Slashdot Mirror
Plausible Deniability From Rockstar Cryptographers
J. Karl Rove writes "Nikita Borisov and Ian Goldberg
(of many, many other projects) have released
Off the Record Messaging
for
Gaim.
Encrypt an IM, prove (at the
time) that it came from you, and deny it later. The
authentication works only when the message is sent; anybody
can forge all the messages he wants afterwards (toolkit included).
Captured or archived messages prove nothing. And forward
secrecy means Big Brother can't read your messages even if
he wiretaps you AND grabs your computer later on. All the gooey goodness
of crypto, with none of the consequences!
They have a
protocol
spec, source
code, and Debian
and Fedora
binaries."
Who needs any of this? Just try what I do: write your messages as GW Basic programs. This is so uncrackable that even I can't tell what is in it after I use it.
Or is your FP plausibly deniable? ;)
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
Dude you are SO COOL! How do you manage it?
Whoo! This is great! at last I can... do... um... something. It's nifty, but to what end?
They said "What happens in Vegas stays in Vegas"!
A way to deny some of the stupider posts I've made on Slashdot.
It's good to use your head, but not as a battering ram.
This thing sounds great, but before it is really useful it needs to be out there in sufficient numbers. I hope that distros will start installing it by default on their default gaim version.
Treehugger? Treehugger... Treehugger!
Such a fucking retard. Please stop this fp nonsence.
I never sent this message.
Awh...I wanted to be the first to make fun of his first post :)
How much later is "later"?
"Did I just say that I'd walk the dog?"
"Yes!"
"Nobody can prove that I just said that."
LOL
U R FUNNEE
down with big brother down with big brother down with big brother
remember the ministry of love does not care if they have proof if you did it or not. (they have proof, and have always had proof)
great work though, dont make it easy for th' bastards!
Too late - Monica already spilled it to the press...
Does this mean it's going to feature in the next edition of GTA?
Chris Mattern
OK, I've followed the link and read, but the bottom line is, how does this supposedly do what it claims to be able to do?
I'm an American. I love this country and the freedoms that we used to have.
It wasn't Monica who got in trouble for spilling something.
Kerry lost the election you know.
...port this to Miranda.
I think cross-client compatible encryption is more important at the moment. Jabber offers OpenPGP, but the development of the gaim plugin that also does this has stalled a while ago. Bummer. As long as only gaim talks to gaim with a particular encryption, it won't get used on a wide scale.
Is there an Internet Cafe at Guantanamo?
'Nuf said
"Talk minus action equals nothing" - Joey Shithead, D.O.A.
"Talk minus action equals
Sometimes Big Brother can 'prove' anything by force. Why do you think he's called Big? Small people need stuff like evidence, proof, and proper legal process. There are many recent examples of Big Brother having his way, proof and fact be damned.
If you create a message, chances are that fragments of the plain text will be in various caches and VM pages on your harddisk. It may not last for very long -- being overwritten by subsequent paging -- but if someone takes your computer soon after, they may find incriminating junk on the HD.
Two wrongs don't make a right, but three lefts do.
I really want a cryptosystem where I can enter, say, two different plaintexts (of similar length, I imagine) and then there are two keys: the private key, and the decoy key.
If required to give up "your private key" then give up the decoy key. The decoy plaintexts decrypts, and you're done. The real plaintext is still hidden away.
Does anything like this exist?
Wonderful stuff if it does everything it is supposed to do. I can't wait to check it out.
I've often wondered about this when it comes to forensics testimony. For example, even if you have my computer with some incriminating evidence on there, how can you prove beyond reasonable doubt that I put it there? I would think that unless you have a video tape of me typing the incriminating evidence on the keyboard, and can prove that the tape was made at the time in question and is unaltered, is the only way to prove anything.
Computers can be programmed to do anything at anytime, including carrying on a "conversation". You can also easily create an incriminating e-mail message that looks like it was sent, but it never was. Ditto log files, etc. For example, Apache log files are text: it would be trivial to create a script that spoofed a log file with your IP address as the incriminating info...but then how does the plaintiff prove that isn't how it was created?
Not sure for _who_, but it's great.
;) Any place you need to be able to say "I didn't say that" later - where woulkd that be except a courtroom???
I can see some people having huge use for this, drug dealers, chat room stalkers, and of course all communications between an executive and their broker
I can't think of any good reason for _me_ to use it tho. Maybe I'm just not shadey enough.
