[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: more Toto keys... so what's it all mean

To: Adam Back <[email protected]>, [email protected]
Subject: Re: more Toto keys... so what's it all mean
From: Martin Minow <[email protected]>
Date: Wed, 14 Oct 1998 10:49:54 -0700
In-Reply-To: <[email protected]>
Sender: [email protected]


Adam Back <[email protected]> summarizes the Toto-files by noting
>
>As to what it means -- it means that one or more others could have
>been the author of the message the IRS claim Carl Johnson wrote.  Heck
>anyone could sign posts with that key now.
>

This suggests that a cynical, paranoid, person could create a
"deniable" signature key by doing what "Toto" did:

1. Choosing a key length that a "very competent attacker" (i.e.
   a TLA), and only a "very competent attacker", could factor.
2. Signing a message and leaving the public key that signed
   that message on a public site.

Now, when you are accused of signing a message, you can raise
a "reasonable doubt" defence by claiming that the TLA may have
reconstructed the private key that signed the message in question.

Martin Minow
[email protected]

References:
- more Toto keys... so what's it all mean
  - From: Adam Back <[email protected]>

Prev by Date: RE: DNA
Next by Date: Re: Gary Burnore vs. Earth (Was: Value of Annon. Remailers)
Prev by thread: more Toto keys... so what's it all mean
Next by thread: Use encryption to foil spooks' data harvesting, says US state dept
Index(es):
- Date
- Thread