Hacker News new | past | comments | ask | show | jobs | submit login

I have a feeling that "Is pam_duress.so configured in any file in /etc/pam.d, and if so turn on a big red light" is a pretty trivial thing to add to those "plug the person's computer in here and have them log in to their machine to decrypt everything, otherwise they won't go through customs/leave our dingy bunker" solutions.

These duress passwords seem to be for kind of contrived scenarios, to me. Either your threat model is "someone breaks into my hotel room and steals my laptop", in which case it's useless, or "The $OpposingSideSecretService got me and hits me until I give them my password" in which case it seems to be equally useless.




There are a lot more threat models than the ones you list.

1. A journalist who has a legal right to protect their sources from discovery

2. A check on your encrypted electronic device at the border

3. A snooping housemate or someone else logs into your machine

That was in <30 seconds of thought on this problem.


Sadly (2) is a legal requirement in Australia now, too.

If asked you MUST unlock your phone and computer. So if you’re travelling here or leaving — citizen or not — you best be prepared to have your data searched for arbitrary reasons.

I hate it.


The best defence I have seen for this is to keep all your data on cloud storage and do a base install whenever you are crossing questionable borders. Rather than a cloud provider, host your own Nextcloud instance.


I have advised similar things. Backup, factory reset while going through the border and restore once done. The fact that they can legally seize without any justification and no transparency over what is taken is still an issue though.


Do you have any sources (anecdotal or otherwise) of this power actually being used?


Maybe this shouldn't be branded purely as a security feature. There are plenty of uses for it beyond the whole duress aspect. It could be an elegant way to toggle desktop themes when you log in. Or it could give a bit of peace of mind by killing all open browser windows as you're about to log into your laptop that's hooked up to a projector.


> You could even spawn a process to remove the pam_duress module so the threat actor won't be able to see if the duress module was available.


I think this falls squarely into daydreaming about how to stop a home invasion territory.


Lol, the ven diagram of people who can move your computer while the os is running and and people who can figure out of you also have a duress password is basically a circle.

No home theif is going to take the time to move your machine while it's running so having all the drives locked should be good.

If you're using pam, some section of the drive is unlocked.

The question is does it matter if they know you have a duress module running?

You're not really obligated to give your password in the US. (Not a lawyer but that's how I understand it)

And in situations where they know are they going to beat you after youve erased your data?

If you're worried about a machine being moved while on, you're probably best to check a canary that tells it about it's environment. ARP for a specific MAC, or DNS entry that only resolves on your LAN, SSID scan, maybe just lock all drives if the LAN interface flaps.

I suppose this would be good for airport travel and more mobile situations.


that's pretty fun too




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: