'Vanish' Makes Sensitive Data Self-Destruct

Hugh Pickens writes "The NY Times reports on new software called 'Vanish,' developed by computer scientists at the University of Washington, which makes sensitive electronic messages 'self destruct' after a certain period of time. The researchers say they have struck upon a unique approach that relies on 'shattering' an encryption key that is held by neither party in an e-mail exchange, but is widely scattered across a peer-to-peer file sharing system. 'Our goal was really to come up with a system where, through a property of nature, the message, or the data, disappears,' says Amit Levy, who helped create Vanish. It has been released as a free, open-source tool that works with Firefox. To use Vanish, both the sender and the recipient must have installed the tool. The sender then highlights any sensitive text entered into the browser and presses the 'Vanish' button. The tool encrypts the information with a key unknown even to the sender. That text can be read, for a limited time only, when the recipient highlights the text and presses the 'Vanish' button to unscramble it. After eight hours, the message will be impossible to unscramble and will remain gibberish forever. Tadayoshi Kohno says Vanish makes it possible to control the 'lifetime' of any type of data stored in the cloud, including information on Facebook, Google documents or blogs."

Copypaste

[sopssa]

'Our goal was really to come up with a system where, through a property of nature, the message, or the data, disappears,'

And yet after a copypaste or screenshot it wont disappear anywhere.

Re:Copypaste

[binaryspiral]

This could be the next step in actually having secured, signed, digital copies.

I could see a variation of this made available for official documents that need to "phone home" for decription. If the document is somewhere its not supposed to be - scambled.

Of course there are many ways to circumvent this - but I'm tired of faxes being legally more viable than anything digital.

Re:Copypaste

That's not what this is intended to prevent. Of course the intended recipiant can read it. They could even write it down on a piece of paper.

The same message however, may have been cached in many other places. This scheme is intended to prevent it's retrieval by other parties at a later date.

Re:Copypaste

[sopssa]

This is actually a good idea. Now just add it to sms's, so I can "cancel" all the text messages I've sent to my ex the night before :)

Re:Copypaste

[QX-Mat]

So this is really just a very obfuscated way of achieving what DRM providers have been trying to [favourably] do when they (willfully) allow their authentication services to die or go the companies hosting them plunge into insolvancy.

And to think people thought we were crazy when we warned them that the above DRM 'technique' was a bad idea for consumers from the get go. Pitty "a do over" or repurchase isn't a very good business plan for message encryption -

"Sorry about this, can you send me your email from last week since it's expired now and I need to check up on a few things?"
"No can do, we didn't actually mean anything we said in it. But we didn't lie either. Got proof?".

Sad that it works for media formats.

Just imagine if we allowed the reasons behind why we went to war or how the recession occured to expire like this! Blame would be apportioned in terms of aquiessence rather than proof, "Yes sir, it's definitely not our fault, since we have no records of that - and there's no point in looking since all the keys have expired! If only it had crossed our minds a little sooner, we could have looked at our records when it was politically damaging..."

Re:Copypaste

[NotQuiteReal]

heh - the Print Screen button is a terrorist tool!

Re:Copypaste

And yet you obviously didn't RTFA.

Re:Copypaste

[CannonballHead]

You should suggest it to gmail. After all, they already have a way to change the timestamp of the e-mail you sent so it looks like you sent it earlier than you did, why not just delete e-mails you've sent no matter where they are!

Re:Copypaste

[ls671]

Just look at the dates in the server headers in the message source if you need to catch somebody trying to fool you. Client headers have been very easy to falsify since the beginning of email. (e.g. From:, Date:, Subject: , etc...)

Re:Copypaste

[ubergamer1337]

WOOSH!

Re:Copypaste

[Foofoobar]

Not really. For it to be useful it would need to be stored and retrieved according to government communications storage standards for companies. All communications need to be able to be stored and retrieved in the case of an investigation or subpoena or other such issues not only regarding your company but your clients as well and all persons you communicate with as a point of business.

Re:Copypaste

[element-o.p.]

Unless you live in England and the government decides to force you to hand over your encryption key. With Vanish, you *can't* hand over the encryption key because you never had it in the first place.

<pedantic>
Unfortunately, TFS -- and to a lesser extent, TFA -- seems to be ripe with exaggerated claims: "'Our goal was really to come up with a system where, through a property of nature, the message, or the data, disappears.'" and "After eight hours, the message will be impossible to unscramble and will remain gibberish forever."

No. Unless I am missing something from TFA, it is like any other "secure" encryption scheme: merely very, very difficult to break. Given a fast enough computer -- or a large enough cluster of computers working together -- it can be cracked. The only thing Vanish protects against is someone stealing the encryption key from your PC.
</pedantic>

Re:Copypaste

[SlashDread]

The goal is convenience for the lazy privacy consious. The goal is to prevent a 3d person to read it (at a later time), not the actual users. Consider a nifty trojan that reads your screen in real time, this system wont beat that.
Said that, copypast means nothing: "you mean you typed this text and now pretend is was send through this system?" gosh. Likewise screenshots mean nothing.

Re:Copypaste

[sparkchaser]

I just spent the last 5 minutes trying to activate that feature. Well played, CannonballHead, well played.

Re:Copypaste

[sumdumass]

No, the girls I keep around are the ones I think I might want to get serious with. I probably couldn't handle them sleeping around and me knowing about it. The one night stands are just that, a quit get your rocks off and be done with it. Sometimes it's to prove a point, sometimes it's because she is that hot. But rarely are they hot and worth keeping as far as I have been able to tell.

Re:Copypaste

[davester666]

Well, of course, because it violates the DMCA...

Re:Copypaste

[ceoyoyo]

Their "property of nature" is their P2P software deleting files that are more than 8 hours old.

It's nothing more than encrypting data and storing the key with an authority of some type, which promises to delete it at a certain time. Except in this case the authority is using their own P2P network to store the keys.

Re:Copypaste

Of course there are many ways to circumvent this - but I'm tired of faxes being legally more viable than anything digital.

Just tired? Why not disturbed? No one should ever ever accept a signature or any document by fax, even within an organization - yet this is outrageously common.

Internally, many organizations have seen the light and now use email, since there is good enough security in place around user account and therefore mailbox access.

Re:Copypaste

[jonnat]

It seems that it would at least provide deniability, since the ISPs or the e-mail system will never get a copy of the decrypted message.

