From: jpinson@fcdarwin.org.ec
To: cypherpunks@toad.com
Message Hash: f1e2522634c0a69263045c788e206372c788101ce2b7cc78edc32c2889fbabab
Message ID: <9312261726.AA14748@toad.com>
Reply To: N/A
UTC Datetime: 1993-12-26 17:26:55 UTC
Raw Date: Sun, 26 Dec 93 09:26:55 PST
From: jpinson@fcdarwin.org.ec
Date: Sun, 26 Dec 93 09:26:55 PST
To: cypherpunks@toad.com
Subject: Re: Reveal your key or else.
Message-ID: <9312261726.AA14748@toad.com>
MIME-Version: 1.0
Content-Type: text/plain
Mike Ingle writes:
>Since the Canadian case, there's been a lot of talk about the
>problem of being coerced to reveal your key. If the coercers play by
stuff deleted..
>Steganography can hide your data, but then you have the steg program
>itself. If they find the program, they have reasonable grounds or
>assuming you have hidden data, particularly if you have large
>quantities of the sort of data which can conceal files, such as
>sounds and graphics. So what you need is the ability to hide both the
>"real" secret data and some decoy data at the same time. This could
>be done using something like MD5 as a random number generator.
Actually, there is a somewhat easier method that uses the one-
time pad technique.
Take your confidential text and xor it with a random byte file
(your key) and call the output file "secret.msg". Then copy the
random file off the hard drive and store in a secure location,
perhaps off-site, and wipe all traces of the random key file from
your disk.
Now, type up you Mother's chocolate cookie recipe, and other
goodies and pad it so it is the same size as the "secret.msg"
file and xor this file with your "secret.msg" file. Rename the
output "secret.key", and hide somewhere on your hard drive. (but
don't hide it too well).
If some one finds "secret.msg", and demands the key, you give in
(after some arm twisting), and confess that the "secret.key" is
the key file they want. When "secret.key" is xor'ed with
"secret.msg", out pops the cookie recipe. Later, you can fetch
the "real" key, and restore your original data.
Of course, as Mike Ingle suggests, a more believable approach is
to xor the encrypted file with some mild pornography instead of a
cookie recipe recipe. (One of the great ways of lying is to
plead guilty , but to a lesser crime).
Of course this technique could be used against you as well.
Someone would could xor your "secret.msg" file, with nuclear bomb
secrets, and pretend to find this "key" somewhere else in your
house.
Following the same logic, one can produce a key, that when xor'd
with Microsoft's "command.com", will produce output revealing
Microsoft's secret plans for word conquest :-)
Jim Pinson
Return to December 1993
Return to “jpinson@fcdarwin.org.ec”
1993-12-26 (Sun, 26 Dec 93 09:26:55 PST) - Re: Reveal your key or else. - jpinson@fcdarwin.org.ec