- Adam L. Beberg - The Cosm Project - http://www.mithral.com/
...and I was thinking, coming soon: Grand Theft Crypto!
Let me get this straight - it can be proved that you
a) created a plausible deniability capable link; and
b) intentionally released the key to said link so that someone else could impersonate you later.
Frequently all that's needed is the fact that you communicated with somebody for evidence - not the specifics of what you said. Sure maybe you just called them up and did some heavy breathing down the line - there's no proof you actually _spoke_, but any jury in the world would convict you.
Of course you work around that by creating a new link every hour to the same person, and maybe or maybe not using it - but it still shows you're in communication with them. There's no way around that.
Nice idea, but don't think your child pornography dealing down this link is going to somehow get you off the hook.
Comment removed based on user account deletion
Quick, someone, anyone. Combine this with yesterday's P2P In 15 Lines of Perl: http://developers.slashdot.org/article.pl?sid=04/1 2/15/1953227&tid=95&tid=156&tid=1
Everybody's a libertarian 'till their neighbour's becomes a crack house.
If you were the ONLY person actually using the system who could have written a message in question, then deniability would be far less plausible.
BillG: So, did the donation to the SCO fund to kill Linux go through?
SBallmer: Yep, sure did. And we even explained the need for us to buy one of their licenses for unlimited computers. You know, for our in-house independent benchmarking company. You know, the whole "Get the Facts" campaign?
BillG: I see... but this SCO thing doesn't look like it's going to work. We need to go after them in even more indirect ways to avoid more antitrust sanctions. With Ashcroft gone, we may get a harder wrist-slap than last time.
SBallmer: We're already getting the puppet companies set up now. They have applied for tons of patents that could destroy Linux. We simply buy a perpetual license to all patents for a cool billion, and we're set.
BillG: How can companies apply for patents that already exist in Linux? What about prior art?
SBallmer: Don't worry, there's plenty of critical new or rewritten code since the patent applications that violates them. We've even guessed what Linux might add in the future, and patented that as well!
BillG: But if those lawsuits fail.. then what?
SBallmer: Well, we're working on getting the GPL ruled illegal. We're also going to deal a blow to all open source operating systems by our deals with bios manufacturers to only run operating systems who have paid their license to get the code signed. (Don't worry, they listen to our piles of money - if they obey us, they money keeps coming)
BillG: So, you want the computer to be like an xbox, then? We might want to start drafting legislation for mod chips to prevent people from using linux.. er.. pirated copies of windows longhorn without the subscription/expiration feature. After all, we don't want people to use windows without paying their subscriptions...
SBallmer: Already in the works. Prebought PCs will include a 3 year subscription to Longhorn Home/Crippled Edition. After this 3 years is up, the people buy a new computer rather than renewing their license (for an old computer, mind you) for another 3 years. The money from Intel and Dell is already pouring in. We can't allow mod chips because people would just use that to load the Corporate Edition.
Is for folks in Law Firms. An option like this can permit a lawyer to communicate over the internet with a client in a secure way (because getting my client to go through the process of encrypting stuff with GPG is unlikely at best) ... but where intercepted be useless as evidence in court.
I gotta have it.
Trying to use sarcasm in text-based forums does not work.
a while back there was a story up here about a gaim plugin as a p2p app, couple it with this and you can say "It wasn't me" that downloaded that Shaggy album.
What I would like to see is some kind of encrypted, p2p, email/IM replacement that doesn't rely on centralized servers. I realise what I've said is redundant -- P2P that doesn't rely on servers, but I'm trying to be clear. Messages would get routed through webs of trust, and if you lose your keys, you can have your new keys signed by people you know in real life. This would totally eliminate spam and ensure privacy and authentication for communcations.
Computers are useless. They can only give you answers.
-- Pablo Picasso
may be YOU are, but WE are not...
Kid: Hey, Mister Policeman! I just got an OTR message from Michael Jackson! He said he really did molest those kids, and he's really sorry about it. Of course, I can't prove he said it any more, but it authenticated as him originally! You believe me, right?
Police: You bet we do! We haven't forgotten that guy used to be black!
*sirens*
http://www.senses0.org.mv/popzees/rot/rotn.php ;)-
Encrypt same text two or four times with different values for 'n' and the try breaking it. LOL
Criminal cases are prosecuted "beyond a reasonable doubt" not "beyond an absolute doubt" for a reason.
