>>Please don't reply off-list . Daniel, sure no problems; --Andre
---------- Forwarded message ---------- From: Daniel Kahn Gillmor <d...@fifthhorseman.net> Date: 22 July 2010 22:48 Subject: Re: plausibly deniable To: Andre Amorim <an...@amorim.me> Hi Andre-- Please don't reply off-list. this discussion would be useful for others who follow the list, or who read the archives. By taking the discussion off-list, this is now hidden from everyone but you and me. I haven't replied on-list because i don't want to publish your words without your permission. You have my permission to re-post my text here on the list if you want to take it back public again. On 07/22/2010 04:43 PM, Andre Amorim wrote: > Why I felt stupid ? LOL.. I got it, thanks But if ..someone pick me up with > my openpgp smartcard, put a gun in my head and say .. decrypt it or die ... i think you might be getting data signatures confused with data encryption. public-key signatures are a way of placing a mark on some content that no one but the holder of your key could make. They're often used to mean something like "I wrote this message" or "I approve of this message". public-key encryption is a way of making it so that only the holder of a given key is able to access the cleartext content of your message. Plausible Deniability as a term is usually used in reference to the idea of signing, not encryption. That is, a system like OTR offers convincing proof to the other party in a conversation that you are who you say you are, but that information is designed to be uninterpretable to other people (because the way that per-session key material is handled after the session is over makes it possible for anyone to craft the same assertions). You should read up on otr if you're interested: http://www.cypherpunks.ca/otr/ This "feature" is legally dubious, since courts seem prepared to convict without cryptographic proof anyway. The closest idea to Plausible Deniability for encryption (not signatures) is something like hidden volumes within encrypted volumes, which truecrypt offers: http://www.truecrypt.org/ This feature is also dubious, because there will be suspiciously high-entropy on the disk, and you are known to be using tools with this feature, you will simply be coerced until you've accounted for all the data. And of course, when a gun is held to your head, it's hard to argue that you are in full control of your key. --dkg
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
