Hacker News new | past | comments | ask | show | jobs | submit login

if someone puts a gun and steals your private key he can continue checking in after he kills you right?



No, if you have ordered keys and only you know the order, there is no way to do it unless you give the order, and even then there’s no way to confirm the order is correct without trying it.

The way around this is to threaten not to kill the target, but rather kill their whole family or those they care about viciously and painfully, and be ready to do it, if the order is wrong and there is an automated leak.


Well sure, just like you could give them the wrong private key.

I always find these arguments against coercion attacks unconvincing. "Well, they can force you to give them information A, but for some reason not force you to give them information B." No, they'll put you in jail and force you to give them all the information needed to send check-ins, period.


Yes. In the current form, If someone gets the project owner config file they could continue to check-in indefinitely.

I've been toying with the idea of optionally encrypted the owner config with a passphrase to mitigate this. It would even be possible to have a secondary "duress password" that pretends to decrypt the config, but publishes instead.


but it should give the attacker confirmation that all is ok and somehow the attacker can't know that it was published?




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: