners on data | center doors 20 years ago had an idea like this. Left eye gets | you in, right eye gets you in and alerts security. | LeonM wrote: | This is also very typical for regular alarm systems with a | keypad. | | A PIN disarms the alarms system, the same PIN + 1 disarms the | alarm system and notifies security. | MrStonedOne wrote: | in ncis there was a security system where the pin had to be | entered twice, only once would alert security. | thomascgalvin wrote: | I worked at a place where the duress code was ROT5: 1234 was | your normal access code, 6789 lerted security. | Biganon wrote: | You're supposed to ROT5 mentally while in a state of high | stress? | thomascgalvin wrote: | It wasn't a well-considered plan. It also wasn't highly | advertised. I found out because someone happened to | mention it to me one day. | danachow wrote: | It doesn't sound quite as onerous if you just memorize | two 4 digit numbers by rote. But yes I agree the ROT5 is | a dumb flourish. | HPsquared wrote: | Could use the method in The Wire: press the key on the | opposite side to the usual key (e.g. 8 instead of 2, 6 | instead of 4, etc.) | HPsquared wrote: | This could also work with fingerprint scanners. | koolba wrote: | Could also blink Morse code. | | It's been done before: | https://m.youtube.com/watch?v=rufnWLVQcKg | eps wrote: | If you wonder whether it's a video of an american pow | blinking "torture" during an interview - yes, it is. | tazjin wrote: | As long as the sides are the employee's choice (i.e. the threat | actor needs to not be able to know which eye is the duress | one). | hanniabu wrote: | Good point, that's a very important requirement | HomeDeLaPot wrote: | And you'd want to hide the eye choosing/scanning process so | nobody could just watch an employee to figure out their | preference. | withinboredom wrote: | If your threat model is "guy with guns," they'll just follow you | and snatch it when you think you're safe and unlock the device. | If your threat model is "government at border" just mail the | device or data to yourself overnight. Don't be that guy... | | I was flying into Atlanta (Intl) with "radioactive" rocks (not on | purpose, just picked some up near a volcano, they looked cool) | and they flipped their collective shit. I was taken to a separate | area where they dumped my stuff next to another guy who got | pulled into "routine" inspection. This other guy "forgot" his | phone pin earlier that day... he was still there four hours | later, after my four hours of reasonably straight forward BS. | ChrisMarshallNY wrote: | It's a very cool idea, but I think it would be most useful if | applied to things like phones. I suspect most people pressed for | passwords, are using a GUI system. | lights0123 wrote: | It uses the same authentication system everything else uses, so | it would work in any login screen on a system that uses PAM | (Linux and macOS), not just a terminal. | luismedel wrote: | Exactly. It would be great to have a secondary pin (or my | middle finger fingerprint, for example) in my phone to enter in | a dummy environment with a few games, some family pics and so. | lisnake wrote: | The feature exactly like that exists in Xiaomi phones. It's | called Second space, and basically allows you to have second | profile with different apps or accounts. Interesting thing is | that you can set it up to open when unlocking the phone with | specific fingerprint. The idea is to fill that Second space | with dummy info, and unlock it with your little finger, for | example (or vice versa, use it for sensitive information). | Obviously, it wouldn't fool thorough phone scan (and if you | dig deep enough in the settings you can see if the feature is | enabled) but can be useful at quick cursory scans, like if | you need to provide your phone at the border | ChrisMarshallNY wrote: | It would need to be baked into the OS. With FaceID, I guess I | could use eyes crossed, as a queue. | bartvk wrote: | That'd be neat. With Touch ID, it would be very intuitive | to configure the middle finger as the trigger to run a | duress script. | laurent92 wrote: | Always configure a non-obvious part of your thumb (or | left thumb) as Touch-ID. Then when under duress, use your | normal thumb to make it fail. | SalimoS wrote: | You can push the lock button many time (when pulling you | phone from the pocket for example) and it will require | lock the phone and require to use your passcode | anigbrowl wrote: | I do not understand why any security concerned person would | use biometric identification for anything, ever. | dredmorbius wrote: | If that's what's mandated, you may have little choice. | bonzini wrote: | Somebody mandates using biometric identification | _instead_ of a PIN?!? | dredmorbius wrote: | Biometric passports: https://www.dhs.gov/e-passports | | Face ID: https://support.apple.com/en-us/HT208109 | | Fingerprint Readers: | https://www.samsung.com/us/support/answer/ANS00082563/ | | These are extant, and either part of or _required_ within | numerous presently-used systems. | lxgr wrote: | Why would being security conscious automatically | disqualify biometrics? | | Security is all about threat models, and I can imagine | quite a few scenarios where biometrics might fare better | than passwords. Shoulder surfing and trivial | passwords/PINs come to mind, for example. | | And who said that it's biometrics vs. anything else? It's | quite advisable to combine authentication factors. | anigbrowl wrote: | Shoulder surfing and weak passwords are both something | you can control at any time. Biometric identification can | be exploited involuntarily