In most cases, there's always the outside chance that the person is being framed, there is a case of mistaken identity, or the evidence is mis-interpreted. Prosecutors go with the most-likely scenario, and juries are supposed to aquitt when the level of doubt is >= "reasonable."
With crimes involving computers, it's really bad for you if you are the only one who uses the computer or who has access to that computer account. It's almost as bad if everyone but you has a good reason why they did not do it, leaving you as the only plausable suspect. Sure, the kid next door might have picked your lock and snuck into your house while you were asleep and downloaded k1dd13-p0rn, but you probably won't even think to raise that as a defense.
As far as proving things, if there's a high-profile, long-term investigation, cops are going to get wiretap and survellance warrants and install keystroke loggers if they think they won't get caught doing so.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
This is weak for the following reason:
The 'feature' of allowing numerous forgeries after the first packet is proved authentic is a weakness. All you need to do is intercept a packet, hold it and analyze it, forge your own message and send it first, then send the old packet, which will bounce as a forgery.
try again.
YES, please please please.
And also make this a standard.
1) Charge up a bunch of stuff on line on your CC.
2) Immidiately post your CC number to the net.
3) In amongst other potential charges, deny that you made any of them.
4) Profit!
Contrary to popular belief, coding is not all free blow-jobs and beer. Those things cost MONEY!
Messages sent _before_ transmitting the temporary session key are presumed to be authentic, while messages sent _after_ the temporary session key could have been forged. Not insurmountabe, but something to think about.
Now I just need something interesting enough to talk about to merit the install :o
STOP. You're being farmed.
Just another way for Microsoft to deney all knollage of any alledged infringments.
is this _realy_ a *good* thing
right but this turns it from "we can prove that it was him" to "we're pretty sure it was him because we trust the cops more". That seems like a big legal difference to me.
To use the cocaine example, imagine that in one case, the cocaine had your prints al over it and had a picture of you holding it. In another case, there's a kilo of coke in your trunk that doesn't have any prints or any other indications that you ever saw it in your life. If you go to court for having a kilo of coke in your trunk, you're in trouble but there are different degrees.
Of course, they could use writing and misspelling patterns to strongly suggest that it was you but this takes away the mathematical certainty thing.
Blaze a trail to the New World
1. Receive message from your boss insisting you carry out some risky or unwise instructions.
2. * Disaster *
3. Boss disavows his earlier orders. Guess who is the fall guy?
My rights don't need management.
No preposition (on to for over about etc.) is ever followed by 'who', nor can it be the object of a verb. Or if grammar isn't your thing, just remember this: "who-whom" follows the same pattern as "I-me" "he-him" "she-her". So "for who" is as blatanly wrong as "for I" etc.
So you say, "not sure for _whom_, but it's great".
Otherwise you sound like a slack-jawed yokel who has no grasp of English.
Actually, if you read the spec, "Later" is any time after the next message pair is exchanged.. the keys are rotated constantly, including using "heartbeat" blank messages.. so PFS is maintained even during a conversation. G
What about traffic analysis? What does it matter if you can deny it, when it's obvious that OTR traffic went from your IP to another?
It would be good to see something like this in Jabber as well, if it really works as described...
Karma: It's all a bunch of tree-huggin' hippy crap!
The US government is at war with it's own citizens, that's the biggest reason for technology like this is set to become so pervasive.
For them to find out that your stuff was shipped to your address. Better keep your day job and leave the crimes to crooks...
"Eve of Destruction", it's not just for old hippies anymore...
What possible beneficial effect does false repudiation offer? More ways for people to be assholes...
Whether it's provable later doesn't matter, imho. As long as someone is sure at the time that a message came from you, they can testify to that in court.
Moreover, if the people monitoring transmissions are different from the people enforcing integrity of transmission logs -- ie, if someone is monitoring, and another is recording what they say they've monitored -- then there is very little reason to disbelieve what has been said/recorded by the monitoring organisation.
The prosecutor only has to prove "beyond a reasonable doubt." Some jurors will convict if they think there's less than 1 in a million chance that you are in fact innocent. Others may convict if they think it's 1 in 10 or less.
