Mike Ingle writes:
Since the Canadian case, there's been a lot of talk about the problem of being coerced to reveal your key. If the coercers play by
stuff deleted..
Steganography can hide your data, but then you have the steg program itself. If they find the program, they have reasonable grounds or assuming you have hidden data, particularly if you have large quantities of the sort of data which can conceal files, such as sounds and graphics. So what you need is the ability to hide both the "real" secret data and some decoy data at the same time. This could be done using something like MD5 as a random number generator.
Actually, there is a somewhat easier method that uses the one- time pad technique. Take your confidential text and xor it with a random byte file (your key) and call the output file "secret.msg". Then copy the random file off the hard drive and store in a secure location, perhaps off-site, and wipe all traces of the random key file from your disk. Now, type up you Mother's chocolate cookie recipe, and other goodies and pad it so it is the same size as the "secret.msg" file and xor this file with your "secret.msg" file. Rename the output "secret.key", and hide somewhere on your hard drive. (but don't hide it too well). If some one finds "secret.msg", and demands the key, you give in (after some arm twisting), and confess that the "secret.key" is the key file they want. When "secret.key" is xor'ed with "secret.msg", out pops the cookie recipe. Later, you can fetch the "real" key, and restore your original data. Of course, as Mike Ingle suggests, a more believable approach is to xor the encrypted file with some mild pornography instead of a cookie recipe recipe. (One of the great ways of lying is to plead guilty , but to a lesser crime). Of course this technique could be used against you as well. Someone would could xor your "secret.msg" file, with nuclear bomb secrets, and pretend to find this "key" somewhere else in your house. Following the same logic, one can produce a key, that when xor'd with Microsoft's "command.com", will produce output revealing Microsoft's secret plans for word conquest :-) Jim Pinson