Encrypting with an message expiration date

Robert J. Hansen rjh at sixdemonbag.org
Mon Jan 4 07:17:06 CET 2010


> Morten Gulbrandsen wrote:
>> Allen Schultz wrote:
>>
>>> Is there a way to force an expiration date when encrypting a message
>>> for additional security.
> 
> [...]
> 
>>
>> sure
>>
>> http://vanish.cs.washington.edu/

There are, as near as I can tell, only three options: either (a) you
trust the sender's clock, (b) you trust the recipient's clock, or (c)
you trust a third-party clock.

Once you know which clock the system is trusting, attack the clock.
Subvert and/or impersonate it, rewind time back, and view the message again.

Every time-based security scheme I've found has had this failure mode.
It seems to be impossible to avoid.




More information about the Gnupg-users mailing list