1997-05-21 - Stealth PGP and OTPs for Plausible Deniability

Header Data

From: Tim May <tcmay@got.net>
To: cypherpunks@algebra.com
Message Hash: d9cf4d713c648e41f132795648debc75f9dd34bf5839f5ed9afea1128957c670
Message ID: <v03007802afa8e11a2121@[207.167.93.63]>
Reply To: <199705211558.RAA03639@n246-140.berlin.snafu.de>
UTC Datetime: 1997-05-21 16:48:59 UTC
Raw Date: Thu, 22 May 1997 00:48:59 +0800

Raw message

From: Tim May <tcmay@got.net>
Date: Thu, 22 May 1997 00:48:59 +0800
To: cypherpunks@algebra.com
Subject: Stealth PGP and OTPs for Plausible Deniability
In-Reply-To: <199705211558.RAA03639@n246-140.berlin.snafu.de>
Message-ID: <v03007802afa8e11a2121@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 7:58 AM -0800 5/21/97, Steffen Zahn wrote:
>On Thu, 15 Jul 1993, Allan Thompson wrote:
>
>>         Would it be possible for a court to subpeona a encrypted file or
>>key,
>> and order you to tell them the key ?
>> If you didn't would you be held in 'contempt of court' ?
>
>How about claiming that you used a OTP and then revealing the key?
>Or should I say a key?
>

Making a claim and having it be plausible are entirely different things. In
the case of PGP, or S/MIME, or whatever, the form is entirely different
from what a one time pad would generate.

A so-called "stealth" form of PGP (etc.), which would not contain headers
or other indications of it being PGP, version, etc., would be a better
candidate for this.

(Efforts to build such stealth versions have languished...I spoke to some
PGP, Incorporated folks at a recent Cypherpunks meeting about this, and
they confirmed that this is a very low, or even negative priority. As their
mission is now to meet corporate needs, and to get generate sales to
government agencies, and to work with Key Recovery and Children's Security
Alliance, introducing a "plausible deniability" version of PGP is not
desirable for them.)

A stealth version that automatically generated a "pad" that was innocuous
would be easy enough to write. Just XOR the stealthed PGP block with
something like "I'm thinking of travelling to Germany this summer...any
ideas about what I should see? blah blah blah"

Then any search warrant turns up the XORed version (the pad), which when
XORed with the message the authorities want to decrypt yields the innocuous
message above.

Probably any stealthy versions of PGP or S/MIME would best be handled
outside of PGP or other vendors...just modify their source code and
distribute the stealthy versions.

--Tim May

There's something wrong when I'm a felon under an increasing number of laws.
Only one response to the key grabbers is warranted: "Death to Tyrants!"
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









Thread