At 09:32 AM 5/19/2006, Tyler Durden wrote:
Let us not forget all of the methods of "deniable encryption" discussed a few years back. If the "wrong" key is entered, the returned "de-encrypted" file will look -kinda- bad but not actually be the original plaintext.
For stored material, that may be useful, but for communications, it's the wrong model. Too many online applications currently use RSA encryption to transfer an encrypted key, which is vulnerable to later disclosure, instead of using Diffie-Hellman key exchange and some signature algorithm (RSA, EG, whatever), for which compromising the key doesn't expose previous communications, only exposes the user to MITM attacks, is much easier to argue against disclosure of, and of course is much easier to replace (blocking MITM with the compromised keys.) Email messages are an appropriate use of RSA-encrypted keys, but any online two-way communications, including VOIP, IPSEC, web forms, and transmission of email, really ought to be using Diffie-Hellman instead. How many of the popular tools support it or could be configured to do so? In most cases, it's probably not hard - you mainly need to choose the right options from standard packages, and make the DH versions the preferred method instead of a fallback.