Plausible Deniability From Rockstar Cryptographers 358
J. Karl Rove writes "Nikita Borisov and Ian Goldberg
(of many, many other projects) have released
Off the Record Messaging
for
Gaim.
Encrypt an IM, prove (at the
time) that it came from you, and deny it later. The
authentication works only when the message is sent; anybody
can forge all the messages he wants afterwards (toolkit included).
Captured or archived messages prove nothing. And forward
secrecy means Big Brother can't read your messages even if
he wiretaps you AND grabs your computer later on. All the gooey goodness
of crypto, with none of the consequences!
They have a
protocol
spec, source
code, and Debian
and Fedora
binaries."
Big brother doesn't need proof (Score:5, Insightful)
Deniable until they look at your swap partition (Score:5, Insightful)
Plausible "yeah right" (Score:5, Insightful)
a) created a plausible deniability capable link; and
b) intentionally released the key to said link so that someone else could impersonate you later.
Frequently all that's needed is the fact that you communicated with somebody for evidence - not the specifics of what you said. Sure maybe you just called them up and did some heavy breathing down the line - there's no proof you actually _spoke_, but any jury in the world would convict you.
Of course you work around that by creating a new link every hour to the same person, and maybe or maybe not using it - but it still shows you're in communication with them. There's no way around that.
Nice idea, but don't think your child pornography dealing down this link is going to somehow get you off the hook.
Re:I wonder (Score:1, Insightful)
Recall Savannah.gnu.org was cracked a month or more before they found out about it.
So Stamper doesn't add security, it adds "authority", which if compromised could be used against you fraudulently.
prosecutors don't have to prove 100% (Score:2, Insightful)
Before DNA typing, people were convicted of rape based on blood type, sometimes-foggy eyewitness accounts, supposed motive, a personality type that "fit the profile" plus lack of an alibi. Many of these people were in fact guilty. While we've come a long way with DNA, other crimes are prosecuited with a lower standard of proof and juries do convict. Heck, there are people who think Scott Peterson is innocent and there are some remotely possible scenarios in which he is in fact not guilty.
As for technical things...
A well-armed prosecutor will anticipate your arguements in advance and be prepared to knock them down as best he can. You think a wardriver did the dirty deed? Better hope the prosecutor didn't plant wifi-sniffers in the streets around your house and they register zero 802.11 activity. Actually, you better hope he DID plant sniffers and those sniffers caught the bad guy. Better hope that he didn't get a warrant to use thermal sensors to show someone was sitting at your PC at the time, and that the very same person came out to pick up the morning paper 10 hours later, and that very same person's photograph looks very much like you.
Our justice system will never be perfect. We'll always let a few guilty people go and convict a few innocent people. The only other options are to let a LOT of guilty people go and spare the innocent or lock up a LOT of innocent people and ensure no guilty person walks free.
Deniability? So What? (Score:1, Insightful)
This appears to have far, far more disadvantages than advantages. All those forged messages can still be used against you in the court of public opinion, which has never needed proof in order to condemn. And tyrants only need to dislike you to execute you. They can dislike you for any reason at all, even for generating suspicion.
I suspect that this would protect someone only in an American court of law. Maybe.
really... (Score:3, Insightful)
With that in mind i still don't see how anyone could forge any packets from me without knowing my key.
Re:Deniable until they look at your swap partition (Score:2, Insightful)
Best if you just don't get the notice of the black helicopters in the first place. Make lots of friends.
Re:how about dual-plaintext messages? (Score:3, Insightful)
An excerpt:
LOL, implement this in Bit-torrent and gnutella (Score:3, Insightful)
Re:The burden of proof (Score:2, Insightful)
In scenarios 1 and 2, the person who didn't log messages claims that they never had the decryption key; again, we can prove that they had the encryption key, but not that they could read the messages. So, as the party that didn't log the messages, you claim that you never received them, and that the party who logged the messages forged them. Again, no worse off than plain text messaging, since the possibility of forgery is identical, but this time a key is needed to read the messages
In scenario 3, you're doomed anyway, but you would be with plain text messaging too.
Thus, no matter where the attacker is, your privacy and security is always at the same level as it would be with OpenPGP type messaging, and deniability at the same level as plaintext messaging.