Re:Copypaste

[bolt_the_dhampir]

And yet after a copypaste or screenshot it wont disappear anywhere.

Except after the key is gone, there's no way to prove the screenshot is real. If you receive a secret message this way, you can claim any screenshots are just fakes and that the message said something entirely different.

Re:Copypaste

[Opportunist]

You were appropriately modded insightful instead of funny. 10 years ago, this would have been different.

That's exactly the danger of such "best before..." keys: It makes possible what Orwell could not have engineered any better: It allows you to rewrite history. We've always been at war with Eastasia.

It's even worse than Orwell imagined it: It doesn't even create jobs.

Re:Copypaste

[Opportunist]

The goal is to prevent a 3d person to read it (at a later time), not the actual users.

And this it does not provide, or at the very least not ensure. And that's the crucial point about security: Either do or don't. There is little room for 'maybe'.

All you need is one leaked copy. One is enough. Data can be multiplied easily, quickly and cheaply. Ask the RIAA. The threat isn't that millions of people might crack your document. The threat is that one person might and distribute it to those millions.

Re:Copypaste

[Thiez]

> No. Unless I am missing something from TFA, it is like any other "secure" encryption scheme: merely very, very difficult to break. Given a fast enough computer -- or a large enough cluster of computers working together -- it can be cracked.

I am a one-time pad you insensitive clod!

Re:Copypaste

[element-o.p.]

I'm so ashamed :)

Let's not kid ourselves

[Bruce+Perens]

If the decryption key is ever available to the browser, a modified version of the tool could store it and decode the document forever.

Re:Let's not kid ourselves

[Eevee]

No disrespect, but read the article. It explicitly states that this is not designed to keep the parties from saving the information.

It is technically possible to save information sent with Vanish. A recipient could print e-mail and save it, or cut and paste unencrypted text into a word-processing document, or photograph an unscrambled message. Vanish is meant to protect communication between two trusted parties, researchers say.

Re:Let's not kid ourselves

[Slashdot+Suxxors]

If it's supposed to be between two trusted parties then what's the advantage of this over PGP/GPG? A fancy "vanish" button? Someone enlighten me.

Re:Let's not kid ourselves

[John+Hasler]

> A fancy "vanish" button?

Yes. The average PHB might just barely have the intellectual capacity to deal with that.

Re:Let's not kid ourselves

[MeanMF]

If an attacker captures the encrypted message, they could save it and decrypt it at a later date if they are somehow able to obtain the recipient's key. With this system, the key is (supposedly) completely gone and not even the recipient can decrypt the message again.

Re:Let's not kid ourselves

[TheCycoONE]

Even if one of the parties systems are compromised, the hacker won't be able to find some key that will allow them to decode the messages.

Re:Let's not kid ourselves

[mlts]

One advantage I see is that after the Alice sends Bob the message and Bob has it stored, then the copies of the message floating around on the Internet become completely non-decryptable after the time limit has expired. Even if a third party manages to decode or obtain Bob's private key, it won't do them any good in obtaining the text; the attacker would have to attack either Alice or Bob's endpoint, which is a lot harder than just passively sifting stuff sitting on a server with unknown security.

Vanish does the same thing that cryptographic tokens do. Both limit the window of attack on something. Where a smart card would limit guesses of a key's PIN to 3-5, Vanish limits the time of attack of a message to 8-12 hours.

Re:Let's not kid ourselves

[EdZ]

If I'm guessing correctly, what's sent is essentially the cyphertext and a series of URLs that point to what makes up the key (e.g. go to page x, take every third character from the 27th line, etc). The idea being that the pages chosen should change often enough that anyone who intercepts the message, and LATER attempts to decypher it, will be unable to.
Basically, the only time this will offer protection is when the following conditions are all met:
a) The URLs chosen are not cached anywhere
b) The URLs chosen cycle regularly and randomly (the random part is important, and unlikely)
c) The message is NOT read by the attacker until after the key has disappeared. This will probably only occur if the keylinks & cyphertext are posted on a forum or similar, and which the attacker visits later. If the message is emailed/IMed/etc, then intercepting it at the time would make automatic decyphering trivial.
This all hinges on the assumption that the service does not hinge on a set of specially operated key generating servers (loss of which would prevent the service from operating). Such a service would provide properly randomised key fragments, but faces other issues. The fragments must be publicly accessible, change only after an 'acceptable' time period (implied to be a few hours), and remain constant for these few hours. This would make caching of the keys trivial. And would still not prevent decyphering upon interception within the time limit.
I suppose the key servers could require a key as part of the message itself to provide the correct key fragment, but this would only solve the caching attack, not interception.

Re:Let's not kid ourselves

[John+Hasler]

Each key fragment should deleted the first time it is accessed. Instead of using pre-existing P2P networks build a special-purpose self-organizing network of all the machines with Vanish running on them which could implement the improvements you suggest.

Re:Let's not kid ourselves

[Facegarden]

If the decryption key is ever available to the browser, a modified version of the tool could store it and decode the document forever.

Well, I was thinking about this, and the real idea is to prevent people who never originally saw the message from reading it down the road. If i send you a message, and then it scrambles, no one hacking into your e-mail later will be able to read it (barring cracking the scrambling system itself, obviously). It's not to prevent YOU from copying the message, it's to prevent new people from reading it after the 8 hour window is up.
-Taylor

Re:Let's not kid ourselves

[v1]

I was thinking about this and the only way they could engineer it to work even remotely like they advertise is if someone wanting to read the material forwarded it along with their 1/2 of the key to the 3rd party. The 3rd party then combines their 1/2 of the key with the provided, decrypts the data, and sends it back to the requestor. As long as the requestor does not maintain a copy of the cleartext, (as several have quipped with
"screenshots?") then this would work. Once the 3rd party no longer has their 1/2 of the key, the data is irrecoverable. This however requires that only the 3rd party have a copy of their 1/2 of the key. Otherwise someone could cache a copy of the keys and as long as they have the keys and can hook up with a requestor, the data continues to be recoverable.

It's broken worse if the requestor requests the key from the 3rd party and gets it, because they themselves could cache a copy of the key just the same. But that's not fairing any better against the "screencapture" argument.

This isn't going to work. Another approach is to keep the 1/2 of the key in the cloud, but after a preset time, to flood the cloud keystore with plausible keys, too many to practically sort through to figure out which was the correct key. This only partly unbreaks the problem though.

