[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: COE Recommendation No. R (95) 13



>MS> However, if I have a wall safe and
>MS> they get a warrant to search it, can I be jailed for contempt if I
>MS> don't give them the combination?
>
>	Well, IANAL, but yes, I believe that you can be.  Or, worse,
>obstruction of justice.  Especially if they cut it open and find that
>the knife was in the safe.

So presumably the same would apply to the password that unlocks my 
PGP private key. But there's an interesting twist. Once they open 
up the wall safe, they can see for sure what is and isn't in it. This 
ain't necessarily so for an encrypted file. Suppose my software has the 
fiendish sophistication to disgorge different keys depending on what 
password was given, and different pieces of cleartext depending 
on what key was used. (Again, I apologize if this notion has already 
been extensively discussed.) Is there a way to set it up such that 
the cops couldn't be sure -- even using a logic analyzer -- that I 
hadn't given them the complete set of keys, so as to read all the 
cleartexts in the file? Assume that cyphertext files are guaranteed 
to be larger, by some random factor, than the sum of all the cleartexts 
in them, so the mere fact that a smaller quantity of cleartext was 
disgorged than cyphertext supplied would tell them nothing. I guess this 
is a kind of steganography, isn't it? Or at least something similar -- 
the point would be that they couldn't tell genuine cyphertext from 
camouflaging noise, without the key that tells them where to look. 

Which brings us, in turn, to the bottom line: the only things we 
can be certain the bad guys _won't_ do, are the things they _can't_
do. 
 

--Michael Smith
  [email protected]