Before DNA typing, people were convicted of rape based on blood type, sometimes-foggy eyewitness accounts, supposed motive, a personality type that "fit the profile" plus lack of an alibi. Many of these people were in fact guilty. While we've come a long way with DNA, other crimes are prosecuited with a lower standard of proof and juries do convict. Heck, there are people who think Scott Peterson is innocent and there are some remotely possible scenarios in which he is in fact not guilty.
As for technical things...
A well-armed prosecutor will anticipate your arguements in advance and be prepared to knock them down as best he can. You think a wardriver did the dirty deed? Better hope the prosecutor didn't plant wifi-sniffers in the streets around your house and they register zero 802.11 activity. Actually, you better hope he DID plant sniffers and those sniffers caught the bad guy. Better hope that he didn't get a warrant to use thermal sensors to show someone was sitting at your PC at the time, and that the very same person came out to pick up the morning paper 10 hours later, and that very same person's photograph looks very much like you.
Our justice system will never be perfect. We'll always let a few guilty people go and convict a few innocent people. The only other options are to let a LOT of guilty people go and spare the innocent or lock up a LOT of innocent people and ensure no guilty person walks free.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
If many people have access to the computer, it may be difficult to apply constructive possession. Here is where encryption might work against you. If you have encrypted illegal materials and only you have the decryption keys, it is easier to make the case that you and you alone had dominion over the illegal materials and intended to use them.
Of course, when you have a technically illiterate judges, lawyers, and juries, all bets are off.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
What with the price of RAM these days? Sorry, but even with a lot of RAM there's not any reason why one shouldn't have swap. What happens when you do overrun your RAM just that one time?
Besides, swap in 'nix isn't used unless you need to. Most of the time my laptop (256MB RAM) doesn't run into swap at all, so chances are I don't have to worry about that.
And as to the temp files, etc... if you do have the RAM to spare and you're really paranoid, mount a nice big 512MB ramdisk on loopback and a quick reboot will permanently lose anything you might not want to keep around (not to mention the speed advantages of RAMdisk vs Physical drivespace).
Deniability is meaningless when only suspicion is necessary.
This appears to have far, far more disadvantages than advantages. All those forged messages can still be used against you in the court of public opinion, which has never needed proof in order to condemn. And tyrants only need to dislike you to execute you. They can dislike you for any reason at all, even for generating suspicion.
I suspect that this would protect someone only in an American court of law. Maybe.
On a side note: kudos to you for being able to figure out how to post a message here.
By and large, language is a tool for concealing the truth. -- George Carlin
Will this protocol withstand NP-space attacks in a quantum computer? Because if we're reading about working quantum computing devices this year in public, no-fee web journals, you know the NSA has them up and running. And they are so scalable, that scanning all the optical Internet backbone traffic in realtime is just a little more more "P" for their "NP" gears to grind. Hi Ms. Rice!
--
make install -not war
I can see how I'd want to encrypt my stuff. It might bore someone to death. Here's a real-life example of an IM from this morning. (I'm at work so I use Trillian on Windows NT5.1.)
Me: Dude
Friend: Yo
Me: Whassup?
Friend: Nothing
Friend: You?
Me: Nothing
Friend: Dude
Me: Yo
Friend: How's work?
Me: Work?
Friend: You at home?
Me: Oh.
Me: No, work.
Me: Fine
Me: How's J? She still there?
Friend: Fine. No left with C.
Me: BRB
Friend: Kewl
The Kai's Semi-Updated Website Thingy
I know many of you cryptographers out there are probably going out and buying some clean shirts and replacing that old condom in your wallet, but I can assure you that although we at Slashdot think that you guys are rockstars, you in fact are still creepy.
I haven't read the spec in detail, but i thought that the session key used is signed with your real non-transient private key.
With that in mind i still don't see how anyone could forge any packets from me without knowing my key.
A real life example from a conversation with my friend last night (we were discussing that Smallville TV show):
JFD says: I feel like they just need someone to die
JFD says: and then come back
JFD says: and then superman
JFD says: fucks everybody in the ass
JFD says: and then pretends that he didn't
JFD says: and then does it again
Shawn says: LOL
JFD says: and then it will be the classic soap opera
Now THAT'S a real conversation (but rather than encrypting it, I'm posting it on the 'net for all to see...hehe)
picpix image polls. create - share - vote. fun!
It's traditional to have an even number of hex digits.