The only example of anything even remotely similar having a "future-breaking" effect is in verifying identity. Create a key for say, year 2099. Make a key for 2098 and use 2099's key to sign it. Repeat the process down to current. Release all public keys for 2009-2099 to the public domain. Sign a document with key from 2009. You can be verified as the signer of the document. But on jan 2010, release the private key for 2009 into public domain and start using the key for 2010 to sign. Anything signed in 2009 can't be verified to be you anymore because the private key for 2009 is in public domain and records plausibly could have been altered. You can repeat this process until you reach the end of your chain of keys. There's no reason to expire keys on a certain date either, you could roll up 10,000 of them in this manner and expire them anytime you wanted or needed to, and as long as the entire set of keys remains available, anyone can verify your identity as long as it's signed with a key that has not yet been released. Done properly, the entire keyset could be in one document/package, as a giant chain of trust. Technically the only key they need to have that matters is your "root" 2099 public key because it can be used to verify the authenticity of any of your other public keys.

Though that breaks the past. You can't break the future

Re:Let's not kid ourselves

[dmdavis]

No disrespect, but...

woah... courtesy? You must be new here. You were supposed to say "Why don't you RTFA, you mouth-breathing buffoon." I realize that it's Bruce Perens you were responding to, but this is Slashdot. We have standards here!

Re:Let's not kid ourselves

[david_thornley]

Keys deleted on first access? That's a great way to guarantee that the mail will get through.

Re:Let's not kid ourselves

[dcollins]

"Vanish is meant to protect communication between two trusted parties, researchers say."

That doesn't make any sense. Just use regular encryption for that.

Re:Let's not kid ourselves

[John+Hasler]

You would have to have received the message in order to have the key required to retrieve the first key from the network.

Re:Let's not kid ourselves

[John+Hasler]

> That doesn't make any sense. Just use regular encryption for that.

"Vanish is meant to protect communication between two trusted parties who are too stupid to deal with the complexities of real encryption."

In other words, the vast majority of business executives and government bureaucrats.

Re:Let's not kid ourselves

[Hammer]

The real issue is not wehter the intended recipient can save a readable copy.The idea is I believe to prevent unintended recipients.
Now how prevent that? As the message will have to have some form of information on how to obtain the crypto key.... How prevent the snooper to find the key if he also has the application????

Somehow plain old PGP/GPG seems a whole lot better

Re:Let's not kid ourselves

[Opportunist]

And that's in what way superior to PGP? If I had to, I'd start cranking out public keys at a rate of 3 per day and I'm there. I don't need to trust their P2P network, though.

Re:Let's not kid ourselves

[Opportunist]

Why bother with the key? When I have one of the participating systems compromised, I grab the plain text message instead.

I'm not going to invest time to find a way through the steel security door if the walls are made of paper.

Re:Let's not kid ourselves

[Opportunist]

I see the weak point in the way the key is "stored". Alice creates a key and sends it into the cloud. Bob has to retrieve the key and apply it without knowing how it really works. That leaves a single question: How does Bob figure out what key to retrieve, and how do you avoid that someone poses as Bob?

Re:Let's not kid ourselves

[mlts]

This is probably answered by a conventional PKI. Alice creates a key and sends it into the cloud. Alice then sends a note to Bob signed with her private key, and encrypted by his public key the information needed to pick up the key from the cloud (which bits to grab from which servers.) Bob then decrypts the note supposedly from Alice, validates her signature and then fishes the key material from the cloud.

To me, the cloud is a inserted between the two normal steps in the cypher process (the first being the public key crypto, the second being a symmetric encryption key for the message's contents. All public key encryption systems use a symmetric encryption system and only encrypt that key because of performance reasons. Symmetric encryption algorithms like AES can be thousands of times faster than the algorithms used for RSA or DSS.)

Vanish reminds me of the anonymous remailers of the mid 1990s where people made long chains to get a message from their machine to a destination. Any remailer in the chain that did not log messages, or destroyed the logs would make it impossible without a side channel attack [1] to obtain proof that it really was Alice sent an anonymous E-mail to Bob.

If there are not that many Vanish peer nodes, they can be compromised and instead of discarding key material on the expiration date, merely retain or actively archive it. Then an attacker would then grab the material from the nodes, piece together the expired key and be able to obtain the message without harassing Alice or Bob. However, if there are a lot of Vanish peer nodes, especially ones on laptops or or the transitory machines, there is a chance that not enough machines would be online for Bob to get a quorum of pieces to reconstruct the key.

Another attack, if an attacker had the ability to gain access to a lot of Vanish peer nodes, would be to find all the key pieces that expired on an exact date or time, then attempt to use those pieces to reconstruct a key. To foil this, the Vanish client would have to set the expiration to a minimum time, then add a random factor (could be small, could be large, perhaps 2-3 times the original delay) on each piece to prevent someone from doing this.

Vanish is a trade off. Alice gains assurance that an attacker has a timeout limit to factor Bob's key and get the key material from the Vanish cloud before it gets destroyed. However, what is deeply impacted is reliability. If the message is critical, there is a chance it may not be re-constructable due to lack of pieces available (similar to what happens if there is nobody able to seed a torrent, and the people on that torrent don't have enough pieces to completely reconstruct the file.)

[1]: In theory. In reality, if someone of great interest is suspected of sending anonymous E-mail by a well heeled organization, they can monitor the encrypted traffic they send out and that the person sent a mail to one anonymous remailer, then there was an encrypted E-mail packet traffic went to the second one in the chain via SMTP, until the end where the last node sends it in plaintext to the destination. Yes, it would take someone sophisticated enough to be wiretapping every single network link, but it can be done. Of course, remailers that at random time intervals send encrypted E-mail to other remailers with a random sized encrypted packet that is chucked would stop this attack, similar with remailers that hold mail for a random time before being passed to the next node.

Re:Let's not kid ourselves

[sjames]

The thing is, if it is ever possible to decrypt it, unless that possibility is contingent on the recipient having something nobody else does, then everybody must be assumed to have taken the necessary steps. OTOH, if it IS contingent on the recipient having something nobody else does, then it's indistinguishable from public key cryptography possibly with an all or nothing function applied.

That is, I write a message, apply an all or nothing function to it, then encrypt the pieces with the recipient's public key. I send each piece separately. If even one piece goes through an honest provider that doesn't worship big brother, the message will become unavailable as soon as the recipient picks up the last piece.

Obvious application

[Dice]

Dear Alice,

Do you want to go to the dance with me?

