[Cryptography] tamper-evident crypto?

Eugen Leitl eugen@leitl.org
Fri Sep 6 13:35:54 PDT 2013


----- Forwarded message from John Denker <jsd@av8n.com> -----

Date: Fri, 06 Sep 2013 12:31:47 -0700
From: John Denker <jsd@av8n.com>
To: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
Subject: Re: [Cryptography] tamper-evident crypto?
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130803 Thunderbird/17.0.8

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/05/2013 06:48 PM, Richard Clayton wrote:
> so you'd probably fail to observe any background activity that tested
> whether this information was plausible or not .... and then some chance
> event would occur that caused someone from Law Enforcement (or even a
> furnace maintenance technician) to have to look in the basement.

Well, I'm sure /somebody/ on this list is clever enough to 
arrange countersurveillance and counterintrusion measures...
  a) especially given that detecting surveillance and/or
   intrusion is the whole point of the exercise;
  b) especially given that we have all the time in the world 
   to arrange boatloads of nanny-cams and silent alarms etc.,
   arranging everything in advance, before provoking the 
   opponent;
  c) especially given that we know it's a trap, and the
   opponent probably isn't expecting a trap;
  d) especially given that the opponent has a track record
   of being sometimes lazy ... for instance by swearing that 
   the fruits of illegal wiretaps came from a "confidential
   informant who has been reliable in the past" and using that
   as the basis for a search warrant, at which point you've
   got them for perjury as well as illegal wiretapping,
   *and* you know your information security is broken;
  e) especially given that we get to run this operation
   more than once.

> (assuming that the NSA considered this [kiddie porn]
>  important enough to pursue)
  *) If they don't like that flavor of bait, we can give
   them something else.  For example, it is known that 
   there is a large-diameter pipeline from the NSA to the
   DEA.
    http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/05/the-nsa-is-giving-your-phone-records-to-the-dea-and-the-dea-is-covering-it-up/
  *) Again:  We get to run this operation more than once.  

I repeat the question from the very beginning of this thread:
Shouldn't this be part of the /ongoing/ validation of any 
data security scheme?

There's a rule that says that you shouldn't claim a crypto
system is secure unless it has been subjected to serious
cryptanalysis.  I'm just taking the next step in this
direction.  If you want to know whether or not the system
is broken, /measure/ whether or not it is broken.

One of the rules in science, business, military planning,
et cetera is to consider /all/ the plausible hypotheses.
Once you consider the possibility that your data security
is broken, the obvious next step is to design an experiment
to /measure/ how much breakage there is.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iD8DBQFSKi2j2FOSJqrRXAoRAtJAAJ9zUubRz66YdcdRM3G3Wpx70TcDtgCgm9tE
xiI/Ikqt4PbbTDZeC0sK9vI=
=UYAV
-----END PGP SIGNATURE-----
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5



More information about the cypherpunks mailing list