Al Qaeda's gonna love it.
hey can any lawyers advise? as far as i know.. using a program like this in and of itself can be considered "intent to commit a crime" or something like that. Ive heard that if you use certain "banned" encryption schemes and what not, your very use of that technology is considered circumstantial evidence that you are a baddie (thats a technical legal term).. doesnt the same logic apply here?
If I understand correctly, this encryption doesn't do what we normally think of encryption as doing for us. Yes, the message is encrypted. But since the keys get published (necessary for forge-ability), anybody who kept a copy of the session can read the whole thing (once the session is over). Or have I missed some essential detail?
Generate per-message signing key just the way these guys do it, but require your peer to disclose this key immediately after he uses it to verify your message.
.. 8 pages and 10 references for a simple idea, which would probably occupy under 2 lines in a normal crypto book .. man, what a bloat.
PS. Damn
3.243F6A8885A308D313
Cryptography and privacy have now been reduced to 'IT' according to Slashdot? Good grief.
http://www.bitwisecommunications.com/chat/ ...
already a well established network. clunky client though.
In a criminal case, your old messages would be a legitimate starting point for an investigation and likely enough on their own to justify a search. To get a warrant, the police don't have to prove you sent the incriminating messages, they just have to persuade a judge that it is reasonable to suppose that you did.
Randomized salt values are not necessary. AES is used in Counter Mode, i.e. acts like a stream cipher. The output of AES (key-stream) is XORed with the plaintext and thus forms the ciphertext.
Therefore, even if you use a lot of "LOL" and "whats up", it will always generate different ciphertexts. Also, if you don't want anybody to know the exact length of your message, simply "fill it up" with zeros. This is described in more detail in "Protocol.txt" on the website, under "OTR Data".
Get real. Do you seriously think that terrorist haven't already gotten there hands on good crypto tools already.
You can't have security if you can't protect your hardware. Using a personal computer to protect your privacy is useless if you can't protect your personal computer against attackers. You will be protected until an attacker can have access to your hardware, after that you lost your security. I have seen a lot of desktop voice encryption system being selled (not portable systems), and the user let the hardware in his desk when go home. It is very funny to see this kind of security.
I tried to compile it on Suse 9.1 and it crapped all over itself.
Anyone gotten it to run compile/run on Suse 9.1?
...which is why it's good to get this app out there and in common use. That will then enable actual plausibility. You can say "y'honour, I just use this program because my lawyer recommended it, I'm sure ten-thousand other people out there do too, This pack of lies they call evidence could have been made up about any of them."
The thing is, at the moment even the easily-editable text file logs kept by most IM programs are considered sufficient 'proof' of a conversation that the authorities can nab you based on them. The standard for proving that a conversation wasn't added to later is already through the floor.
Crying "I published the key, anyone could have added to that conversation!" to the police probably won't help you very much.
can understand?
GAIM already offers two encryption plugins. It's cool to see another implementation being created.
gaim encryption uses RSA. There's also gaim-e which uses GPG.
I've used gaim encryption and it works very well. It requires the plugin to be installed on both ends but once that's done, it autodetects that both ends support it and enables encryption.
Oh, there's a binary available for windows and both source and packages for linux.
And, it's in portage!
emerge gaim-encryption
Someone has developed a program thats too powerful for our weak sheep-like minds and its going to be banned in about 3 weeks. Penalties will range from fines upto $400,000 and 3 - 10 years for having source code, binaries or t-shirts. Right now a stampede of politicians around the world are figuring out how this is already illigal and what they can do to make this more illigal, dodgy corporate mafia types are also on the case, wondering how they can use it to cover their government bribing even more - expect under-the-table deals and war/oil contracts to be done over IM from now on...
This comment does not represent the views or opinions of the user.
Awh...I wanted to be the second to make fun of his first post :)
Wow, that was an interesting and clever paper. At the very end of the paper though they consider the situation with email. In particular the question is asked if an encryption system which works for an asynchronos system like email but doesn't allow outsiders to prove authorship is possible.
The solution proposed is to use ring signatures which only permit proof that one of the parties to the communication (secret) wrote the message. As the authors note this solution still suffers from the defect that a third party who manages to obtain the plaintext of a message can still prove that it was created by one of the participants. This can be partially protected against by encrypting the signature part of the message (assuming the message itself was not already so encrypted) to the recipient but if the recipients private keys are ever comprimised (a subpeona, confiscation of computer by law enforcement) this protection vanishes.
