[dave at farber.net: [IP] more on AP Story Justice Dept. Probing Domestic Spyin

coderman coderman at gmail.com
Sun Jan 1 18:53:13 PST 2006 

On 1/1/06, J.A. Terranson <measl at mfn.org> wrote:
> (1) We are describing encryptedmessage sent over the public internet -
> granted, it's in "pieces", yet it's still sent into the public cloud;

yeah, follow tcp stream in ethereal is a good example of how trivial
it is to recreate a session of communication given an archive of its
component datagrams.


> (2) These various pieces are all "record" communications as far as
> NSA/Echelon is concerned, and therefore we should expect that they will
> draw significant attention - and end up in permanent archives;

right.  hence my fetish for one time pads for key exchange and
previous comment about quantum computers / fast GNFS / etc.  they are
up to 8 qubits, only a few thousand more to go.  ;)


> (3) Since all off the pieces have been stored - including both the
> encrypted messagetexts and the decryptors, what is to prevent a
> time-faking attack against this message?  After all, if you have all the
> parts, you can just "reinstantiate" the network as it was was the messages
> were originally sent.

this is particular to the method TD mentioned i think...

i am assuming the following:
- the operating system is installed on a loop-aes volume so that
integrity of the kernel, libraries and utilities is protected via
passphrase.
- the one time pads are stored encrypted in a similar manner so that
access to them requires external keys (like the gpg encrypted keys
used for loop-aes volumes)
- the passphrase used to authenticate a user for access to the pads is
coupled with external storage (usb) of the keys used to access the
pads.

to recover the plaintext communication from the encrypted datagrams
the attacker would need to obtain the encrypted pad, the keys on
external storage (usb), and the passphrase to access the keys.


> (4) For any form of time-destruction messaging to really work, the keying
> information would have to be tied to a physical <something> that cannot be
> reclaimed, and which decays at a fixed, known, and closely approximatable
> rate (a radiodecay probably doesn't meet this criteria);
>
> Every time-sensitive auto-destructing system Ive seen discussed here fails
> these weaknesses.

this doesn't provide time destruction so i assume this is in reference
to Tyler's description.  you could couple the user authentication with
a physically hardened token of some sort for access to the pads but
even this would require manual destruction.

do they make physically hardened authentication tokens with timed self
destruction built in?

More information about the cypherpunks-legacy mailing list