From: "Willaim H. Geiger III" <whgiii@amaranth.com>
Date: Thu, 22 May 1997 01:51:06 +0800
To: Tim May <tcmay@got.net>
Subject: Re: Stealth PGP and OTPs for Plausible Deniability
In-Reply-To: <v03007802afa8e11a2121@[207.167.93.63]>
Message-ID: <199705211734.MAA31792@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In <v03007802afa8e11a2121@[207.167.93.63]>, on 05/21/97 
   at 11:38 AM, Tim May <tcmay@got.net> said:

>At 7:58 AM -0800 5/21/97, Steffen Zahn wrote:
>>On Thu, 15 Jul 1993, Allan Thompson wrote:
>>
>>>         Would it be possible for a court to subpeona a encrypted file or
>>>key,
>>> and order you to tell them the key ?
>>> If you didn't would you be held in 'contempt of court' ?
>>
>>How about claiming that you used a OTP and then revealing the key?
>>Or should I say a key?
>>

>Making a claim and having it be plausible are entirely different things.
>In the case of PGP, or S/MIME, or whatever, the form is entirely
>different from what a one time pad would generate.

>A so-called "stealth" form of PGP (etc.), which would not contain headers
>or other indications of it being PGP, version, etc., would be a better
>candidate for this.

>(Efforts to build such stealth versions have languished...I spoke to some
>PGP, Incorporated folks at a recent Cypherpunks meeting about this, and
>they confirmed that this is a very low, or even negative priority. As
>their mission is now to meet corporate needs, and to get generate sales
>to government agencies, and to work with Key Recovery and Children's
>Security Alliance, introducing a "plausible deniability" version of PGP
>is not desirable for them.)

>A stealth version that automatically generated a "pad" that was innocuous
>would be easy enough to write. Just XOR the stealthed PGP block with
>something like "I'm thinking of travelling to Germany this summer...any
>ideas about what I should see? blah blah blah"

>Then any search warrant turns up the XORed version (the pad), which when
>XORed with the message the authorities want to decrypt yields the
>innocuous message above.

>Probably any stealthy versions of PGP or S/MIME would best be handled
>outside of PGP or other vendors...just modify their source code and
>distribute the stealthy versions.


This was part of the basis for my proposal for a crypto-dongel. Instant
destruction of ones private key any time any place. When the judge
requests your key and all legal challenges to the request have been
exausted you merly have your lawer give the judge the distroyed key. "what
your honor when was the key distroyed? well right after I saw a large
group of men in ski masks & M16's trying to kick in my door ...." :))


"The tree of liberty must periodically be feed with the blood of tyrants
and patriots."

- -- 
- -----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
                          
Finger whgiii@amaranth.com for PGP Key and other info
- -----------------------------------------------------------
 
Tag-O-Matic: PATH=C:\DOS;C:\DOS\RUN;C:\WIN\CRASH\DOS;C:\ME\DEL\WIN

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBM4NARo9Co1n+aLhhAQE1IAP+I+Ppudj6zcJIJAWNn3dcK9DWfJHEb79a
64z3Tce79HW9Z58NKvCbuXT0typKt7sODKHI1M49hSn+Hc+eOzo5lV8FnYvmD0AW
IHQpb6uz0hjJgugajnz2ZSC5LsXtLhUvPuH6ZRlHg6Rwu36F6ZBNz/72T06+DJ64
WZunk8YFc58=
=PCIp
-----END PGP SIGNATURE-----