1995-09-12 - Re: Scientology tries to break PGP - and

Header Data

From: “Henry W. Farkas” <hfarkas@ims.advantis.com>
To: cypherpunks@toad.com
Message Hash: 8e7714f8079523a01cdc8e5f34568e82cc0ccb3981394652f2ca9447e4afc466
Message ID: <Pine.A32.3.91.950912104706.38129A-100000@pangloss.ims.advantis.com>
Reply To: N/A
UTC Datetime: 1995-09-12 15:00:24 UTC
Raw Date: Tue, 12 Sep 95 08:00:24 PDT

Raw message

From: "Henry W. Farkas" <hfarkas@ims.advantis.com>
Date: Tue, 12 Sep 95 08:00:24 PDT
To: cypherpunks@toad.com
Subject: Re: Scientology tries to break PGP - and
Message-ID: <Pine.A32.3.91.950912104706.38129A-100000@pangloss.ims.advantis.com>
MIME-Version: 1.0
Content-Type: text/plain

Repost: the following bounced:

On Fri, 8 Sep 1995, Tom Rollins wrote:

> If Larry Wollersheim does have the valid key.  It would be a simpler
> process to know what fake key to use and work it backwards through
> the MD5 to arrive at an ascii string to produce the fake key.
> Too bad this wouldn't be plausable for the secret ring.  Perhaps PGP
> needs an option to specify the key in Hex and make the process easy.

Here's another option.  I have no idea if it is possible, nor how it would
be implemented!  PGP could allow for an alternate secret key and a
standard "dummy" document from somewhere in your path.  A command line
option would encrypt for both keys (as if there were 2 recipients) and
append the "dummy" document to the end of the target file when encrypting. 

When the safety is finally removed from the gun at your head (sorry for
the drama) you hand over your alternate secret key.  If decrypted with the
"alternate" or "fake" secret key, the encrypted file is wiped until it
reaches a marker; the remainder of the file is displayed.  If you use your
"primary" or "real key", the extraneous text is simply stripped. 

Alternately, the "dummy" file could overwrite the "real" message n times, 
to keep the decrypted file size more realistic.

If you are forced to turn over keys some day (and I think there is at
least a reasonable likeihood of that) then They will have a much harder
time arguing "But that's not what the file *really* said and, deep inside
of me, I know it!".  At that point, with a secure wipe going on while the
"decryption" was taking place, you have done the best you could.  I agree-
a search warrent gives authorities the right to search your home (or
disk)- not a guarantee that they'll find what they're looking for. 

     Henry W. Farkas      |      Me?    Speak for IBM?    Fat chance.
 hfarkas@ims.advantis.com |------------------------------------------------
   hfarkas@vnet.ibm.com   |     http://newstand.ims.advantis.com/henry
      henry@nhcc.com      |          http://www.nhcc.com/~henry
- ---------------------------------------------------------------------------
PGP 6.2.2 Key fingerprint: AA D0 F5 44 C1 8C 11 52  B3 80 34 1C CE 38 EC 53
 Public key at: pgp-public-keys@pgp.mit.edu, and other popular key servers.
- ---------------------------------------------------------------------------
Brought to you by Henry's Hardware: Home of the Pretty Good Hack "We're not
  fast, but it's not bad, and we're cheaper than the guy down the street!"