The authors contend that no system using a non-interactive protocol can both provide authentication to the parties involved but resist proof of authorship by at least one of the parties in the case of key comprimise. I don't believe this is correct and while I can not provide a full system which demonstrates this property I can provide a sketch of how one might work and it would be an intriguing problem to design a cryptographic system with these properties.
Suppose at some time t0 Bob creates a public private key pair together with time stamp attesting to the time of creation. This time stamp, and the key itself could be authenticated by Bob signing with his conventional non-repuditory long-lived key. Let us call the key parts Public and Private. Suppose also that we can discover a one way function S with an associated function (not necessarily one-way) P with the following property. If we apply the one way function S to Private and the function P to Public we create a new public/private key-pair, i.e., S(Private) is the private key associated with public key P(Public). If we could find such suitable functions we could design a cryptosystem with the requisite properties.
Every time a fixed interval of time passes, say an hour, Bob applies the one-way function S to Private storing the new result and forgetting the original key. Thus after 1 hour Bob has the key S(Private) after two hours S(S(Private)) and so forth. Now when Alice chooses to send Bob a message she chooses for what period of time Bob is capable of authenticating that message. If she thinks he will read it immediatly she might choose an hour, if he is out of town perhaps a week. After composing the message Alice computes some sort of signature/authentication (Ring signature etc..). Now alice computes the number of hours that will have passed between the creation time stamp of Bob's public key and the time her authentication period ends. She then applies the function P to Public once for every hour and uses the result to encrypt her signature. She then appends the encrypted signature, and the unencrypted time it will expire to the message and sends it to Bob. If the communication is to be secret she could then encrypt the entire message authentican and all with her favorite encryption scheme.
So long as Bob recieves the message from Alice before the authentican period has ended he has no trouble decrypting the authenticating signature. Bob simply computes the number of hours from the current time until the authentication period ends, applies S to Private that many times (not forgetting the current value of private in this case) and uses the result to decrypt Alice's authentication since the properties of the functions guarantee this is the corresponding private key to the public key alice used for encryption. Once decrypted the signature authenticates Alice's message and then is discarded by Bob (If a ring signature is used Bob can create the same signature at any time if he has the message plaintext so has no incentive to keep the decrypted signature).
However, once the
If you liked this thought maybe you would find my blog nice too:
there's no proof you actually _spoke_, but any jury in the world would convict you.
If you're American, you should be aware of certain Juror's rights that the court doesn't inform you about. Okay, this is a little off-topic but that line made me think of this article I read recently:
JURY RIGHTS! JURY NULLIFICATION
and watch the RIAA and MPAA literally EXPLODE!!!!
Could someone Please explain, not flame, how this is better than the existing certificate management included in AIM form WIN. And running on linux is not part of the explaination ;-) -- Just want to understand how this is better than the existing strategy, which is implied in many posts.
Scott Peterson has been sentenced to DEATH DEATH DEATH DEATH on only circumstancial evidence.
He had motive, access, ability, and a history of lying. Noone else seems to have a motive.
That's it.
And HE IS GONNA DIE.
Don't try to be cute with the jury system. IT WILL BRING YOU DOWN. It's a jungle, baby. (Guns & Roses)
For those you want to know how to use encrypted swap paritions on Linux here is how:
/dev/hdb as your swap partition (you can actually use any partition or even a flat file) then type:
/dev/loop0 /dev/hdb
/dev/loop0 doesn't work, try loop1 or loop2 etc. (you are looking for an unused loopback device. If you are already using loopback devices, then you probably already know how to do this stuff)
/dev/loop0
/dev/loop0
PS: Your computer will not operate any slower than when using plain swap. I kid you not.
PPS: this works in mandrake and suse.
make sure module cryptoloop is loaded:
> modprobe cryptoloop
assuming you want to use
>losetup -e aes256
if
you will be prompted for a passphrase. type lots of random characters (at least 20. the more the merrier). You don't need to remember it because you can use a different one each time you reboot. I like to click random keys on the keyboard for about 45 seconds.
then type
>mkswap
this formats the partition on the other side of the loopback device to be a swap file. (remember that loop0 is being encrypted prior to the data ever hitting the disk)
and then type
>swapon
this mounts the swap partition to be a swap file.
you now have an encrypted swap partition all mounted and available as virtual memory. Use 'top' to confirm this.
This swap will not automount at boot this way, unless you put the aforementioned steps into a boot script of some kind. You can deny it or make a script to do it for you. Just make sure you use a random key each time.
