Deniable

Quicksearch

Disclaimer

The individual owning this blog works for Oracle in Germany. The opinions expressed here are his own, are not necessarily reviewed in advance by anyone but the individual author, and neither Oracle nor any other party necessarily agrees with them.

Navigation

< Proof-of-concept hack for encrypted direct messages on Twitter | The future of OpenStorage - or: Opensolaris Storage Summit >

Monday, February 23. 2009

I just thought about an interesting for the mechanism explained in "Proof of concept hack for encrypted direct messages on Twitter - you could deny that you are the intended receiver of the message. Just post the encrypted stuff as a public tweet. The recipient just have to read the public timeline and just reads all messages, gathers all crypted tweets and tries to decrypt them. Messages for other people are unencryptable for you, as you don´t have the correct secret key, but the messages for you are encryptable, thus you know, that the messages are for you.

BTW: You could use blog comments as well to transmit such messages. Just distribute a line per blog comment on a vast amount of messages. They have just a single point in common .... the pages with the comments are part of the first few hundred hits in Google blog search. The recipient knows the correct query (a shared secret for example as the google query "What to do with coronary insufficiency?")and is able to gather them, reassembles them and tries to decode it.

The whole mechanism described in this article isn´t new at all. It is the same idea used for the strange radio stations sending just rows of numbers.

Update: The actual code of the proof-of-concept doesn´t strip of the key-ids. Before using this code, you have to add --throw-keyids to gpgopts($opts). But i have to reiterate about this: The code was meant to test encryption and reassembly/decryption ... it´s not meant as actual production code.

Posted by Joerg Moellenkamp in English, Security at 13:41 | Comments (8)

Defined tags for this entry: encryption, gnu privacy guard, hack, perl, security, twitter

Related entries by tags:

View as PDF: This entry | This month | Full blog

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

Hi,

it's better not to be caught with the private key in your pockets or with a key that someone else had put in your pocket. And you better withstand some 'social engineering' tactics with hot coals or pincers. I hope most of us have their notebook harddisks encrypted for example. But how long can you stand if someone is beating you with a watschboing? IMHO this is one of the problems we are facing.

#1 hmw on 2009-02-23 18:38

When you aren´t named as the receipient there is no hint pointing to you having the knowledge of the key, so it gets less probable that they warm the coals for you.

#2 Joerg+M. (Homepage) on 2009-02-23 20:15

It is possible to find out the recipient's public key ID from looking at the ciphertext. Just try to decrypt it without having any secret keys in your keyring:

GNUPGHOME=/tmp gpg --no-default-keyring foo.gpg

Use "--throw-keyids" during encryption to avoid this.

#2.1 martin (Homepage) on 2009-02-24 07:21

This would be one of the issues someone would have to solve in the case she or he wants to implment this outside a hack.

#2.1.1 Joerg+M. (Homepage) on 2009-02-24 08:28

So you're writing up an article about deniability and then choose to ignore the major flaw in your architecture? That's just plain irresponsible. What you have here is not a "hack" but a stupid recipe for trouble.

#2.1.1.1 martin (Homepage) on 2009-02-24 09:30

Hi,

even if the identity of the participants is obscured by an approach it's sometimes enough to be suspected to be the owner of the key. According to a police chief from Frankfurt IIRC it's OK to hurt people to bring them to a point where they confess everything you want. The police chiefs statement led to far less opposition from our democratic parties than desired. Again, IMHO this is the way we are going. Maybe we can find technical solutions for this problems (Some people don't name this a problem, but I do), but I guess we need some other sharper tool.

#2.2 hmw on 2009-02-24 10:36

The deniablity was just an add-on and not part of the original idea. Just an afterthought.

To fix this, i just have to add some gpg options .... the code isn´t meant for production, thus flagged as proof-of-concept ...

#3 Joerg+M. (Homepage) on 2009-02-24 09:40

You can encrypt in shared secret key, optionally sign with a public key. Now, the person who posts such a message on a dead drop is always susceptible to the hot coal treatment, and if they know the recipient or any clues to finding the recipient, then the recipient is in trouble.

Also, ciphertext is pretty obvious. Steganography is not going to help you in Twitter, so you'll be limited to very small, coded-but-not-encrypted messages. For bulk espionage this just won't do. More nefarious uses are another story; for those the number of dead drops that could be used abound.

#4 Anon on 2009-02-25 01:15

The author does not allow comments to this entry

View as PDF: This entry | This month | Full blog

Competition entry by David Cummins powered by Serendipity v1.0