Comment by User23

4 years ago

The security attack that scares me more than any other is rough men with guns kidnapping me in the middle of the night and then torturing me until I reveal my security material. While normally torture just results in the victim saying anything to make it stop, in the specific case where the attacker has encrypted material and can test key extraction in real-time torture is highly effective.

3 comments

User23

api 4 years ago

There’s a canonical term for this: rubber hose cryptography. That’s when you beat someone with a rubber hose until they give you the key. It’s effective against a wide range of algorithms and constructions.

rocqua 4 years ago

The technical solution is having very available, very believable lies. Something where you can "reveal" false secrets that decrypt to believable data by your attacker.
This is generally hard. Because you gotta know, at the time of being tortured, which fake secret will give believable results.
_1gwx 4 years ago

https://xkcd.com/538/