Re: Scientology tries to break PGP - and
Henry W. Farkas <hfarkas@ims.advantis.com> writes:
On Tue, 12 Sep 1995, S. Keeling wrote:
I would just like to point out that, when a LEA comes to you to get at the contents of your computer, (s)he is not going to patiently wait while your system wipes the offending evidence off your hard disk. ... they can work from the copy. Besides, you do have backup tapes laying around all over the place, don't you?
They have to decrypt the file sometime if they want it's "contents".
I use the -w option when encrypting. After encryption, the "dummy" file (would be) embedded and the plaintext is wiped. ...
And the idea is that on decrypting with the 'wrong' key, it outputs the dummy file rather than the real plaintext, correct?
... Don't back up plaintext and what is the problem here? Where will they get the "real" data from? What does it matter where the decryption takes place? ...
Why would they use your copy of the program to decrypt the file? They could just use a version that lacked this 'feature'. Of course, they still couldn't get at the real plaintext unless you gave them the key, but you are right back to the same old standoff where they say, "Give us your key," and you (try to) say, "No." -- David R. Conrad, conrad@detroit.freenet.org, http://www.grfn.org/~conrad Hardware & Software Committee -- Finger conrad@grfn.org for public key Key fingerprint = 33 12 BC 77 48 81 99 A5 D8 9C 43 16 3C 37 0B 50 No, his mind is not for rent to any god or government.
-----BEGIN PGP SIGNED MESSAGE----- On Wed, 13 Sep 1995, David R. Conrad wrote:
And the idea is that on decrypting with the 'wrong' key, it outputs the dummy file rather than the real plaintext, correct?
Why would they use your copy of the program to decrypt the file? They could just use a version that lacked this 'feature'. A good point. A new version of pgp would have to be incompatible with
I'll say it again. :-) PGP could allow for an alternate secret key and a standard "dummy" document from somewhere in your path. A command line option would encrypt for both keys (as if there were 2 recipients) and append the "dummy" document to the end of the target file when encrypting. If decrypted with the "alternate" or "fake" secret key, the encrypted file is wiped until it reaches a marker; the remainder of the file is displayed. If you use your "primary" or "real key", the extraneous text is simply stripped. Alternately, the "dummy" file could overwrite the "real" message n times, to keep the decrypted file size more realistic. older versions. That's a Very Big Hassle, I know. But consider the advantage. Nobody who has your secure key can prove that it's not the "real" secure key and that the decrypted file is not the real plaintext. They may "know" it but they can't prove it. All they can do is force you to hand over *-a-* key that will decrypt the file.
Of course, they still couldn't get at the real plaintext unless you gave them the key, but you are right back to the same old standoff where they say, "Give us your key," and you (try to) say, "No."
Well yes, that is the point I'm trying to address. The key you finally give them *is* your secure key. Just not the key under the blender. They will have a hard time arguing "But that's not what the file *really* said and, deep inside of me, I know it!". I say again: All they can do is force you to hand over *-a-* key that will decrypt the file. "You cannot force a mind." - J. Galt - =========================================================================== Henry W. Farkas | Me? Speak for IBM? Fat chance. hfarkas@ims.advantis.com |------------------------------------------------ hfarkas@vnet.ibm.com | http://newstand.ims.advantis.com/henry henry@nhcc.com | http://www.nhcc.com/~henry - --------------------------------------------------------------------------- PGP 6.2.2 Key fingerprint: AA D0 F5 44 C1 8C 11 52 B3 80 34 1C CE 38 EC 53 Public key at: pgp-public-keys@pgp.mit.edu, and other popular key servers. - --------------------------------------------------------------------------- Brought to you by Henry's Hardware: Home of the Pretty Good Hack "We're not fast, but it's not bad, and we're cheaper than the guy down the street!" =========================================================================== -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta iQCVAwUBMFbufqDthkLkvrK9AQEl/AP+I++gw4+zs3TBMbmLZTrydX+EQ/eJ0mX2 IxldmyS7raU1y2jGo+K3M3NYYQMmY0D9+HGKpvJef4p8GRQ6/R4beMAqsOUNgN+h fgIt9Szf7+gVdmJas8Nu5RmFEV9l4pieoSvHfQuQnMl++BEPJ7/13vG+E22Bf5bs tbxy1VZX4QI= =itux -----END PGP SIGNATURE-----
On Wed, 13 Sep 1995, Henry W. Farkas wrote:
If decrypted with the "alternate" or "fake" secret key, the encrypted file is wiped until it reaches a marker; the remainder of the file is displayed. If you use your "primary" or "real key", the extraneous text is simply stripped.
Useless I'm afraid. They have the source code and have disabled your "feature" and attached loud alarm bells to it. - Andy
On Wed, 13 Sep 1995, Andy Brown wrote:
On Wed, 13 Sep 1995, Henry W. Farkas wrote:
If decrypted with the "alternate" or "fake" secret key, the encrypted file is wiped until it reaches a marker; the remainder of the file is displayed. If you use your "primary" or "real key", the extraneous text is simply stripped.
Useless I'm afraid. They have the source code and have disabled your "feature" and attached loud alarm bells to it.
I don't see whats wrong with removing any checking done by PGP. (ie don't keep a checksum or whatever) After all, they can't prove that you didn't just encrypt a pgp +makerandom file. Obviously, I would not want to use this "feature" in some cases, so make adding a checksum be an extra command line option. The new feature would of course not be backwards compatible, but there is no way to disable the "feature" and no way to attach loud alarm bells. Of course, you are then faced with giving them a key which you know will decrypt the file to gibberish. Ideally, you would steno the encrypted file. +---- Yih-Chun Hu (finger:yihchun@cs.washington.edu) ----------------------+ | http://www.cs.washington.edu/homes/yihchun yihchun@cs.washington.edu | | http://weber.u.washington.edu/~yihchun yihchun@u.washington.edu | +---- PGP Key Fingerprints (Keys by FINGER or on WWW) ---------------------+ | 1024/E50EC641 B2 A0 DE 9E 36 C0 EB A6 F9 3E D2 DD 2F 27 74 79 | | 2047/DF0403F9 18 EB 62 C8 7F 06 04 67 42 76 24 E2 99 D1 07 DC | +---- Random Thought ------------------------------------------------------+ |I conducted an experiment to test Murphy's Law, but everything went wrong.| +--------------------------------------------------------------------------+
participants (4)
-
ab411@detroit.freenet.org -
Andy Brown -
Henry W. Farkas -
Yih-Chun Hu