[ ] YES
[ ] NO

Love,
Bob

(Message will self-desctruct 1 minute after dance starts.)

Re:Obvious application

[ShieldW0lf]

More like

(Message will self-destruct 1 minute after someone from the mailing list I sent this to says yes)
(someone?)
(anyone?)
(hello?)

Re:Obvious application

[Eevee]

Dear Bob,

No, but I'm sure that Eve would say yes if you asked her.

Alice

PS: Please don't ever mention this message to me in the future...and if you do, don't be surprised if I, umm, have forgotten receiving it.

Re:Obvious application

[bluefoxlucid]

How about a 3-way with both Alice and Eve?

Oh yeah. I had the balls to ask.

Re:Obvious application

Mmmm, man-in-the-middle, mmmm.
*Slaps self and gets back to work*

Re:Obvious application

[ameline]

You're proposing a man in the middle attack? :-)

Re:Obvious application

[KZigurs]

Should have used diff-hellman!

(noone ever talks about girl-in-the-middle attacks, right?)

Re:Obvious application

[Piquan]

In the literature, that's known as "MITM".

Re:Obvious application

[Opportunist]

Since biology was one of the few subjects I didn't snore in (at least when that topic was on), I'm fairly sure you'd have to replace Eve with Bob to make that work out, due to interfacing problems, unless you plan to use some plugins. Else I'm fairly sure you'd waste some resources and get a few unsatisfying results.

So that's what's been happening

[hwyhobo]

After eight hours, the message will be impossible to unscramble and will remain gibberish forever

I think corporate VPs have been using this tool for years, with the delay trigger set to "0".

Re:So that's what's been happening

[Tokerat]

I keep getting those, too, with the subject line "Great new software tech I read about we should be utilizing"

Just use Freenet...

[ShaunC]

...everything disappears off there pretty quickly already.

Adaptability

[arizwebfoot]

I wonder how I could adapt this to conversations my wife has with me, since she reminds me of stuff I said 20 odd years ago?

Re:Adaptability

[drxenos]

The only answer to that problem is lots and lots of jewelry.

Re:Adaptability

[rootofevil]

or a new wife.

depends whats more expensive, the jewelry or the divorce.

Re:Adaptability

[element-o.p.]

The only answer to that problem is lots and lots of jewelry.

Let me know how that works for you. Seems to me like you are training your wife to bring up something again every time she wants a shiny new trinket...

Re:Adaptability

[Hammer]

Hehe... My ex has already applied the reverse.... anything I said more than 3 hours earlier was gone... "You never said that" :-D

Re:Adaptability

[element-o.p.]

One good joke deserves another. Think about it.

Re:We already have better tools for that

[Eskarel]

True, however, in the many years between the invention of Public Key Crypto and today, no one has come close to being able to come up with a way to easily and automatically distribute the keys that doesn't rely on some third party having all of them on file.

There's a reason that encrypted e-mail is pretty non-existent and it's because key management remains unsolved. Manually passing your self generated keys back and forth is all well and good, but it's not all that scalable, and most folks don't know how to do it. I don't know if this works any better mind you, it's probably really more of a nifty trick/experiment, but pretending that Public Key Encryption has solved the secure communication problem is at best naive.

Privacy Assurance == DRM

[internic]

If the software allows the user to view the plain text, then it can be copied, so I don't see how this would really ensure it disappears. While I would love to be able to have social networks or cloud computing that could guarantee privacy by having technological measures to prevent the dissemination of private information, I think that problem is exactly the same one DRM tries to solve. And that is why it is doomed to fail. The only way it could really hope to succeed is in a world of ubiquitous "trusted computing" where the computer (and any other recording devices) ultimately will not carry out user commands to copy the data (or copy the output from the "analog hole". In the current world, such a scheme is doomed to fail, and the world where it would work sounds like a dystopian future to me.

All that being said, perhaps it can be used to prevent authentication of the information? Somehow the digital signature could no longer be read, so you could show a copy of a document but not demonstrate that it was really created by the author. It's not clear to me whether that's possible.

Re:Privacy Assurance == DRM

[vertinox]

I think that problem is exactly the same one DRM tries to solve.

Actually the authors specifically does not prevent the recipient from copying as it was not their intention. It was to prevent man in the middle attacks of people who were not supposed to be copying in the first place.

Re:Privacy Assurance == DRM

[internic]

Actually the authors specifically does not prevent the recipient from copying as it was not their intention. It was to prevent man in the middle attacks of people who were not supposed to be copying in the first place.

You're right. I actually had to run out just a few minute after the reading the summary and didn't get a chance to RTFA until now. I can see how this could potentially be useful for encrypted communications between two trusted parties to ensure that neither party is later coerced into divulging the key. When they mentioned Facebook, I thought they were talking about solving the problem of the company or other users who have access to information on Facebook divulging it, but that's clearly not the problem this is meant to solve (nor does it solve that problem).

Comment removed

[account_deleted]

Comment removed based on user account deletion

Not useful for DRM

[swillden]

I see someone has tagged this article with "drm", but this isn't a usable technique for DRM. This is an interesting technique for creating a "disappearing" decryption key, but it only works if no one bothers to retrieve/reassemble the decryption key before it disappears. If the recipient retrieves the key while it still exists, he can save the key and decrypt the message at any time. Or he can retrieve the key, decrypt the message and save that. The most obvious application for this, I think, is forward security. As long as the recipient doesn't save a copy of the decrypted message or the decryption key, the message would become unreadable -- to anyone -- after a short period of time. I need to read the details to see if this would be useful in some real-world setting, or if it's of academic interest only.

Re:Not useful for DRM

[Bruce+Perens]

It's because the tool itself would need to be DRM-locked if you wanted to enforce the time expiration on the intended recipient.

Re:Not useful for DRM

[swillden]

It's because the tool itself would need to be DRM-locked if you wanted to enforce the time expiration on the intended recipient.

You'd also have to ensure that there's no way to retrieve the key without the tool. That doesn't seem to be a goal of this research, which is my point.

What?

[wjousts]

After eight hours, the message will be impossible to unscramble and will remain gibberish forever.

Most of my messages are gibberish to begin with. No scrambling needed!

Re:What?

[mcgrew]

OMFG, my ex-wife is posting at slashdot!

Re:What?

[bertoelcon]

But after you scramble gibberish, it becomes normal.

Re:What?

