[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: "Contempt" charges likely to increase
This is why raw symetric ciphers should be used, without headers.
PGP should have an option to omit its headers when using the -c
switch. People should not be forced to use outside programs
such as stealth.
In the absence of cryptanalysis, the output of a symetric cipher
looks like random bytes.
Every one should have a hardware RNG on their computer.
"I am sorry your honor, that is a file of random numbers that I
was using to check the output of my RNG."
Or
"I am sorry your honor that is a one-time pad I was planning
to use."
Or how about the purloined letter method? A few years back,
a hack to PGP was published, which gave the user the option
of directly controling the idea key used when encrypting/decrypting
with RSA. There even was a option to make the idea key used
in encrypting key wrong (that is, different than specified in the
encrypted RSA message).
"I am sorry your honor, that file is encrypted so that only
[email protected] can decrypt. It is too bad that
obiwan is outside the jusisdiction of the court."
(But in fact I can decrypt by directly specifying the idea key.)
By using the wrong idea key, I can fix it so that in the
unlikely event that someone finds obiwan, obiwan finds that
his secret key does not work. (Because the key decrypted by RSA
is wrong.)
With a little thought. you could change the above senerio to
use [email protected] and fix it so that obiwan does not
actually exist, and his secret key has been destroyed.
(Create [email protected], but fixit so that his reply
block points off into the weeds. Create a public/secret PGP
keys for obiwan and send the public key to the public key
servers, using remailers. Using remailers, publish a few
signed articles in obiwan's name. Then wipe obiwan's secret key
with pgp -w.) You can now claim that you started a private encrypted
conversation with [email protected]. Who unfortunately can not
be found.