Skip to main content


In opsec, duress (“rubber-hose”) attacks are famously hard to address. Cryptographic keys that cannot be lost have poor protections against duress.

Travelers can leave key fobs at home should they be accosted. A victim of a break-in can conveniently “lose” or smash a hardware key, erasing any encrypted data. Yes, I know about cold-boot attacks; I don’t recommend at-risk people to leave things decrypted for long durations. I like the idea of spring-loaded key fobs that can’t be left plugged in.

People talking about key fob body implants don’t usually plan for removing them in seconds with plausible deniability.


Originally posted on seirdy.one: See Original (POSSE). #Security #OpSec

This entry was edited (3 months ago)

Seirdy reshared this.