[aoheno]

I think he is speaking in Japanese gibberish. The translation reveals he said "The majority of my messages the empty is the queer word which starts. Did not need that you dispute ahead!"

Corporate crimes

[wjousts]

I can see this being useful for corporations that want e-mails to be destroyed before they can be used against them in court. Sure you could take a screen shot or copy/paste the text before the e-mail is permanently destroyed, but can you prove that your copy wasn't tampered with? Can you prove that was what the e-mail originally said? Plausible deniability!

Re:Corporate crimes

[fishbowl]

>Plausible deniability!

An interesting word salad that is not nearly as useful in civil court as some would like you to believe.

Plausible deniability is a euphemism for "perjury you might get away with."

I often tell my employers that if called to testify on *anything* I will simply tell the truth, and that they should operate accordingly and make rational choices with that in mind.
Sometimes they seem to think I'm joking about this. I assure you that I am not.

Re:Corporate crimes

[westlake]

Plausible deniability!

The judge and jury get to decide what is plausible.

It won't look good if the erasure violates standard practice or professional guidelines, legal obligations or existing corporate policy.

In criminal law, a guilty verdict demands proof beyond a reasonable doubt.

That does not mean that every piece of evidence has to carry the same weight - only that the evidence when viewed as a whole is damning.

If the state's witness performs credibly on the stand, that will carry over to whatever documents he is asked to describe and identify.

"Plausible denial" is a world of hurt.

Re:Corporate crimes

[DavidTC]

Hell, the TV show Alias was using p2p networks to transmit encoded messages a decade ago. At least once, Sidney was told to get a encoded message by search for and downloading a specific mp3 off Napster.

The best way to send private messages now, of course, would actually be usenet, as it's a hell of a lot harder to find downloads from that. With p2p, if someone tracks down what file gets posted with the secret info, they could track down the dozens of people downloading it, and maybe find a spy in that list, whereas there's absolutely no way to find out who's downloading a file off usenet without hijacking hundreds of servers.

So what the spy HQ should do is pick a TV show that airs each week, build a pirate rig that records it, and hides this week's messages in it. They should be able to hide hundreds of messages in a single TV show. This gets posted, regularly, to Usenet, in the right place. (It would be nice if they can get their release out before everyone else, so that thousands of people download it.)

All their spies should have software that pulls out the hidden message stream, but can only decrypt the message to them. I.e., there's a 10k message stream hidden in the file, but like 'Here's a message to #8374293, 'hatasfasdfrt', decode with your key. Here's a message to #9324924, 'asfsdga32', decode with your key'.(Although obviously in some actual format.)

You have even have emergency signaling, which would consist of any of a small set of fairly obscure movies posted to a different group. For when a message needs to go out 'off schedule'.

Also, obviously, TV shows don't run 52 weeks a year, but it should be possible to find some combination to cover them all.

You could actually do the same thing with torrents, even to the extent of using the same encoded file, and throwing it up on piratebay or something.

I was just going to suggest some sort of automated tool to do this, hidden on a flash drive, that looks like a normal Usenet client, and the spies making sure their client is set up as if it was looking in those newsgroups...but I realize that, hell, spies are very well trained, and if they need to fire up NewsBin and refresh headers and look for a specific name, every day, they are certainly capable of doing that. Beats having to sneak out to the park every day and look under the park bench.

Of course, this would only work for people who's cover is a) knowledgeable about computers, b) likes the show (This could be fixed by doing more than one show) and c) willing to break copyright law.

Re:Corporate crimes

[rajkiran_g]

Since this is a free and open source tool, it should be possible to save a copy of the key as well as the scrambled message as soon as it is received, so that it can be decrypted at any later time.

It is explicitly mentioned in the article that the aim of this is not to prevent the recipient from saving a copy. It is to prevent decryption at the lots of other places where it might be cached since the key is destroyed after a short while.

Re:Corporate crimes

[wjousts]

But the point is that I have to want to save a copy which, if I'm up to no good, I wouldn't want to do.

Vanish++

[Mysund]

If you buy the Vanish++ package, you get an additional package of superglue, to glue the printscreen button stuck.

This is not free software

See their license at this page:

1. Software may not be modified except for personal, educational or informational purposes.

This is not free software, nor is it open source.

Re:This is not free software

[gparent]

http://vanish.cs.washington.edu/download_src.html

Are you blind? It's not free but definitely open source.

Re:This is not free software

[93+Escort+Wagon]

http://vanish.cs.washington.edu/download_src.html

  Are you blind? It's not free but definitely open source.

Well, to a true FOSS zealot it's not free, nor open source, unless it fits THEIR definition of "free software". Ironically their definition is sorta 1984'ish, with the words meaning something different than their literal meaning.

Also, for purity's sake you should have capitalized "Free" in this context.

Re:This is not free software

[Miseph]

It is both "free as in beer" and open source (the source code is available for all to see), it just doesn't let you do certain things with it (ie. commercial use).

Also, from their FAQ:

"For (1) [Vanish core], we have chosen to, at least for now, use a UW-specific Academic License. Our choice of license is based largely on the fact that Vanish is still an experimental research prototype. You'll notice a number of terms and conditions with this license. Just so that there are no unexpected surprises, our license highlights the fact that Vanish will destroy data (which is not something one finds in normal applications). Also, as we note elsewhere in this FAQ, Vanish raises interesting questions from a legal perspective. Our license discusses how users must assess for themselves the legal implications of Vanish for their own situations. See the license itself for all the details."

Doesn't seem so nefarious in that context.

Just what we need...another way to lose data

[MpVpRb]

I can just imagine the bugs, accidents and outright stupidity that will lead to millions of users asking "where did my data go?"

scattered across a P2P system

[192939495969798999]

I didn't realize that P2P systems are known for making a piece of information unavailable once it is scattered across that P2P system, especially encryption keys and such. No one gets stuff like that on P2P networks, why would they do that?

Re:scattered across a P2P system

[vertinox]

I didn't realize that P2P systems are known for making a piece of information unavailable once it is scattered across that P2P system, especially encryption keys and such. No one gets stuff like that on P2P networks, why would they do that?

I think the authors were thinking of the the issue of where a torrent goes away once people stop seeding it once the original software is obsolete.

I mean can you find a working torrent of Photoshop 5 these days?

Same difference.

