←back to thread

Show HN: Tripwire: A new anti evil maid defense

(github.com)
81 points DoctorFreeman | 1 comments | 11 Dec 25 09:46 UTC | HN request time: 0.259s | source

If you have heard of [Haven](https://github.com/guardianproject/haven), then Tripwire fills in the void for a robust anti evil maid solution after Haven went dormant.

The GitHub repo describes both the concept and the setup process in great details. For a quick overview, read up to the demo video.

There is also a presentation of Tripwire available on the Counter Surveil podcast: https://www.youtube.com/watch?v=s-wPrOTm5qo

Show context
neuralkoi ◴[12 Dec 25 13:44 UTC] No.46244062[source]
The author did an excellent job explaining what an evil maid attack is, but a very poor job of explaining how their proposal mitigates such attack.

I think the classic "Detecting unauthorized physical access with beans, lentils and colored rice" [0] approach is simpler to understand and simpler to implement. It doesn't rely on any hardware, such as a Raspberry Pi or otherwise technology which can be more easily subject to scrutiny via Ken Thompson's "Reflections on Trusting Trust".

[0] https://dys2p.com/en/2021-12-tamper-evident-protection.html

replies(4): >>46244395 #>>46245475 #>>46245903 #>>46251916 #
1. x187463 ◴[12 Dec 25 14:23 UTC] No.46244395[source]
That's cool. I hadn't heard of that, before. I had a related idea for achieving plausible deniability of the key in full disk encryption or similar scenarios. The password would be derived from the position of sensitive, yet innocuous, elements on the device, ensuring that the seizure of the device would likely corrupt this relationship. For instance, a series of N-sided dice could be placed in specific positions on top of the device (in the case of a desktop computer, perhaps), and the password derived from their sequence. Consideration must also be given to the possibility of the device being photographed—likely from a single angle—before being moved. So, the dice would be positioned to include some amount of occlusion. Any dice-based algorithm would need to ensure the search space for the resulting key was sufficiently large.