Bill Stewart wrote:
At 04:30 PM 10/6/00 -0700, Tim May wrote:
In places where crypto is illegal, this approach would also likely be illegal. ... BTW, the issue is a lot more than just "plausible deniability." This may work in the U.S., until the Constitution is further shredded. But "plausibility deniability" is not enough when dealing with the Staasi, or SAVAK, or Shin Bet, or the Ayotollahs. Mere suspicion is enough.
The point is that each message doesn't have decryptable cyphertext. It only has a secret-share that no recipient can decode until they have enough shares of the same message, even if the KGB rubber-hoses them, and the KGB cryptanalysts won't be able to find anything more than random noise in the message because with <K shares, that's all you can get. Now random noise may also be suspicious, but it's less suspicious than something that's got more structure to it. Even if they do suspect the recipient and seize his computer, they'll only get old messages, not the new partially-received ones.
Not good enough, I'm afraid. As Tim said, if the authorities in an authoritarian regime _suspect_ secrets are being passed they have "probable cause" to break out the jumper cables. Unless the holder of an incomplete secret is willing to spill his guts literally rather than figuratively, his group doesn't benefit from a secret which can be detected but not read. -- Steve Furlong, Computer Condottiere Have GNU, will travel 518-374-4720 sfurlong@acmenet.net