50 characters ? (was RE: Man jailed over computer password refusal
John Wilson
tugwilson at gmail.com
Fri Oct 15 19:43:00 BST 2010
On 15 October 2010 18:42, Nicholas Bohm <nbohm at ernest.net> wrote:
> On 15/10/2010 16:52, John Wilson wrote:
>> On 15 October 2010 16:43, Nicholas Bohm <nbohm at ernest.net> wrote:
>>> Leo Marks also noted the benefits of keeping secret information recorded on
>>> easily destructible media (e.g. silk). Adopting his procedures, and citing
>>> his work, might have helped Mr Drage present a more convincing account.
>>
>> If I read the specs right this http://yubico.com/home/index/ allows
>> have and use a password that you need never know and which can be
>> easily destroyed (http://www.yubico.com/developers/static/ seems to
>> say that if you press the button for 10 seconds the password is
>> replaced by another random one.). The mere possession of one of these
>> devices would seem to allow you to plausibly clam that you cannot
>> comply with the request to disclose the password.
>
> Maybe, but it's quite likely to be found and seized when the computer is
> seized, and the time to destroy your password is after the computer is
> seized but before you are served with a s49 notice. I would think a
> discreet piece of paper (e.g. a cigarette paper) might much more easily
> be missed on a search - perhaps slipped in the binding of a book, etc.
I wasn't really thinking of using it to hold the password. I'm
assuming that I'm using one I can remember without writing it down.
How about:
I buy a YubiKey making sure that I use my normal credit card and the
email's involved in the purchase are archived in my Gmail account.
I destroy and safely dispose of my YubiKey
I ensure that any system logs which record things like USB keyboard
connections are regularly truncated.
When the Police arrive I ensure that they can find and take all my
electronic junk (a couple a vans worth in my case).
When served with the RIPA notice I as "I use a YubiKey, I don't know
what the password is because it was generated by the token and you
took it away in one of the boxes"
I can prove I bought it, if the Police have lost it it's really not my fault.
John Wilson
More information about the ukcrypto
mailing list