Decoy data
@brenty's comment in another thread made me think:
you will be the weak link here: either due to a bad Master Password, or a guy with a wrench that is able to, well...wrench it from you.
TrueCrypt has a decoy mode. The idea is you have two passwords. Input the normal one and you get all your normal data. Input the decoy password and you get a load of dummy, but realistic data.
Then, if someone tries to coerce you into revealing the password you can just give them the decoy password and not risk revealing your true data.
Is it possible for 1Password's encrypted .1password file to use a system similar to Truecrypt's?
Comments
-
This seems goofy. Any would-be-wrench-wielder with even some partial grey matter might consider testing the data before fleeing the scene. Just saying.
0 -
I think it's a cool idea, but I think it's worth considering who the target of the decoy might be. I feel like someone savvy enough to go after TrueCrypt (or 1Password) data and get the "decoy password" should also be aware of said decoy feature. This would certainly thwart a novice who's none the wiser that s/he might be getting duped...but would this dupe really be able to get that far in the first place?
I'd be interested to hear different scenarios though, since there may well be something I'm not considering. I guess I my mind I imagine an attacker targeting me and my data, getting the "decoy password", getting really p•••ed off, giving up on my data entirely, and instead resolving to focus on f•••ing me up any way they can — DDoSing, wiping, or physically assaulting me — as retribution.
With all the lengths we go to to protect our data, I feel like sometimes we forget that there are even greater threats to our security and safety, especially in this age of doxxing and stalking. How's that for paranoia? :fearful:
0 -
Well, this is Solution to a Mythical Problem posed a Mythical Attacker. In what Universe does this scenario exist, other than television or the movies? Sure, it could happen, but does it to any extant worth worrying about? Maybe that's what you were saying...
About the whole coercion thing, and having the presence of mind to try to outsmart someone at their game, while under extreme duress or threat of violence. Forget it. Most if us will quiver, wet our pants (or worse), and comply promptly and truthfully. Having been held up at gunpoint, I can tell you firsthand my hero mentality and quick thinking abandon me the moment I saw the gun. It is a very rare person who has the presence of mind and steely nerves to successfully handle coercion of the nature being suggested in the posted scenario.
0 -
Well, this is Solution to a Mythical Problem posed a Mythical Attacker. In what Universe does this scenario exist, other than television or the movies? Sure, it could happen, but does it to any extant worth worrying about? Maybe that's what you were saying...
@MrC: Yes. Very poorly. :lol:
Having been held up at gunpoint, I can tell you firsthand my hero mentality and quick thinking abandon me the moment I saw the gun. It is a very rare person who has the presence of mind and steely nerves to successfully handle coercion of the nature being suggested in the posted scenario.
Wow. You're right, of course. I don't think this person exists; rather, a person can be trained to react in critical situations. I, on the other hand, have no such training. :cry:
0 -
@RichardPayne, @brenty, Is there a name for the decoy mode in TrueCrypt? I vaguely remember that there is one but can't currently recall what it was!
0 -
Here's what Bruce Schneiner has to say on TrueCrypt's Deniable File System:
https://schneier.com/blog/archives/2008/07/truecrypts_deni.html0 -
It actually did take me a few days. Try searching Google without knowing what you're supposed to search for! :(
0 -
Welcome to my world. :crazy:
0