I have been using encrypted swap paritions for a few years and I'm never going back.
(hint you can also make encrypted volumns using almost the same steps)
The nifty thing is that since you don't know the keys you use for your swap parition you have plausible deniability.
No one has a right to their *own* opinion. They have a right to the TRUTH.
Research has established that the intent of the Signer's of our Constitution
I wonder what their intend regarding apostropies was?
Anyway, I'm not an American - as least, not any more. I lived there for 6 months recently. Glad to be back in Australia thanks very much - I don't think the Signer's of the Constitution intended for non-paper-trail electronic voting machines either.
There's a package out on the net somewhere -- sorry, I don't recall where -- that will do this automatically, generating a random 256-bit key, setting up swap with it, and then scrubbing the key, complete with boot scripts for everyone's favorite distributions, keyed on special lines in /etc/fstab. Google would probably be of use here.
No judge would believe you that you went to a beach on January 4th.
Okay that was bad.
I for one see this as a way of overthrowing our news-reading overloards!!!
Nice in theory, but what about the logging systems being implemented in every ISP, what about the big snooping systems allready running now? They can surely capture the encrypted bits when you're sending them, which for them at least (and maybe for police too in the future) will be enough proof that you've been the one..
Only way to get a bit more deniability, is to use wifi, bought with cash and only used for that purpose, and I don't mean a laptop and intel-included wifi chipset... (ever heard about the wifi ID's identifying your wifi system? any doubts about remote access or monitoring of your wifi laptop's movements?)
Big brother is watching!
There's a package out on the net somewhere -- sorry, I don't recall where -- that will do this automatically, generating a random 256-bit key, setting up swap with it, and then scrubbing the key, complete with boot scripts for everyone's favorite distributions, keyed on special lines in /etc/fstab. Google would probably be of use here.
Except that perhaps having such a script load at boot time removes plausible deniability. Having it modify fstab or use fstab really challenges plausible deniability.
plausible deniability would require that any partition may or may not be a swap partition. It may have data or it may be swap. If it is only swap then you would not and could not know the passphrase. (and therefore your failure to provide it can't be interpretted as meaning you are hiding something).
Uh, they do that all the time now (just about how many zombies there are out there right now?).
IIRC it only publishes the private key(s) used to encrypt the messages, not the public key(s) which is/are needed to decrypt messages.
HAND.
One of the things that's particularly endemic to the Slashdot community is the "black/white" point of view - the idea that something is secure, or not, it's white or it's black.
_ Election%20Night.htm)
But that's not how security is! It's all shades of grey, and the darker the shade of grey, the worse off things are.
Nothing is ever bulletproof, and seldom is anything ever wide-ass open to the world. It's somewhere in between.
I have a remote-desktop package integrated with one of my apps. It makes for very easy tech support, and I've got it built right into the menu system of my most popular application, so that customers using my software package have access to instantaneous, high-quality tech support.
To prevent users from popping up on my development system anytime they have a question, I put a password in place. It requires a small, 4-digit numeric code, and it changes every day.
By slashdot standards, this is terrible security. It's numeric. No letters, just numbers. The code changes every day, but only based on the day of year. It can easily be predicted, if one has any understanding of the underlying, otherwise very simple algorithm used to guess these numbers.
Anybody with a packet sniffer could crack it with one support session.
But, in this case, it really doesn't matter. The worst that will happen is that your computer's desktop will appear on my screen without my Windows VM.
You could DOS me with 10,000 VM screens, but it would take a very short amount of time for me to block the port number for the VPN and kill that.
So, what's the purpose for improving security? It's secure enough. And that's the point. Many people around here will have a cow if something is potentially crackable, while sitting behind physical locks that can be compromised with an expired credit card.
Gosh! Somebody could pull out their credit card, slide it through the gap between the door and the jamb, and break into your home!
In a black/white world, your home would only be considered safe if it had 1/4 inch steel plate exterior, and locks that the NSA would have serious trouble with.
In the real (shades of grey) world, a deadbolt and a solid-core door is usually good enough, and people live with the odds. Heck, even in the worst ranked neighborhood, you have about a 3.5 to 4 percent chance of getting burgled in a given year. (http://www.ojp.usdoj.gov/bjs/glance/burg.htm) I almost never lock my back door, and I've never had a problem with it.