Re:scattered across a P2P system

[Opportunist]

The difference here is that nobody wants that information anymore. There is no set expiry date on content in P2P networks. It usually expires once you can get something better, but rarely before that. I'm fairly sure you'll still find copies of Star Wars Kid and Numa Numa, for now, forever.

I'm fairly sure, the more someone wants something to vanish from 'the cloud', the less likely it is to vanish.

At last...

[quarkoid]

Finally, an article in my area of expertise. Now this is likely to earn me +5 insightful, interesting and everything else.

So, why is Vanish useful to us?

Well... [BEGIN VANISH]u5vw7b658we77kw4657865v87zb68e7y678ctr63or63o7t6ox9587x4ygfiouhx
eo84yre kl76v5los79y6to89xep89x7e4v6eotyl9e84lbvr8xy76ebl9txevl9r8
ygnl8odvr,i8xeyvti8seybvto eby5tli8xevynlr8n776vsot7vnl9xe84nyu .lwaje
aowpibtulieut,iwvy,o39u dryswrl9uzfna484ytlo8cwjnlv ig78wfp9cnusgl8w
3n4aly8u .og8unl98nst.oby487rw;zbv5l936tlisd rnzsche.ldnj ekqb;wv4ioa
ur.,zwjsehg f,vhlfiawvutileuklrla wucbtrqil37ctlasehjctn;laiwuerciluqw3ybt
ow875ntliu awu[9c57st8nzwci4ycrnhseu6go38ny cfukbtw347v6f5o93vsb
y to9y347icr yisuryctw 37bt6l9s38 ucr,ugbvt6o8w 3nyu.oulv87vg[END VANISH]

I think we can all agree with that.

Nick.

Re:At last...

[vertinox]

o39u dryswrl9uzfna484ytlo8cwjnlv ig78wfp9cnusgl8w
3n4aly8u .og8unl98nst.oby487rw;zbv5l936tlisd rnzsche.ldnj

What?!

How dare you sir! My mother is a saint!

Re:At last...

[A.+B3ttik]

y to9y347icr yisuryctw 37bt6l9s38 ucr,ugbvt6o8w 3nyu.oulv87vg

Ia! Ia! Cthulhu ftagn!!

Re:At last...

[johnny0099]

They should rename it to Forrest Dump.

"And that's all I have to say about that."

how is this different from a smart card?

[jipn4]

This can be done pretty easily with a smart card: it only gives out the key for a limited amount of time. I suppose you have to trust the manufacturer of the smart card, but you also have to trust the manufacturer of the PC you're reading the message on, and its OS and ...

Re:how is this different from a smart card?

[ceoyoyo]

In this case you have to trust whoever writes the P2P software that it actually erases key packets and doesn't just forward them all to the author for, uh, future reference.

Hey hey!

[SGDarkKnight]

Sounds like we would simply need the device listed in paragraph 3, sentence 5 here
  in order to decrypt it :-)

Quotation reference mistkae

[aalevy]

The quote 'Our goal was really to come up with a system where, through a property of nature, the message, or the data, disappears' should actually be attributed to Prof. Henry Levy, not Amit Levy. The confusion was probably caused by the press release only refers to the last name.

Let's not forget Copy Paste

[strangeattraction]

So I get a copy and it gets cached or copy and pasted somewhere else. Busted. It is of limited use only for people that agree the data should be destroyed.

Re:We already have better tools for that

[FnH]

And now Vanish is the trusted third party .. I'll stick with Public Key Crypto.

Whatever the reasons public key encryption hasn't taken off (too much effort, no perceived threat, ...), it will be those same exact reasons that will prevent Vanish from taking off.

Who gets to read it?

[danking]

I am confused so hopefully someone can shed some light. They say there is no need to swap public keys with the person you are writing the message to. Does this mean anyone with the tool in Firefox can decode your message? Is there some way to specify who the reading parties are? That I am a little confused about and couldn't find any info about it in the articles. Hopefully someone can clear it up.

Re:Who gets to read it?

[clone53421]

Seems to be so... how else could you encrypt, for example, a Facebook status and allow "anyone" (anyone on your friends list) to decrypt it within the time window before it "self-destructs"?

Re:Who gets to read it?

[stuffeh]

Well, to get around the problem you're suggesting, all they would need to do is to use the "generalized key" that is out there for the whole public, run it through a key generator scheme like the Diffie-Hellman key exchange protocol and you've got a brand new key that uses a public and private key to be secure. I didn't read the article, so I've no idea how Vanish addresses this problem, but it is a very easy one to solve. Anyone in cryptography knows about the Diffie-Hellman algorithm and how well it works against Eve, however if Oscar were involved, that's another story. (Eve just listens, Oscar intercepts and modifies the packets).

Did we need a story for an answer

[JTsyo]

for the one further down where the guy wanted his data gone if the laptop was stolen. slashdot

Re:Corporate crimes Really?

[davidsyes]

I thought we (or at least very developed countries) already had laws on the books to combat corruption, fraud, embezzlement, collusion, anti-competitiveness, tax evasion/avoidance, and so on. Why would the existence or viability of "Vanish" vaporize culpability or liability or such. The absence of information corroborating corruption won't be the only way to bust crooked or derelict CEOs and company. Absence of time stamps, gaps in file queues, loose lips, and other things will (or can) aid in their undoing if an investigation commences.

Besides, anyone wanting to make sure their CEOs are held to account just needs to be in IT, or have a DIRECT LAW ORDER from the federal government "YOU ARE ****EXPLICITLY**** DISALLOWED PRIVILEGE TO USE "VANISH" FOR ANY BUSINESS, COMMERCIAL, ECONOMIC, PAYROLL, PAY-FOR-WORK, MEMORANDUMS OF UNDERSTANDING, LETTERS OF INTENT, OR THEIR LOGICAL EXTENSIONS OR PREDECESSOR ACTS. END OF STORY FOR YOU."

And, then let the legal chicanery and expensive case filings begin.

Some ISPs

[arazor]

Some ISPs have already made using P2P against terms of service. With this program I can governments just flat out banning all P2P as "terrorist tools".

50% Tech, 50% Hope

The core idea behind Vanish, if you dig 6 links deep to the actual technical information, is that nodes on a P2P network come and go. Therefore, if you break up the decryption key, and scatter it on the network, eventually some of those nodes will go away, and the key won't be recoverable. Apparently, the authors have some clever (unmentioned) trick to control the timing on this to a limited extent.

