[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vp / vr / w / wg / wsg / wsr / x / y ] [Home]
4chanarchives logo
What can you do when encryption isn't enough? Say you are
Images are sometimes not shown due to bandwidth/network limitations. Refreshing the page usually helps.

You are currently reading a thread in /g/ - Technology
Thread replies: 7
Thread images: 1
Anonymous
2016-03-28 14:36:23 Post No. 53732968
[Report] Image search: [Google]
File: 1445671437135.jpg (58 KB, 669x425) Image search: [Google]
1445671437135.jpg
58 KB, 669x425
Anonymous 2016-03-28 14:36:23 Post No. 53732968 [Report]
What can you do when encryption isn't enough?

Say you are in a situation in which you may be forced to hand over encryption keys, and there's a significant chance you might have your (encrypted) phone seized. What can you do? The only two options I can think of are:
>To have a setup where it can be remotely wiped in the small window when you know it is going to be taken, but before it actually is, but this would require the phone to be on, and someone or some automated process to give the command to wipe.
>To never store anything on the phone itself, and use it as a thin client to some server, and wipe the server when you are free.

Option 2 seems the easiest. Is there a practical way to set that up, with software that exists today rather than having to build something from scratch?
>>
Anonymous 2016-03-28 14:53:55 Post No.53733192
[Report]
Anonymous 2016-03-28 14:53:55 Post No.53733192 [Report]
If you know you're in such a situation, don't have an encrypted phone on you...

Otherwise, store encryption keys on a volatile medium that can easily be destroyed quickly and discretely
>>
Anonymous 2016-03-28 15:03:04 Post No.53733303
[Report]
Anonymous 2016-03-28 15:03:04 Post No.53733303 [Report]
>>53733192
>If you know you're in such a situation, don't have an encrypted phone on you...
I agree, and this probably covers most situations. I guess it's more useful if you think it's likely to happen, but you don't know when.
Easily destroyed keys are a great idea, any idea what would be for something easily discretely destroyed?
>>
Anonymous 2016-03-28 15:04:06 Post No.53733315
[Report]
Anonymous 2016-03-28 15:04:06 Post No.53733315 [Report]
>>53733303
*what would be good
>>
Anonymous 2016-03-28 15:08:21 Post No.53733363
[Report]
Anonymous 2016-03-28 15:08:21 Post No.53733363 [Report]
>>53733303
Honestly, in that situation you'd be stupid to be carrying around (presumably) sensitive data.

If you absolutely *had* to, you would use something like a smartcard or similar device, with a built in easily triggerable self destruct/secure wipe/zeroize function, with anti tamper features. Not sure how you would then link it with a phone, don't think there is anything off the shelf available to consumers for that.
>>
Anonymous 2016-03-28 15:11:20 Post No.53733408
[Report]
Anonymous 2016-03-28 15:11:20 Post No.53733408 [Report]
Why is rubberhose not mentioned?
>>
Anonymous 2016-03-28 15:19:55 Post No.53733521
[Report]
Anonymous 2016-03-28 15:19:55 Post No.53733521 [Report]
>>53733408
This is why you have the encryption keys on something like a smartcard - destroy that, and no amount of rubber hoses will get you the key. Ideally you can then easily prove that you are unable to recover the keys.

Of course, that won't be much comfort while the rubber hose is being applied, either because they don't believe you, or don't care.
Thread replies: 7
Thread images: 1
banner
banner
[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vp / vr / w / wg / wsg / wsr / x / y] [Home]
All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
If a post contains personal/copyrighted/illegal content you can contact me at [email protected] with that post and thread number and it will be removed as soon as possible.
DMCA Content Takedown via dmca.com
All images are hosted on imgur.com, send takedown notices to them.
This is a 4chan archive - all of the content originated from them. If you need IP information for a Poster - you need to contact them. This website shows only archived content.