Plausible Deniability From Rockstar Cryptographers 358
J. Karl Rove writes "Nikita Borisov and Ian Goldberg
(of many, many other projects) have released
Off the Record Messaging
for
Gaim.
Encrypt an IM, prove (at the
time) that it came from you, and deny it later. The
authentication works only when the message is sent; anybody
can forge all the messages he wants afterwards (toolkit included).
Captured or archived messages prove nothing. And forward
secrecy means Big Brother can't read your messages even if
he wiretaps you AND grabs your computer later on. All the gooey goodness
of crypto, with none of the consequences!
They have a
protocol
spec, source
code, and Debian
and Fedora
binaries."
Re:I wonder (Score:5, Informative)
Re:a little information would be nice (Score:5, Informative)
Then, messages sent during that conversation are encrypted using disposable session keys. (128-bit AES w/SHA-1 HMAC).
Think of it as an authentication tunnel down which you send encrypted messages. The message encryption is in no way related to the authentication, and the disposable session keys mean they have no re-use value.
-Charles
Re:Deniable until they look at your swap partition (Score:5, Informative)
Re:a little information would be nice (Score:5, Informative)
Thus, I can create a key that I send to my friend. He and I discuss things, both using that key for encryption. When we've finished, we publish the key used for the conversation, and anyone can now add to the conversation. Thus, while we keep the key secret between us, we're assured of a private conversation; when we publish the key, anyone can add to it, thus giving the denability
Re:a little information would be nice (Score:3, Informative)
The key seems to be the "disposable key" part.
With normal public-key crypto, you sign with your actual private key, and you encrypt with the recipients actual public key. This means that if someone gets hold of the recipients private key, then can decrypt the messages, and because your public key is, well, public, they can prove that you wrote the message.
In this system, you generate throw-away keys, and exchange them securely when you start communicating. After you are done communicating, you can just throw away the keys, or you can publish them if you want. They are of no use, really. Someone can decrypt your communication, but they can't prove that it was you that wrote it, and once you publish the key, anyone else can forge messages that look like they were part of the conversation.
During the conversation, you have the security, authentication and non-repudiation that you are looking for - you can be sure that the other party is who they say that they are, that all messages are actually from them, and that only you can read those messages.
As soon as the conversation is over, you give away the keys and all bets are off - there is no longer a way to prove the identity of the person who sent the message since anyone can now forge messages that appear to be part of the conversation.
WTF? (Score:3, Informative)
Besides, swap in 'nix isn't used unless you need to. Most of the time my laptop (256MB RAM) doesn't run into swap at all, so chances are I don't have to worry about that.
And as to the temp files, etc... if you do have the RAM to spare and you're really paranoid, mount a nice big 512MB ramdisk on loopback and a quick reboot will permanently lose anything you might not want to keep around (not to mention the speed advantages of RAMdisk vs Physical drivespace).
GAIM Encryption (Score:3, Informative)
gaim encryption [sourceforge.net] uses RSA. There's also gaim-e [sourceforge.net] which uses GPG.
I've used gaim encryption and it works very well. It requires the plugin to be installed on both ends but once that's done, it autodetects that both ends support it and enables encryption.
Oh, there's a binary available for windows and both source and packages for linux.
And, it's in portage!
emerge gaim-encryption
encrypted swap. quick and simple in linux. HOWTO (Score:3, Informative)
PS: Your computer will not operate any slower than when using plain swap. I kid you not.
PPS: this works in mandrake and suse.
make sure module cryptoloop is loaded:
> modprobe cryptoloop
assuming you want to use
>losetup -e aes256
if
you will be prompted for a passphrase. type lots of random characters (at least 20. the more the merrier). You don't need to remember it because you can use a different one each time you reboot. I like to click random keys on the keyboard for about 45 seconds.
then type
>mkswap
this formats the partition on the other side of the loopback device to be a swap file. (remember that loop0 is being encrypted prior to the data ever hitting the disk)
and then type
>swapon
this mounts the swap partition to be a swap file.
you now have an encrypted swap partition all mounted and available as virtual memory. Use 'top' to confirm this.
This swap will not automount at boot this way, unless you put the aforementioned steps into a boot script of some kind. You can deny it or make a script to do it for you. Just make sure you use a random key each time.
I have been using encrypted swap paritions for a few years and I'm never going back.
(hint you can also make encrypted volumns using almost the same steps)
The nifty thing is that since you don't know the keys you use for your swap parition you have plausible deniability.
Re:I hope the distros will do their part (Score:2, Informative)
> sarcasm, for the record).
I think that was his point.
> The word of an officer almost always carries more weight than that of the
> accused. I've never seen anyone get out of a ticket for rolling through a stop
> sign just because the only evidence was the testimony of the cop.
In the UK if there's one cop in the cop car and two people in the car being stopped, then the cop is onto a loser and will probably either try it in ("you did realize you were speeding") or let you go.