cedar at 3web.net
Sun Oct 9 17:11:56 CEST 2005
zvrba at globalnet.hr wrote:
> The point is that the statement about deniability is misleading (or maybe I
> I should say, close to false).
Zeljko, deniability has its place. It could be semantics, but perhaps you
are not be making sufficient distinction between deniability and deception.
Depending somewhat on the circumstances, with such file in your possession
you may not be able to deceive anyone but the most naive attacker. However,
you can deny, and, unless broken cryptographically, such file can not be
*proven* to be ciphertext. This can help you, but only in instances where
there are "rules of the game" which state that you are innocent until
proven guilty, that (as in, for instance, traditional 'common law'
criminal proceedings) this proof must be "beyond reasonable doubt", and
that you can be sanctioned for failing to produce the key if and only if
it can be proven that you are in possession of encrypted material. (Note
however that your case would be weakened by the presence of strong
circumstantial evidence to the contrary - for instance, possession and
evidence of previous use of software that produces such ciphertext).
In jurisdictions where such rules do not apply (even Canada, for
instance, recently suspended habeas corpus, you can be held indefinitely,
incommunicado; thus it is reasonable to assume you can also be tortured)
deniability is of no particular value in conflagrations with the
government, but it will probably be of some value if one is fighting
with one's employer.
In short, deniability is a valid claim, and can be a useful characteristic
of ciphertext in specific, well-defined instances.
More information about the Gnupg-users