This is part of why I designed Tarsnap to keep data as secure as possible, even from me. If someone stores their crypto keys -- or world domination^W optimization plans -- on Tarsnap, I don't want to get kidnapped and tortured by anyone trying to steal that data.
He can’t give the attackers the customer keys or any other data. But yes as another poster says downtown the attackers may not actually understand that.
Why don't they bother traditional bank managers then?
One time long ago someone did try to get money by forcing a bank owner to open a vault, and it didn't work, and since then everyone knows it's fruitless.
It just needs to actually be fruitless. It sounds like for crypto custodians, it's not fruitless and they know that.
Please describe exactly the software change you imagine would produce this result, and describe how it gets from the attackers head onto the machines where it needs to run.
In other words I think you have hanwaved and imagined 2 different required things which probably simply don't exist. Or at least, may exist but could easily not exist.
There may be no such thing as a software change that will give a back door to the data. It depends hpw the system is designed, which I do not know.
And there may be no such thing as a way to get such software change onto customers machines without passing through review by multiple someone else's. Even if one, as owner of a business has the power to change the review policy itself, it's still physically impossible to do that without everyone else knowing it happened.
tarsnap would have to be a sole developer sole propriator business (or a multi employee business run as badly as crypto custodians aparently all are) for that to even be physically possible. Which maybe it is but it's not the impression I've formed of that company over the many years. Not a customer, and know nothing of either the software or the company's internal workings.
yes and? you get the data of only one tarsnap user.
The comment you were responding to was from the tarsnap creator where he was saying he doesn't have access to those keys so cannot be coerced to give them (and thus has no way to decrypt the data of all the clients).
You really think the kind of people who do such things will read your website and just give up? "Aw shucks, he's using e2e encryption, no point trying anything"?
I think you misunderstood the comment. Or maybe I did.
My understanding: the rubberhose crypto-analysis, even if unsuccessful, will result in some major damage done. Determined attacker might try to apply it regardless of any online statements on the off chance that the statements are wrong.
You understand correctly. I suspect that in the experience of such attackers, it's not even an "off chance". They're probably up against exaggerated claims of security more often than truly well-founded ones.
And you really think that people who routinely use torture to extract information, and for whom claims that "I don't know it!" is basically the standard obstacle to overcome, will just believe him without even trying, because it's "math" and therefore true?
The reality is, in the xkcd Rubberhose cryptanalysis scenario, being actually unable to give up the information is a MUCH WORSE situation to be be in than having a key to give up before they permanently maim/kill you. It might be better for a third party who benefits from the information remaining secret, but not for the person unable to divulge it.
But thinking you're safe because the attackers will read, understand, and believe your claims of uncompromisable cryptographic security is dangerously naive.
Ah okay, I get what you mean now. I thought your comment was suggesting he actually can access the information.
I still believe, which might indeed be naive, that this is the best way. It results in a failed mission lowering the risks for others and if applied for all theses services (again naive), in a general understanding.
