1993-12-26 - Re: Reveal your key or else.

Header Data

From: jpinson@fcdarwin.org.ec
To: cypherpunks@toad.com
Message Hash: f1e2522634c0a69263045c788e206372c788101ce2b7cc78edc32c2889fbabab
Message ID: <9312261726.AA14748@toad.com>
Reply To: N/A
UTC Datetime: 1993-12-26 17:26:55 UTC
Raw Date: Sun, 26 Dec 93 09:26:55 PST

Raw message

From: jpinson@fcdarwin.org.ec
Date: Sun, 26 Dec 93 09:26:55 PST
To: cypherpunks@toad.com
Subject: Re: Reveal your key or else.
Message-ID: <9312261726.AA14748@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Mike Ingle writes:

>Since the Canadian case, there's been a lot of talk about the
>problem of being coerced to reveal your key. If the coercers play by

stuff deleted..

>Steganography can hide your data, but then you have the steg program
>itself. If they find the program, they have reasonable grounds or
>assuming you have hidden data, particularly if you have large
>quantities of the sort of data which can conceal files, such as
>sounds and graphics. So what you need is the ability to hide both the
>"real" secret data and some decoy data at the same time. This could
>be done using something like MD5 as a random number generator.

Actually, there is a somewhat easier method that uses the one- 
time pad technique.

Take your confidential text and xor it with a random byte file 
(your key) and call the output file "secret.msg".   Then copy the 
random file off the hard drive and store in a secure location, 
perhaps off-site, and wipe all traces of the random key file from 
your disk.

Now, type up you Mother's chocolate cookie recipe,  and other 
goodies and pad it so it is the same size as the "secret.msg" 
file and xor this file with your "secret.msg" file.   Rename the 
output "secret.key", and hide somewhere on your hard drive.  (but 
don't hide it too well).

If some one finds "secret.msg", and demands the key, you give in 
(after some arm twisting), and confess that the "secret.key" is 
the key file they want.    When "secret.key" is xor'ed with 
"secret.msg", out pops the cookie recipe.   Later, you can fetch 
the "real" key, and restore your original data.

Of course, as Mike Ingle suggests, a more believable approach is 
to xor the encrypted file with some mild pornography instead of a 
cookie recipe recipe.  (One of the great ways of lying is to 
plead guilty , but to a lesser crime).

Of course this technique could be used against you as well.  
Someone would could xor your "secret.msg" file, with nuclear bomb 
secrets, and pretend to find this "key" somewhere else in your 
house.

Following the same logic, one can produce a key, that when xor'd
with Microsoft's "command.com", will produce output revealing 
Microsoft's secret plans for word conquest :-)

Jim Pinson





Thread