[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Deniable Cryptography [was winnowing, chaffing etc]

To: Nimrod Zimerman <[email protected]>
Subject: Re: Deniable Cryptography [was winnowing, chaffing etc]
From: Michael Graffam <[email protected]>
Date: Mon, 30 Mar 1998 16:31:22 -0500 (EST)
cc: [email protected]
In-Reply-To: <19980330220847.28943@hexagon>
Sender: [email protected]

On Mon, 30 Mar 1998, Nimrod Zimerman wrote:
> Generally speaking, you bind attackers with constants (or else, most of the
> cryptography we are using is pretty much useless). Why won't you bind
> physical attackers with constants just as well?

True, we impose limits on our hypothetical attackers. Eve can listen, but
not modify.. but we assume Mallory has the ability to do both. 
Systems that are safe against Eve are exploitable by Mallory. I see
no reason why we can not also assume more powerful physical attackers.

I do not deny the use of deniable crypto :) .. it is useful against
certain attackers. Certainly it is useful against the majority of
attackers we are likely to encounter, for the dexact reasons that you
site.

However, my point is that just as public key exchange is attackable
by Mallory in some circumstances, deniable crypto is useless against
certain physical attackers.. namely O'Brian and room 101.

This is not to say that public key crypto or deniable crypto is useless.

> True, if you are kidnaped by a very large organization, like a country, you
> don't stand a chance - you will either give up your secrets, and/or die 
> (history generally tells us that people can't stand torture. The exceptions
> are remarkable, and probably indicate a certain level of mental illness,
> before or after the act <g>). Smaller organizations are bound by constants
> that might eventually be in your benefit.

This is exactly my point. For the average guy in America, deniable crypto
is probably irrelevent (unless he happens to be an average criminal too).
But in a state where the law is wrong (we never heard of anything like
that,  have we?) there is probably a use.

> That's why I consider dynamic secret sharing a better approach.
> Make certain the attackers need to catch a group of people in order
> to gain the secret, and change the partial secrets every short period of time.
> This isn't always practical, of course.

Yeah, I agree. For some secrets it might be the best approach, say for
the codes to launch a nuclear weapon.. but for others it probably does
not work.

> (Alice can always fascinate her attackers with a new and exciting
> cryptosystem, and while they are busy studying it, sneak behind and hit
> them on the heads with a selected cryptography oriented book).
> 
>                                                    Nimrod

Hehe.. :) I like that.

Michael J. Graffam ([email protected])
http://www.mhv.net/~mgraffam -- Philosophy, Religion, Computers, Crypto, etc
"Act only according to that maxim by which you can at the same time will that
it should become a universal law.." - Immanuel Kant "Metaphysics of Morals"

References:
- Re: Deniable Cryptography [was winnowing, chaffing etc]
  - From: Nimrod Zimerman <[email protected]>

Prev by Date: Netcenter News - Volume 5 - March 1998
Next by Date: Re: Rivest's Wheat & Chaff - A crypto alternative
Prev by thread: Re: Deniable Cryptography [was winnowing, chaffing etc]
Next by thread: Re: Deniable Cryptography [was winnowing, chaffing etc]
Index(es):
- Date
- Thread