deniability

vedaal at nym.hush.com vedaal at nym.hush.com
Mon Apr 4 17:33:22 CEST 2011 

On Sun, 03 Apr 2011 11:25:46 -0400 gnupg-users-request at gnupg.org 
wrote:

>Message: 2
>Date: Sat, 02 Apr 2011 13:25:43 -0400
>From: "Robert J. Hansen" <rjh at sixdemonbag.org>
>To: gnupg-users at gnupg.org
>Subject: Re: Deniability
>Message-ID: <4D975C17.3020002 at sixdemonbag.org>

>My general rule of thumb is that the secret police might be 
>monsters, >but they will be *reasonable* monsters. 

Unfortunately, such *reasonable* monsters (or even 'not such 
monsters , UK for example)
can exploit the throw-keyid feature to obtain the secret keys of 
anyone (in the UK).


Suppose some people are in the habit of sending gnupg encrypted e-
mails in the UK

If the reasonable British intelligence people decided that they 
wanted anyone's secret keys and passwords, they could simply do 
something like following:

[1] Anonymously send the person whose keys they want, a throw-keyid 
encrypted message, which is in reality encrypted to a key of their 
own choosing that no one else has access to

[2] Ask the person to decrypt the message

[3] The person will claim, quite truthfully, (and as expected by 
British intelligence), that he can't, since it probably wasn't 
encrypted to his key.

[4] They can claim, quite plausibly, that he entered the wrong 
password intentionally so that he would not have to reveal the true 
contents of the message

[5] They can now make a case that in order to know that the person 
really can't decrypt, they need the secret keys and passwords to 
every key on the keyring, so that they can, in front of the court, 
try each one and make sure the message really cannot be decrypted 
by any of the person's keys.

[6] They can even offer the defendant an opportunity to temporarily 
change the password to anything of his choice, just for the 
purposes of the demonstration, and then change it back, and decrypt 
it in front of the judge,
but by this time, with some easily available non-invasive stealth 
video recording technology, they will already have access to the 
secret key ring, and a functional password to each key. 

btw,
personally I don't think the British are anywhere near this strict 
about such things,
but if they ever did decide to be, the mechanism by which they 
could make it stick, is there.


vedaal

More information about the Gnupg-users mailing list