1995-01-16 - Re: How do I know if its encrypted?

Header Data

From: Ben.Goren@asu.edu
To: cypherpunks@toad.com
Message Hash: 30ae4ed5d434160877570604b7bd6e07aea25dae0aa10d74affd2f11c0f58c2d
Message ID: <v02110103ab4095d1582a@[129.219.97.131]>
Reply To: N/A
UTC Datetime: 1995-01-16 21:33:31 UTC
Raw Date: Mon, 16 Jan 95 13:33:31 PST

Raw message

From: Ben.Goren@asu.edu
Date: Mon, 16 Jan 95 13:33:31 PST
To: cypherpunks@toad.com
Subject: Re: How do I know if its encrypted?
Message-ID: <v02110103ab4095d1582a@[129.219.97.131]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I think we're pretty well agreed that Dave's DataHaven can't ensure that
files are encrypted without looking inside them at some point. It's a
dilemma: Dave wants to be sure he can't read something, but the only way
he can be sure is by reading it.

But suppose that Dave's good friend Ender Trent decides to set up a new
service, Ender Trent's Trusted Encryption. It's a simple job: people send
files to Ender and he returns them encrypted and signed. Now, all Dave
needs do is check Ender's signature before accepting a file. At no point
does Dave ever decrypt or attempt to decrypt such a file.

Ender offers encryption in many different forms. In the simplest, Alice
sends the file to Ender, Ender generates a random key, encrypts the file,
and sends both back to Alice. Almost as simple, Ender uses the hash of
the original file as the key. Presumably, Alice already knows the hash
and so Ender doesn't send that back.

Alice could supply a public PGP (or other asymmetrical algorithm) key
with the file and Ender uses that. If Alice is a frequent customer and
likes this method, she might register the key with Ender.

Lastly, Alice might want to supply a symmetric key of her own. Because
Ender wants to protect people like Dave, he can either print a warning
that the key used for encryption might not be secure, or run a
password-cracking algorithm on it, or both. Because of the extra effort
and reduced security, Ender might not want to offer this, or charge an
arm and a leg for it. And Dave might not be willing to accept such
files, anyway.

How is it better to have Ender do all this rather than Dave? Essentially,
it splits the risk. Dave never sees the files, and therefore can't be
responsible for their contents. Nor could he make sense out of them, even
if he tried really, really hard. He could operate his data haven in all
but the most repressive parts of the world.

Ender's risk is slim to none. Were he to be held accountable for files he
encrypts, public notaries would likewise have to be held accountable for
everything they notarize. I don't see that as a problem.

Dave might wish to offer an encryption service, as Ender might want to
offer a data haven, but, if they're smart, they won't accept files that
they themselves encrypted.

Ender's encryption need not only be for data havens, of course. Nervous
remailer operators might want proof of encryption. Escrow services will
likely like Ender. And probably more.

If there is a demand for a trusted encryption service, I'll create one
after the second trumpet audition for the Oregon Symphony on the first of
the month.  That's the main reason I'm signing this--to hold myself to it.

b&

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEUAwUBLxrj5a7gd9aHWwWVAQH2Hgf0CF+0CIMWiK7d52Gaa8fPpMQy+qAYOBj+
MxJPZJpwxLEzmdT8n+dWjz2+0uPbIXXYa8yEM86UeV9++BzNM7WkOr5tezUuUrYa
aM+I4yWJEz/oUpURxi4tt1Jmxn4F0IGQENBweIw+lsgU/TyNweCerKoShLpP4zca
iZr1HtkK/7KdEi/wmADtfI6aUHytRyMXYvwKhKiy23eAFyNtZgAz4i77p2Kw6iM6
aTGsQQVjda6AYcVlIcLAJN8v+pQV+RGKA4FGACsxEGHDCQvFd3/WvCD4pupPm80E
9QLhQ2zLIjAkSmkO9flndXq6TOcCtMd3f6u/oGCx1EHKUTdP8nbg
=svFy
-----END PGP SIGNATURE-----

--
Ben.Goren@asu.edu, Arizona State University School of Music
 Finger ben@tux.music.asu.edu for PGP public key ID 0x875B059.







Thread