[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Scientology tries to break PGP - and




Repost: the following bounced:
-----------------------------------------------------------------------------

On Fri, 8 Sep 1995, Tom Rollins wrote:

> If Larry Wollersheim does have the valid key.  It would be a simpler
> process to know what fake key to use and work it backwards through
> the MD5 to arrive at an ascii string to produce the fake key.
>
> Too bad this wouldn't be plausable for the secret ring.  Perhaps PGP
> needs an option to specify the key in Hex and make the process easy.

Here's another option.  I have no idea if it is possible, nor how it would
be implemented!  PGP could allow for an alternate secret key and a
standard "dummy" document from somewhere in your path.  A command line
option would encrypt for both keys (as if there were 2 recipients) and
append the "dummy" document to the end of the target file when encrypting. 

When the safety is finally removed from the gun at your head (sorry for
the drama) you hand over your alternate secret key.  If decrypted with the
"alternate" or "fake" secret key, the encrypted file is wiped until it
reaches a marker; the remainder of the file is displayed.  If you use your
"primary" or "real key", the extraneous text is simply stripped. 

Alternately, the "dummy" file could overwrite the "real" message n times, 
to keep the decrypted file size more realistic.

If you are forced to turn over keys some day (and I think there is at
least a reasonable likeihood of that) then They will have a much harder
time arguing "But that's not what the file *really* said and, deep inside
of me, I know it!".  At that point, with a secure wipe going on while the
"decryption" was taking place, you have done the best you could.  I agree-
a search warrent gives authorities the right to search your home (or
disk)- not a guarantee that they'll find what they're looking for. 

===========================================================================
     Henry W. Farkas      |      Me?    Speak for IBM?    Fat chance.
 [email protected] |------------------------------------------------
   [email protected]   |     http://newstand.ims.advantis.com/henry
      [email protected]      |          http://www.nhcc.com/~henry
- ---------------------------------------------------------------------------
PGP 6.2.2 Key fingerprint: AA D0 F5 44 C1 8C 11 52  B3 80 34 1C CE 38 EC 53
 Public key at: [email protected], and other popular key servers.
- ---------------------------------------------------------------------------
Brought to you by Henry's Hardware: Home of the Pretty Good Hack "We're not
  fast, but it's not bad, and we're cheaper than the guy down the street!"
===========================================================================