[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reveal your key or else.



Mike Ingle writes:

>Since the Canadian case, there's been a lot of talk about the
>problem of being coerced to reveal your key. If the coercers play by

stuff deleted..

>Steganography can hide your data, but then you have the steg program
>itself. If they find the program, they have reasonable grounds or
>assuming you have hidden data, particularly if you have large
>quantities of the sort of data which can conceal files, such as
>sounds and graphics. So what you need is the ability to hide both the
>"real" secret data and some decoy data at the same time. This could
>be done using something like MD5 as a random number generator.

Actually, there is a somewhat easier method that uses the one- 
time pad technique.

Take your confidential text and xor it with a random byte file 
(your key) and call the output file "secret.msg".   Then copy the 
random file off the hard drive and store in a secure location, 
perhaps off-site, and wipe all traces of the random key file from 
your disk.

Now, type up you Mother's chocolate cookie recipe,  and other 
goodies and pad it so it is the same size as the "secret.msg" 
file and xor this file with your "secret.msg" file.   Rename the 
output "secret.key", and hide somewhere on your hard drive.  (but 
don't hide it too well).

If some one finds "secret.msg", and demands the key, you give in 
(after some arm twisting), and confess that the "secret.key" is 
the key file they want.    When "secret.key" is xor'ed with 
"secret.msg", out pops the cookie recipe.   Later, you can fetch 
the "real" key, and restore your original data.

Of course, as Mike Ingle suggests, a more believable approach is 
to xor the encrypted file with some mild pornography instead of a 
cookie recipe recipe.  (One of the great ways of lying is to 
plead guilty , but to a lesser crime).

Of course this technique could be used against you as well.  
Someone would could xor your "secret.msg" file, with nuclear bomb 
secrets, and pretend to find this "key" somewhere else in your 
house.

Following the same logic, one can produce a key, that when xor'd
with Microsoft's "command.com", will produce output revealing 
Microsoft's secret plans for word conquest :-)

Jim Pinson