So, obviously, this doesn't work. It relies on the worst kind of trust -- trust of a P2P network. If the network is compromised, the data is permanently decryptable. Better yet, it relies on a P2P network to continue behaving the same -- if all nodes suddenly had 99% uptime, this would entirely stop working. Finally, even if this works, it doesn't make decryption keys "go away" -- it just makes it incredibly difficult for someone who doesn't have the key to obtain it. Anyone who already has the key will have it forever.

Cute. Here's how it works.

[Animats]

First, as is typical, the Slashdot article is three steps removed from the actual paper, which is worth reading.

It's kind of cute. What makes it work is that the indexing part of the Vuze platform, which is distributed over a few million user machines, has an 8-hour timeout. After eight hours, otherwise unused entries are purged from cache, like DNS cache expiration. So it's possible to use Vuze for unreliable short-term storage of key-value pairs.

(Normally, the Vuze hash is used as a index to BitTorrent blocks, and if there's a block on a server, the server puts it into the hash and refreshes it periodically, so the block stays indexed. But it's possible to put arbitrary key-value pairs into the distributed hash that have no relationship to BitTorrent blocks. If you put info in the hash and don't refresh it, it goes away after eight hours.)

So the sender generates a key, encrypts the message, spreads the key across some number of key-value pairs on random Vuze clients, sends a message telling what key-value pairs in Vuze contain the crypto key, and deletes the local copy of the key. The receiver gets the message, looks up the key-value pairs specified in the Vuze hash, reconstructs the key, decrypts the message, displays it, and deletes the local copy of the key. The receiving client has to do this every time the message is viewed.

This violates the Vuze terms of service, incidentally.

Re:Cute. Here's how it works.

[aaaaaaargh!]

So the sender generates a key, encrypts the message, spreads the key across some number of key-value pairs on random Vuze clients, sends a message telling what key-value pairs in Vuze contain the crypto key, and deletes the local copy of the key. The receiver gets the message, looks up the key-value pairs specified in the Vuze hash, reconstructs the key, decrypts the message, displays it, and deletes the local copy of the key. The receiving client has to do this every time the message is viewed.

Uh...unless the client just saves the plaintext message, of course. So the attacker has to intercept the message within approx. eight hours in order to retrieve the message and then store it forever. There may be scenarios where this can be useful, although I can't come up with one right now.

Re:Cute. Here's how it works.

[amateur6]

Amusing point about the Vuze POS.

But SHAME for not marking the PDF as such! Shame, shame to Animats!

Re:Cute. Here's how it works.

[Jason+Pollock]

So, in order to attack it, all you do is run a Vuze index server and store all of the key/value pairs that look like keys instead of a block hash. Ready made dictionary attack.

Legal Problem

[Phrogman]

Not to put to fine a point on it, companies are supposed to have an established document retention policy that specifies how long they will retain information like email messages. Most email it won't matter but if the contents in any way can be seen as a legal document - i.e. are business related - then destroying them this way might be seen as a deliberate attempt to cover up information by a court. IANAL, but I worked for some in this area, and its remarkably sensitive.

If someone at a company decides to use this tool, unbeknownst to the company and the other party is also using it, then the email becoming garbled and eventually deleted could become a problem should the company ever go to court. The court might require the company to produce a copy of all emails from the company during a given period (say the last 2 years perhaps), and if emails were destroyed in a manner that was not specified by the company retention policy it could cause the court to penalize the company when it fails to produce said emails.

When a company gets sued, its normal for them to place a hold order on the destruction of all documents, so they can't be seen as potentially covering things up. I hope that a tool like Vanish can be toggled to prevent unwarranted destruction, or someone is going to pay big time down the road.

It may seem like a trivial point, until you read of fines in the millions for companies who are unable to produce correspondence they should have preserved legally speaking. Moreover if the garbled email still exists, then the company might be required by the courts to unencrypt it - and if unable to do so, be penalized for that.

Re:Legal Problem

[Bodrius]

If someone at a company decides to use this tool, unbeknownst to the company and the other party is also using it, then the email becoming garbled and eventually deleted could become a problem should the company ever go to court.

Would that be different than if someone decided to use normal cryptography, and encrypt their emails to another party unbeknownst to the same company?

In both cases, the company would not be able to provide the cryptographic key to decipher the messages.

I'm getting the impression most people are looking at this as a solution to traditional crypto problems (corporate assets, legal docs, DRM), where it doesn't seem that relevant.

All of those can be considered valuable assets - in the sense that there is a concrete monetary value attached to them, in terms of business value, liability, or expected profits from sale. 'Vanishing' *valuable* data from the original source doesn't seem terribly useful, because if it is considered *valuable* it is likely to be copied/backed-up... and each recipient increases that likelihood.

IFF the information is very valuable, the usual security concerns about protecting against a resourceful untrusted party apply... and since the people with the key are trusted they can copy the data to a non-vanishing target anyway and break the loop. The more valuable, the more likley it will happen for non-malicious reasons, precisely because it will 'vanish'.

Where this seems useful is on large sets of *cheap* individual data more commonly shared online, for which individuals currently lack a good sense of value-as-privacy.

In general, we don't have yet a good instinct to preserve privacy online, at least partly because people are not used to communication networks being both *frictionless* and *persistent*.

If just a single assumption was broken, it wouldn't be a big deal... but the game has changed because *both* of these now occur transparently online.

We do not treat most personal data as information assets, nor do we really anticipate their aggregation, because for millenia *trivial* information would erode over time due to natural processes... people forget, business cards get lost, post-it notes become unreadable, etc. And in the context of that single communication, we could trust our estimate of how trivial that information was for both parties.

We're used to some erosion of information in real life - if in the middle of an in-person conversation we share freely a phone number or a mail address or some personal story with a friend, we don't expect that to be readable for millions of unknown people, or for it to be easily queryable years later, whenever anyone decides... for free.

This tech seems valuable precisely for that scenario because it resets the result of an online communication to those expectations, so we don't have to choose between giving up the idea of privacy or treating everything we say on casual conversation as some kind of 'information asset'.

Good Morning, Mr. Phelps

[mcgrew]

Should you decide to accept this assignment...

Re:Good Morning, Mr. Phelps

[Opportunist]

Oh effing great, do you know what you're doing to the poor tech support guys? "HELP! MY COMPUTER IS SMOKING!"

