vedaal at nym.hush.com
vedaal at nym.hush.com
Mon Apr 4 17:33:22 CEST 2011
On Sun, 03 Apr 2011 11:25:46 -0400 gnupg-users-request at gnupg.org
>Date: Sat, 02 Apr 2011 13:25:43 -0400
>From: "Robert J. Hansen" <rjh at sixdemonbag.org>
>To: gnupg-users at gnupg.org
>Subject: Re: Deniability
>Message-ID: <4D975C17.3020002 at sixdemonbag.org>
>My general rule of thumb is that the secret police might be
>monsters, >but they will be *reasonable* monsters.
Unfortunately, such *reasonable* monsters (or even 'not such
monsters , UK for example)
can exploit the throw-keyid feature to obtain the secret keys of
anyone (in the UK).
Suppose some people are in the habit of sending gnupg encrypted e-
mails in the UK
If the reasonable British intelligence people decided that they
wanted anyone's secret keys and passwords, they could simply do
something like following:
 Anonymously send the person whose keys they want, a throw-keyid
encrypted message, which is in reality encrypted to a key of their
own choosing that no one else has access to
 Ask the person to decrypt the message
 The person will claim, quite truthfully, (and as expected by
British intelligence), that he can't, since it probably wasn't
encrypted to his key.
 They can claim, quite plausibly, that he entered the wrong
password intentionally so that he would not have to reveal the true
contents of the message
 They can now make a case that in order to know that the person
really can't decrypt, they need the secret keys and passwords to
every key on the keyring, so that they can, in front of the court,
try each one and make sure the message really cannot be decrypted
by any of the person's keys.
 They can even offer the defendant an opportunity to temporarily
change the password to anything of his choice, just for the
purposes of the demonstration, and then change it back, and decrypt
it in front of the judge,
but by this time, with some easily available non-invasive stealth
video recording technology, they will already have access to the
secret key ring, and a functional password to each key.
personally I don't think the British are anywhere near this strict
about such things,
but if they ever did decide to be, the mechanism by which they
could make it stick, is there.
More information about the Gnupg-users