Faramir at
Sat Apr 2 01:41:46 CEST 2011

Hash: SHA256

El 22-03-2011 13:07, Jerome Baum escribió:
> What stops her from sending me  real messages with this kind of content?
> Even  non-encrypted? I  could reply  "I don't  know what  you're talking
> about", but how  does the prosecutor care? The only way  I could get out
> of it is to show I don't have any connection with Alice, but there is no
> way I could ever do that -- as Sven mention off-list, the mere existence
> of deniable systems gives me this danger.
> In fact the existence of criminals  gives me the danger of being accused
> -- it does not make deniable systems a problem.

  That's very alike with what some people said to me at truecrypt forum,
when I asked if there was a way to "disable" deniability if I don't need it.

   They said if somebody finds 7-zip in my computer, they could suspect
I sent compressed and encrypted messages to somebody (7-zip uses AES for
password protected compressed files), it is just they have not found
records about it -not yet, but there is when the lead pipe comes into
play. Or I could be using some unknown steganographic software (which I
might have shredded or ran from the usb drive I "lost" last year) and
the pictures of my family I uploaded to Facebook have hidden messages
about an evil plan to take over the world.
   And keep in mind in UK it is a crime (or fault, or... whatever they
call it, something you must not do because you will receive stick
instead of carrots) to have an encrypted file and not be able to decrypt
it. So if somebody sends an encrypted message to but misstype
it and send it to, then I would be already toasted (if I was
in UK).

   But I DO get Robert's point, and what worries me, it's we might get
into troubles even if we don't have deniability, we just need to be
linked somehow (maybe by unwanted email messages?) to some evil person.
And now I think about it, I have an orphan PGP key, I lost the secret
key and it is still on keyservers, unrevoked, and without expiration
time. Somebody could infer I have not revoked it because I still use it,
and that I have the secret key stored in a flash drive somewhere. All
Alice needs to do, is to encrypt something to that key and send it to
the email address of that key, and then how can I prove I'm not hiding
the key?

> Also, when did Alice turn evil? :)

  It seems she has been trying to evade paying taxes and to cheat her
husband since a long time ago, according to some crypto articles.

John Gordon’s After Dinner Speech:

Now most people in Alice’s position would give up. Not Alice. She has
courage which can only be described as awesome. Against all odds, over a
noisy telephone line, tapped by the tax authorities and the secret
police, Alice will happily attempt, with someone she doesn’t trust, whom
she cannot hear clearly, and who is probably someone else, to fiddle her
tax returns and to organize a coup d’etat, while at the same time
minimizing the cost of the phone call.

A coding theorist is someone who doesn’t think Alice is crazy.

  Best Regards
Version: GnuPG v1.4.11 (MingW32)
Comment: Using GnuPG with Mozilla -


More information about the Gnupg-users mailing list