by someone literally using | force to apply your finger to a device or similar. I | shouldn't need to say this, it's so obvious that it's a | common plot device in action movies. | sabas123 wrote: | And with a little bit more force they beat the password | out of me anyway regardless which system I use... | anigbrowl wrote: | If you are so easily swayed, you would probably not be in | an adversarial situation with a government anyway. | | But this article is about a system for giving up | passwords under duress without necessarily compromising | all your security, such that your antagonist has no way | of knowing or showing that there's another password | concealing more important information. | SalimoS wrote: | Because there is a difference between identification and | authentication and unfortunately the Touch/Face ID mixed | then | dheera wrote: | I think on Android you can set up multiple users. | squarefoot wrote: | I don't think they hide their existence from each other | however. If they're like Unix users, then one might see | something like /home/user1 /home/user2 /home/user3, etc. so | that all usernames would be clearly visible and the user | could be then forced to reveal all passwords. The aim is to | obtain plausible deniability, that is logging in as the | safest user according to the situation, while at the same | time hiding all others. | canada_dry wrote: | I'd love that feature (android 9+) if it allowed me to | install some of the gazillion apps (e.g. every bloody fast | food place that only has deals via their app) but restricts | them from accessing my real user contacts, emails, msgs, | gps/location, etc. | | Blackberry phones had this feature and it was pretty | bulletproof. | dheera wrote: | I believe users cannot access each others' data. So yes | you can use it this way. I'm pretty sure it existed at | Android 9. Are you running stock Android or some Samsung | bull? | awinter-py wrote: | yeah there's that one guy who tried to cross the border from | canada and got blocked for having scruff on his phone | | https://www.huffingtonpost.ca/2017/02/22/canadian-man-custom... | | 5 years on we're somehow all managing our own crypto keys, the | phone is the key to unlock our digital lives, so we're all in the | counterintelligence game. more tools like this. | yhoneycomb wrote: | Good old US. Land of the free. Canadian border agents are | equally bad, in my experience. Guess it's just part and parcel | with living in the Anglosphere. | necovek wrote: | There are multiple levels of protection one might want. | | I.e. when you are being selected for random questioning entering | US as a non-US citizen, you'd benefit from steganography-like | approach: you give a password, and relatively bland, non-personal | stuff shows up, giving appearance of full access to a system. | | If you only care about your privacy, the next one is to have a | destroy-everything script (and it's not that hard: usually, | passphrases are only used to decrypt the actual encryption keys, | so overwriting those keys should be super fast). This would also | work against unsophisticated attacks which are not going to | really cost you your life. | | If there is a potential for you to be a target of a sophisticated | attack and the attacker does not care about taking your life, the | biggest benefit is to have a way to inform someone of your | whereabouts while you are actually giving access, ideally in a | way that buys you time (eg. "webcam has detected stress on your | face, please wait another 6 hours before trying to log in again" | -- sorry, company mandated software, when it happens usually, we | call support). | mimimi31 wrote: | >usually, passphrases are only used to decrypt the actual | encryption keys, so overwriting those keys should be super fast | | I'm not sure if it's really that simple with modern flash | storage. There might be no guarantee that attempting to | overwrite some data will actually affect the particular memory | cells where it is stored. You would probably have to trigger a | secure erase to reset all memory cells and hope that it is | correctly implemented by the storage device's firmware. | IgorPartola wrote: | This would happen inside the TCM no? | Nursie wrote: | This is something TPMs are good for I guess. | zachberger wrote: | Even US Citizens are subject to search at the border without | warrant or probable cause. | | Recently I had a CBP officer at SFO ask to search photo gallery | when returning from vacation. | grecy wrote: | Does a US Citizen have to comply? | amelius wrote: | Of course James Bond would have an unlock + wait 10 seconds + | explode option ... | packet_nerd wrote: | > I.e. when you are being selected for random questioning | entering US as a non-US citizen, you'd benefit from | steganography-like approach: you give a password, and | relatively bland, non-personal stuff shows up, giving | appearance of full access to a system. | | Is there a practical way to implement this today with Linux? I | know VeraCrypt supports hidden operating systems, but I think | only Windows? | roblabla wrote: | It's possible to have a truly "hidden container" with | LUKS/cryptsetup, but it's not exactly a "supported" setup. | Here's some information: | https://blog.linuxbrujo.net/posts/plausible-deniability- | with... | delgaudm wrote: | If I understand correctly, this appears to be Linux only? | raziel2p wrote: | It's based on PAM (pluggable authentication module) which | should exist on MacOS and BSDs as well. | [deleted] ___________________________________________________________________ (page generated 2021-08-22 23:00 UTC)