1997-05-21 - Re: Stealth PGP and OTPs for Plausible Deniability

Header Data

From: “Willaim H. Geiger III” <whgiii@amaranth.com>
To: Tim May <tcmay@got.net>
Message Hash: 18d6a2825a34f28ae299eefc76e5d129e5ed735770da1e847ee2f5f0d9d59184
Message ID: <199705211734.MAA31792@mailhub.amaranth.com>
Reply To: <v03007802afa8e11a2121@[]>
UTC Datetime: 1997-05-21 17:51:06 UTC
Raw Date: Thu, 22 May 1997 01:51:06 +0800

Raw message

From: "Willaim H. Geiger III" <whgiii@amaranth.com>
Date: Thu, 22 May 1997 01:51:06 +0800
To: Tim May <tcmay@got.net>
Subject: Re: Stealth PGP and OTPs for Plausible Deniability
In-Reply-To: <v03007802afa8e11a2121@[]>
Message-ID: <199705211734.MAA31792@mailhub.amaranth.com>
MIME-Version: 1.0
Content-Type: text/plain


In <v03007802afa8e11a2121@[]>, on 05/21/97 
   at 11:38 AM, Tim May <tcmay@got.net> said:

>At 7:58 AM -0800 5/21/97, Steffen Zahn wrote:
>>On Thu, 15 Jul 1993, Allan Thompson wrote:
>>>         Would it be possible for a court to subpeona a encrypted file or
>>> and order you to tell them the key ?
>>> If you didn't would you be held in 'contempt of court' ?
>>How about claiming that you used a OTP and then revealing the key?
>>Or should I say a key?

>Making a claim and having it be plausible are entirely different things.
>In the case of PGP, or S/MIME, or whatever, the form is entirely
>different from what a one time pad would generate.

>A so-called "stealth" form of PGP (etc.), which would not contain headers
>or other indications of it being PGP, version, etc., would be a better
>candidate for this.

>(Efforts to build such stealth versions have languished...I spoke to some
>PGP, Incorporated folks at a recent Cypherpunks meeting about this, and
>they confirmed that this is a very low, or even negative priority. As
>their mission is now to meet corporate needs, and to get generate sales
>to government agencies, and to work with Key Recovery and Children's
>Security Alliance, introducing a "plausible deniability" version of PGP
>is not desirable for them.)

>A stealth version that automatically generated a "pad" that was innocuous
>would be easy enough to write. Just XOR the stealthed PGP block with
>something like "I'm thinking of travelling to Germany this summer...any
>ideas about what I should see? blah blah blah"

>Then any search warrant turns up the XORed version (the pad), which when
>XORed with the message the authorities want to decrypt yields the
>innocuous message above.

>Probably any stealthy versions of PGP or S/MIME would best be handled
>outside of PGP or other vendors...just modify their source code and
>distribute the stealthy versions.

This was part of the basis for my proposal for a crypto-dongel. Instant
destruction of ones private key any time any place. When the judge
requests your key and all legal challenges to the request have been
exausted you merly have your lawer give the judge the distroyed key. "what
your honor when was the key distroyed? well right after I saw a large
group of men in ski masks & M16's trying to kick in my door ...." :))

"The tree of liberty must periodically be feed with the blood of tyrants
and patriots."

- -- 
- -----------------------------------------------------------
William H. Geiger III  http://www.amaranth.com/~whgiii
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
Finger whgiii@amaranth.com for PGP Key and other info
- -----------------------------------------------------------

Version: 2.6.2