Comments (4)
One problem I can see with this workflow is that a physical key (being
OpenPGP or smartcard) may or may not require a court order or more to be
surrendered, but in some instanced is covered by the 5th amendment here in
the US[1]. Yes the pin on the card is protected as privileged information
and would require compulsion by the court to be divulged[2] if the judge
felt it did not violate the witnesses 5th amendment right. Nothing say
though that the pin simply wouldn't just be bruit forced after the key
physical is obtained. There are safeguards you can have in place within
the card, but is not a guaranty that the encryption will not be broken.
Also there is liability on where the "encrypted" decryption password is
stored. Having the password stored (even encrypted) on a physical volume
or device seems like another vector someone could use to attack your volume
and forgo the need for your OpenPGP card altogether.
Personally I do like the idea of having a smartcard/pgp card as a 2FA
device in addition to other certs/passwords for a volume.
[1]
http://www.uclalawreview.org/the-fifth-amendment-encryption-and-the-forgotten-state-interest/
[2] https://en.wikipedia.org/wiki/In_re_Boucher
On Fri, Mar 11, 2016 at 10:01 AM, Hatter Jiang [email protected]
wrote:
What about this idea, the password for TrueCrypt protected by OpenPGP
Card, then mount a TrueCrypt disk will like this:
- Open TrueCrypt
- Select TrueCrypt Disk
- Plug OpenPGP Card
- Input OpenPGP Card PIN
- OpenPGP Card decrypt password
- The password decrypt TrueCrypt Disk
About OpenPGP Card: https://en.wikipedia.org/wiki/OpenPGP_card
—
Reply to this email directly or view it on GitHub
#23.
from truecrypt.
First, the feature I propose is not encrypting the passphrase, but encrypting the (truly randomly generated) volume key using a smart card. Instead of deriving that key from a passphrase.
Second, I had PIV cards in mind, though OpenPGP support would be fine too.
Finally, not every threat model has court orders as its highest risk. Plus, smart cards usually are PIN- or password-protected, and I'm sure one can plead the 5th for that PIN exactly the same way one would for the volume password of TrueCrypt.
from truecrypt.
Forgot to mention that smart cards usually lock after some very small number of failed attempts to enter PIN. Most people,set it between 5 and 10. Official policies (such as German standard) fix it at 3. So while technically it may be possible to extract the secret from a smart card - in practice the probability of success is nil.
from truecrypt.
TrueCrypt Development has been moved to CipherShed:
Lets move the discussion over there:
CipherShed/CipherShed#46
from truecrypt.
Related Issues (20)
- Should readme.txt be altered? HOT 5
- Rename TrueCrypt to RealCrypt HOT 3
- Which project HOT 1
- Trust HOT 1
- Missing .sln HOT 2
- linux build failes HOT 1
- https://github.com/AuditProject/truecrypt-verified-mirror HOT 2
- Truecrypt Native Linux Drivers Fail HOT 23
- git clone fails HOT 3
- Please add a popular license HOT 27
- Yosemite Install not allowed HOT 2
- Please update HOT 2
- How do i recover files from container that got marked 0KB by chkdsk? HOT 1
- can ur team support maxosx M1 silcon HOT 1
- Set up a blog HOT 4
- Set up a forum HOT 9
- Use TrueCrypt License 3.1 HOT 3
- Suggestions for a new name HOT 82
- diff 7.2 HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from truecrypt.