Re:We already have better tools for that

[sckeener]

exactly. Encrypting emails is trivial inside a company, but practically non-existent when dealing with people outside the company. That said we have company policies that state that everything sensitive in nature needs to be encrypted. Thus on a quarterly basis we have a discussion that goes no where because the options don't exist to make this policy a realistic reality.

The Best Forensics

[DaMattster]

I don't think it is possible to completely make your data vanish. Some of the best computer forensics experts can still get data back even when it has been "government wiped" with random 1s and 0s written to every hard drive sector. This claim is dubious at best.

Mod Parent Up - that's exactly what it does

[billstewart]

Disappearing Inc had a similar service back during the boom. They'd manage document keys for you, and you'd read the document using a reader that fetched a document key from their servers and opened a copy for you but didn't give you the actual key. When the key expired (based on whatever date you set with them, or a delete message), they'd delete the key, so nobody could decrypt the document later.

Re:Mod Parent Up - that's exactly what it does

[Opportunist]

What kept me from reversing their reader, then write a tool that fetched the key and stored it?

What's the big deal...

My MAXTOR drives have been doing this for years.

Re:Time changing mutation strings ?

[EricJ2190]

Please don't take anything you read in Digital Fortress seriously. It is a great thriller, but from a technical standpoint it is full of crap.

Good Morning, Mister Phelps

[LittleGuy]

Eight hours? The IMF usually needs 10 seconds/

Obsolete technology

[microbee]

..by Kindle.

What happens to the gibberish?

[Merovign]

I hope they thought about what to do with the content after the key is gone. Sounds like it stays out there, permanently scrambled, local storage and perhaps distributed.

If this becomes popular, then even though some people will delete messages, others will just let them gather, on servers, on their own machines, on forums and web pages...

I imagine after a few years, half the digital storage in the world could be useless data. :)

It is a clever hack, but not tidy.

Re:What happens to the gibberish?

[Opportunist]

Considering the random rants on Facebook, Livejournal et al, half of the digital storage in the world is already useless data...

Read the EULA

[puddles]

It appears the EULA requires you to wear this gizmo on your head where, after the requisite time period has passed, it zaps your brain with Amnesiatron (TM) particles to make sure you forget the message, thereby fullfilling the design goal of making the message vanish forever.

Oh and the computer will be equipped with C4 that will be triggered at the same time, just in case you happen to take a screenshot.

You don't want to know what will happen to the ISP...

Re:Time changing mutation strings ?

[Mister+Whirly]

I think the same could be said of all of Dan Brown's novels. (and you can even leave out the "from a technical standpoint" part)

Re:Application would be video streaming

[ceoyoyo]

It's a gimmick. You could easily store the key with a central authority instead of a P2P network, exactly the way DRM works now. In fact, I'd much rather the key for messages I send was stored WITH ME so I could be sure it was erased, rather than stored with Joe and Alice's P2P network (we promise we erase stuff! Honest!).

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

Hmmm

[ACMENEWSLLC]

You know, I never understood why short e-mail message have to be "transmitted" to the recipient in SMTP. As such, my e-mail is available for e-discovery requests aimed at the recipient as it's on the recipients computer.

In cases I didn't want that, I stuck an image on my web server and did a link to the https://passwordserver.com/dir1234/abc.jpg with headers set to no-cache. This being a CGI program.

The result is pretty similar TFA, but much easier obtained. P2P isn't going to be opened up on our network for this feature. In my example, the e-mail is also short lived. It's encrypted with no effort on the user, other than "load remote images" if they have that disabled. It's password protected, though not as nicely as this new Crypto key handling method. Once the server sends the JPG one time, it will only send it again to that same IP address with the cookie initially set on the first display as per the CGI script. The server then queues the JPG email up to delete after x many minutes via a database entry and scheduled job.

Now I can delete the message of the e-mail at will. If they don't read it after so many days, I can nuke it. They can print or copy/paste it, but it's not in their Exchange server nor is it on mine.

My attempt was quick and dirty. Places like MessageLabs and POSTINI already offer this service in a much nicer and easier format. We already see health care and banking use these services.

Re:Hmmm

[badzilla]

passwordserver.com is a link farm

Re:Time changing mutation strings ?

[DavidTC]

Also leave out the 'great thriller' part.

99%

[rockNme2349]

Dammit, I'm trying to decode your email, but it's been stuck at 99.5% for the last 4 hours!

Sarbanes-Oxley violation.

[Ungrounded+Lightning]

... the real idea is to prevent people who never originally saw the message from reading it down the road.

So a US corporation using this on its internal email (or even receiving email encrypted with this tool) would be in violation of the record-keeping requirements of the the Sarbanes-Oxley Act (unless they decrypted and kept an in-the-clear copy of EVERY such letter that arrived), even if they automatically archive all email they handle.

I bet a number of VPs of IT need a change of pants about now.

Re:Sarbanes-Oxley violation.

[FLEB]

Yeah. So, clearly they aren't part of the intended user base.

Re:Sarbanes-Oxley violation.

[Opportunist]

So they don't want to do biz with any SOA company? In other words, any company trying to trade its shares on any major stock exchange?

Good luck trying to peddle this to mom'n'pop shops...

Re:Sarbanes-Oxley violation.

[blueskies]

Because mom'n'pop shops need to send you your order information via Vanish? Just think no company in the world that trades on a major stock exchange uses IM, because all of those messages would have to be logged....

Re:We already have better tools for that

[Eskarel]

Almost certainly true. The point is that saying this is pointless because we've already solved the problem is fundamentally untrue, both because the research for this project has some interesting implications and because the problem is far from solved.

Use the RAM

[Opportunist]

And that's exactly the problem here. What keeps me from running that tool in a debugger and grabbing the key once it's reassembled? Worse, what keeps me from reversing the tool to learn its key gathering mechanism and collect the key pieces, assemble them and have the key?

Or hey, how about a really neat idea: How about simply grabbing the decrypted file from memory?

Re:We already have better tools for that

[Opportunist]

What's wrong with company level key collection and exchange of keyrings between companies? Scales fairly well and works great, for us at least.

Oblig XKCD

[rdnetto]

http://xkcd.com/177/

Re:We already have better tools for that

[Eskarel]

Generally those systems aren't actually all that well scaled, they just treat companies as individuals and key them as such. Sharing key pairs between a few thousand individuals who aren't all managed by one IT entity, isn't anywhere near as easy.

Re:poor man's encryption

[Lundse]

Brilliant! Someone build a mechanical implementation in lego, for those of us who don't typo so good... :-)