Melikamp T. Medley wrote: > OK so I looked it up and I think what I want is called "deniable > encryption".
What you've described here isn't deniable encryption, not as I know it to be. This shouldn't be too surprising, given there are tons of things I don't know about. :) > (3) Can add salt (like a passphrase) Salting is something that's done to hash functions. Are you sure you mean that you want to add salt to a cipher? > (2) Deniable encryption: Given a file A with random data and a > ciphertext B (cleartext is unknown), it should be impossible to guess > which is which more than half the time. This will be supported by effectively any modern cipher, especially for small files. If you can distinguish ciphertext from random noise, that's usually considered to be a strong sign the cipher is weak. (Note that I'm talking about modern symmetric ciphers. Asymmetric ciphers may very well be distinguishable. I *think* they are, but I can't summon up a reference now for the life of me -- take this as unsubstantiated speculation.) > (3) Deniability is robust: Given a file A with random data and a > ciphertext B (cleartext is *known*), it should be infeasible to prove > with certainty much above 0.5 that B is the ciphertext. This implies > that obtaining the passphrase is impractical and actually feels like > a much stronger property. See above remarks: this is a fairly basic test for symmetric ciphers. Note that I'm talking only about pure cipher algorithms. Once you add headers, magic numbers and so on -- all of which OpenPGP does, as will many other crypto applications -- then both #s 2 and 3 fail. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
