[nuvious]

Hey, surprised to find myself here and appreciate all the discussion. I'm the author of the above project and wanted to shed some light on the inspiration for the project.

It started as a simple weekend project based on an off-hand comment someone made in a security professional chat I'm in. I had used duress words in military and translating the concept to a PAM seemed like a fun exercise. Also supports my current shift towards swapping careers from pure software engineering to cyber-research or cybersecurity generally. So in the end, it was a weekend project that served a dual purpose as a resume stamp.

The design use case I had in mind was more benign; such as corporate espionage or journalists getting their devices confiscated (maybe keep a sticky note on the laptop that has a duress password on it as a red-herring). Comments to the effect that law enforcement would image a device are very relevant as any competent law enforcement agency should have their staff trained to get the device fully powered off and hand it to someone that can maintain a chain of custody and get a golden image for use in potential criminal charges.

One thought I had was to apply this to SSH auth for honeypots and if a rockyou.txt password is attempted it runs some routines that aid in crafting the honeypot before the intruder drops to a shell prompt. Another even more light-hearted implementation could be you have password X is the one you login to normally and your "duress" password Y just clears your browser history and is the one you give your spouse for when they log into your computer :). I'm sure there's use cases in the full spectrum and with it being a relatively simple implementation with user generated scripts, it'd be easy to extend to any potential use case.

In any case I'm glad it prompted such a good discussion. Feel free to submit issues if there are particular feature requests or bugs that one might run across. Additionally if there's a PR up, I'm currently the only dedicated dev on the project and welcome anyone that wants to review my PRs; always prefer a 3rd person review even on my own projects. I created a demo video using Pushover and in the process of doing the demo uncovered some bugs that I patched as well as some fixes to the documentation. Again, glad you all found this interesting and humbled it fostered such a good discussion.