-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 22-03-2011 13:07, Jerome Baum escribió: ... > What stops her from sending me real messages with this kind of content? > Even non-encrypted? I could reply "I don't know what you're talking > about", but how does the prosecutor care? The only way I could get out > of it is to show I don't have any connection with Alice, but there is no > way I could ever do that -- as Sven mention off-list, the mere existence > of deniable systems gives me this danger. > > In fact the existence of criminals gives me the danger of being accused > -- it does not make deniable systems a problem.
That's very alike with what some people said to me at truecrypt forum, when I asked if there was a way to "disable" deniability if I don't need it. They said if somebody finds 7-zip in my computer, they could suspect I sent compressed and encrypted messages to somebody (7-zip uses AES for password protected compressed files), it is just they have not found records about it -not yet, but there is when the lead pipe comes into play. Or I could be using some unknown steganographic software (which I might have shredded or ran from the usb drive I "lost" last year) and the pictures of my family I uploaded to Facebook have hidden messages about an evil plan to take over the world. And keep in mind in UK it is a crime (or fault, or... whatever they call it, something you must not do because you will receive stick instead of carrots) to have an encrypted file and not be able to decrypt it. So if somebody sends an encrypted message to faramir.ch but misstype it and send it to faramir.cl, then I would be already toasted (if I was in UK). But I DO get Robert's point, and what worries me, it's we might get into troubles even if we don't have deniability, we just need to be linked somehow (maybe by unwanted email messages?) to some evil person. And now I think about it, I have an orphan PGP key, I lost the secret key and it is still on keyservers, unrevoked, and without expiration time. Somebody could infer I have not revoked it because I still use it, and that I have the secret key stored in a flash drive somewhere. All Alice needs to do, is to encrypt something to that key and send it to the email address of that key, and then how can I prove I'm not hiding the key? > Also, when did Alice turn evil? :) It seems she has been trying to evade paying taxes and to cheat her husband since a long time ago, according to some crypto articles. John Gordon’s After Dinner Speech: http://downlode.org/Etext/alicebob.html "... Now most people in Alice’s position would give up. Not Alice. She has courage which can only be described as awesome. Against all odds, over a noisy telephone line, tapped by the tax authorities and the secret police, Alice will happily attempt, with someone she doesn’t trust, whom she cannot hear clearly, and who is probably someone else, to fiddle her tax returns and to organize a coup d’etat, while at the same time minimizing the cost of the phone call. A coding theorist is someone who doesn’t think Alice is crazy. ..." Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJNlmK5AAoJEMV4f6PvczxAV64H/12BN5KCU9OgZjBeWDWBlim7 QwCoDEcXuViOvLZ525qbRRWUBgR8rARmXqU+TUHEAIB/XK4iKhkHPzPJ6XH4XIZZ 8LJcF3JpSiG4jB1m4p0apgrWEEedi0g04QrwPDDd0HbH/aFou451kzN618+Tlqxt jMhdAXjlU2dmNBR/VZGnuRAn+KykDgU3PH+JB/NC7fKTPq4UERXXSiy3+nWMJ9Gd OANrwzHRYEiyO5IK3DnqTz0h2lbl7n7seUWXIxL1utBdvgYsinXKcbkUk/qXkuJc gyOo8tovaRmb9zQ83zBBn5U4zvvZCi4ibILpuFVk8tcomk9T1r6hNb3Ab8JFOyY= =hage -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users