That's good enough security for most, as evidenced by the fact that the most important issue was national security or "the war in Iraq" in the recent election. (http://www.rasmussenreports.com/Issue%20Clusters
Notice that individual household crime isn't even on the list (unless you include the 6% "domestic issues", despite the relative insecurity of the average home.
Brought home to me by the book "Secrets and Lies" by Bruce Schneier, this world is not a black and white world. Relative risk must be evaluated, and the equation must be brought to something we can all live with.
PS: Link to sites with A tags appears to be broken on slashdot. I tried numerous times to post links to the aforementioned sites and could not do so.
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Plausible Deniability From Rockstar Cryptographers
Yeh, because we need a cryptographer to understand what mick jagger says these days..
"You lied to me! There is a Swansea!"
So make a distro that sets this up on a default install. "No, I don't know or care whether my swap is encrypted, I just installed the OS". That's plausible deniability wrt encrypting your swap.
I am trolling
Oh, don't worry about having it installed by default. Apparently using cryptographic programs as a regular Joe is illegal in USA, right?
/usr/ports/net/gaim; make install".
So I don't expect this to happen by default like "make install gaim" or "cd
HOWEVER, these should (not should as in probable, but it would be nice to) be a treat to all those non USA (and those who don't care about it being illegal or not) like "make install gaim-with-nice-cryptographic-thingy".
- Anonymous Coward
PS: I'm only posting as Anonymous Coward because I'm lazy to create an account.
"rockstar" cryptographers?! Bahahahaha!
I found articles in The Register that refer to cases very similar to that theoretical one you're speaking of.
Someone was found with kiddie porn on his disk, but forensics analysis detected some trojan browser hijackers, so it could not be proven whether he downloaded it or not.
Article here
Same thing with a DoS attempt here
GPG 0x1B479C78
Comment removed based on user account deletion
that slashdot is only for the US only and therefore everbody automatically knows what the 4th amendment says.
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
4th amendment
The 5th Amendment also seem to make a good candidate
No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.
5th amendment
For instance, in your suggestion, how do you "require your peer to disclose" anything? What if he doesn't comply? You can hang up, but you're already busted.... Meanwhile, if you've disclosed the keys, or if you're using a protocol that requires both players to know the key in order to verify a message, the other guy can't claim that you signed your message with information only you could have known and he can't - the information you're using to sign the message is information that only you and he and optionally anybody you or he have disclosed it to can know, so he can validate for himself that you wrote the message but he can't prove to anybody else that you wrote it and he didn't.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
'and therefore your failure to provide it can't be interpreted as meaning you are hiding something'
and I thought I was paranoid, someone should tell them they don't need to take my tinfoil hat, it doesn't work!
Anyhow, I was thinking..... have a DRM locked linux car sterio. If you require a key to actually use the hardware then no-one would want to steal it!
I have no idea what I meant by that. :)
HAND.
Many of the common encryption methods have been broken, or at the very least can be brute-forced by really powerful machines. Keep in mind that each layer of complexity to encryption costs your machine in CPU and thus speed. It costs them to break it too, but chances are they (the government) have better hardware than you, possibly even an existing crack to the used encryption method.
In short, good for protection from our common data-thieves, not so much from uncle sam. Of course, sometimes uncle Sam will pay you an unpleasant visit even if you don't have anything really to hide...
How does a computer generate random numbers?
Bypass Compulsory Web Registration -- http://bugmenot.com/
By collecting random information such as radioactive decay timings and hard drive read timings, and thoroughly whitening them using cryptographically strong hashes, to extract every bit of available entropy.
i'm desperate to find someone who's using this, so i can test it. message me at brokenladder@jabber.org
thx!
>losetup -e aes256 /dev/loop0 /dev/hdb
/dev/loop0 /dev/hdb
At least for kernel 2.6, you want
>losetup -e aes-256
Funny, I thought milliseconds between keypresses is always the best, only true randomness.
Bypass Compulsory Web Registration -- http://bugmenot.com/
That's not very truly random. Don't you remember the security announcements a while back about how ssh in keyboard-interactive auth mode could be sniffed for keypress timings to try to recover your password? But radioactive decay and atmospheric noise are pretty serious sources.
no. I'm not a security geek.
I remember using the waste p2p client
and it generated my 1024-bit key by asking you to type. I now see how that could happen with ssh.
Bypass Compulsory Web Registration -- http://bugmenot.com/