Deniability
Faramir
faramir.cl at gmail.com
Sat Apr 2 01:41:46 CEST 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
El 22-03-2011 13:07, Jerome Baum escribió:
...
> What stops her from sending me real messages with this kind of content?
> Even non-encrypted? I could reply "I don't know what you're talking
> about", but how does the prosecutor care? The only way I could get out
> of it is to show I don't have any connection with Alice, but there is no
> way I could ever do that -- as Sven mention off-list, the mere existence
> of deniable systems gives me this danger.
>
> In fact the existence of criminals gives me the danger of being accused
> -- it does not make deniable systems a problem.
That's very alike with what some people said to me at truecrypt forum,
when I asked if there was a way to "disable" deniability if I don't need it.
They said if somebody finds 7-zip in my computer, they could suspect
I sent compressed and encrypted messages to somebody (7-zip uses AES for
password protected compressed files), it is just they have not found
records about it -not yet, but there is when the lead pipe comes into
play. Or I could be using some unknown steganographic software (which I
might have shredded or ran from the usb drive I "lost" last year) and
the pictures of my family I uploaded to Facebook have hidden messages
about an evil plan to take over the world.
And keep in mind in UK it is a crime (or fault, or... whatever they
call it, something you must not do because you will receive stick
instead of carrots) to have an encrypted file and not be able to decrypt
it. So if somebody sends an encrypted message to faramir.ch but misstype
it and send it to faramir.cl, then I would be already toasted (if I was
in UK).
But I DO get Robert's point, and what worries me, it's we might get
into troubles even if we don't have deniability, we just need to be
linked somehow (maybe by unwanted email messages?) to some evil person.
And now I think about it, I have an orphan PGP key, I lost the secret
key and it is still on keyservers, unrevoked, and without expiration
time. Somebody could infer I have not revoked it because I still use it,
and that I have the secret key stored in a flash drive somewhere. All
Alice needs to do, is to encrypt something to that key and send it to
the email address of that key, and then how can I prove I'm not hiding
the key?
> Also, when did Alice turn evil? :)
It seems she has been trying to evade paying taxes and to cheat her
husband since a long time ago, according to some crypto articles.
John Gordon’s After Dinner Speech: http://downlode.org/Etext/alicebob.html
"...
Now most people in Alice’s position would give up. Not Alice. She has
courage which can only be described as awesome. Against all odds, over a
noisy telephone line, tapped by the tax authorities and the secret
police, Alice will happily attempt, with someone she doesn’t trust, whom
she cannot hear clearly, and who is probably someone else, to fiddle her
tax returns and to organize a coup d’etat, while at the same time
minimizing the cost of the phone call.
A coding theorist is someone who doesn’t think Alice is crazy.
..."
Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBCAAGBQJNlmK5AAoJEMV4f6PvczxAV64H/12BN5KCU9OgZjBeWDWBlim7
QwCoDEcXuViOvLZ525qbRRWUBgR8rARmXqU+TUHEAIB/XK4iKhkHPzPJ6XH4XIZZ
8LJcF3JpSiG4jB1m4p0apgrWEEedi0g04QrwPDDd0HbH/aFou451kzN618+Tlqxt
jMhdAXjlU2dmNBR/VZGnuRAn+KykDgU3PH+JB/NC7fKTPq4UERXXSiy3+nWMJ9Gd
OANrwzHRYEiyO5IK3DnqTz0h2lbl7n7seUWXIxL1utBdvgYsinXKcbkUk/qXkuJc
gyOo8tovaRmb9zQ83zBBn5U4zvvZCi4ibILpuFVk8tcomk9T1r6hNb3Ab8JFOyY=
=hage
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list