On 4/14/05, Marcus J. Ranum wrote:
> Paul D. Robertson wrote:
> >I don't think a wrist is that much more trouble than a finger to a
> >machette

> I know you're just being funny, but this all misses an important
> point: against an opponent that is willing to physically attack,
> threaten, or torture you ALL authentication systems
> are worthless. Especially if you assume a level of indirection
> can be added (I.e.: "log me into the system or your child dies.")

There are relatively simple safeguards that can be added on to
most systems to address this. For example, many ATM systems
(and also the SecurID hardware token product) support what are
called "duress PINs". Basically, enter your PIN backwards, and
the system still grants you access, but also sets off a silent alarm.

This of course lends itself to "Get Smart" style mind games -- If
your PIN is 1234 (the kind of combination an Idiot would have on
his luggage), do you tell the attacker your PIN is 4321, but then
he guesses you gave him the duress PIN, so maybe you give him
your real PIN and he reverses it himself (and so on).

Kevin Kadow

Unofficial SecurID User's group:
firewall-wizards mailing list