From: rngaugp@alpha.c2.org
To: cypherpunks@toad.com
Message Hash: e4f90b69475e67b135d9331700ecefe5db6ea50499fdb0d423039310568e58c3
Message ID: <199604081656.MAA00598@miron.vip.best.com>
Reply To: N/A
UTC Datetime: 1996-04-09 01:34:10 UTC
Raw Date: Tue, 9 Apr 1996 09:34:10 +0800
From: rngaugp@alpha.c2.org
Date: Tue, 9 Apr 1996 09:34:10 +0800
To: cypherpunks@toad.com
Subject: Re: "Contempt" charges likely to increase
Message-ID: <199604081656.MAA00598@miron.vip.best.com>
MIME-Version: 1.0
Content-Type: text/plain
This is why raw symetric ciphers should be used, without headers.
PGP should have an option to omit its headers when using the -c
switch. People should not be forced to use outside programs
such as stealth.
In the absence of cryptanalysis, the output of a symetric cipher
looks like random bytes.
Every one should have a hardware RNG on their computer.
"I am sorry your honor, that is a file of random numbers that I
was using to check the output of my RNG."
Or
"I am sorry your honor that is a one-time pad I was planning
to use."
Or how about the purloined letter method? A few years back,
a hack to PGP was published, which gave the user the option
of directly controling the idea key used when encrypting/decrypting
with RSA. There even was a option to make the idea key used
in encrypting key wrong (that is, different than specified in the
encrypted RSA message).
"I am sorry your honor, that file is encrypted so that only
obiwan@galaxy.far.far.away can decrypt. It is too bad that
obiwan is outside the jusisdiction of the court."
(But in fact I can decrypt by directly specifying the idea key.)
By using the wrong idea key, I can fix it so that in the
unlikely event that someone finds obiwan, obiwan finds that
his secret key does not work. (Because the key decrypted by RSA
is wrong.)
With a little thought. you could change the above senerio to
use obiwan@alpha.c2.org and fix it so that obiwan does not
actually exist, and his secret key has been destroyed.
(Create obiwan@alpha.c2.org, but fixit so that his reply
block points off into the weeds. Create a public/secret PGP
keys for obiwan and send the public key to the public key
servers, using remailers. Using remailers, publish a few
signed articles in obiwan's name. Then wipe obiwan's secret key
with pgp -w.) You can now claim that you started a private encrypted
conversation with obiwan@alpha.c2.org. Who unfortunately can not
be found.
Return to April 1996
Return to “Steve Reid <steve@edmweb.com>”