GitHub - nuvious/pam-duress: A Pluggable Authentication Module (PAM) which allows the establishment of alternate passwords that can be used to perform actions to clear sensitive data, notify IT/Security staff, close off sensitive network connections, etc if a user is coerced into giving a threat actor a password.
https://github.com/nuvious/pam-duress
The closest thing to this I have ever done is to use TrueCrypt containers with hidden volumes. You have one password for the regular volume which you can put bogus / non-sensitive data in. That is what you would use if under duress.
You have a different password to open the hidden volume, which has the data you are really protecting.
@voltronic Truecrypt… Blast from the past. That is a rabbit hole. You would think since Snowden had access to all the info he would have picked a more secure software to pass sensitive info with, especially not one “written” by a DEA informant.
@chirpSec
Not so much in the past; I still use the VeraCrypt fork that came out in 2016 to address the known issues of TrueCrypt.
I know Snowden used it, but what's this about it being "written" by a DEA informant? I have never heard anything like that.
I know of at least one person here that has such a system already in place, but it is good to see someone is making this accessible to anyone who needs it.