Deniable

I'm a member of

Quicksearch

Codenews Search

Disclaimer

The individual owning this blog works at Sun Microsystems GmbH in Germany, a subsidiary of Oracle. The opinions expressed here are his own, are not necessarily reviewed in advance by anyone but the individual author, and neither Oracle nor any other party necessarily agrees with them.

Navigation

< Proof-of-concept hack for encrypted direct messages on Twitter | The future of OpenStorage - or: Opensolaris Storage Summit >

Monday, February 23. 2009

I just thought about an interesting for the mechanism explained in "Proof of concept hack for encrypted direct messages on Twitter - you could deny that you are the intended receiver of the message. Just post the encrypted stuff as a public tweet. The recipient just have to read the public timeline and just reads all messages, gathers all crypted tweets and tries to decrypt them. Messages for other people are unencryptable for you, as you don´t have the correct secret key, but the messages for you are encryptable, thus you know, that the messages are for you.

BTW: You could use blog comments as well to transmit such messages. Just distribute a line per blog comment on a vast amount of messages. They have just a single point in common .... the pages with the comments are part of the first few hundred hits in Google blog search. The recipient knows the correct query (a shared secret for example as the google query "What to do with coronary insufficiency?")and is able to gather them, reassembles them and tries to decode it.

The whole mechanism described in this article isn´t new at all. It is the same idea used for the strange radio stations sending just rows of numbers.

Update: The actual code of the proof-of-concept doesn´t strip of the key-ids. Before using this code, you have to add --throw-keyids to gpgopts($opts). But i have to reiterate about this: The code was meant to test encryption and reassembly/decryption ... it´s not meant as actual production code.

Posted by Joerg Moellenkamp in English, Security at 13:41 | Comments (8) | Trackbacks (0)

Defined tags for this entry: encryption

, gnu privacy guard

, hack

, perl

, security

, twitter

Related entries by tags:

View as PDF: This entry | This month | Full blog

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

Hi,

it's better not to be caught with the private key in your pockets or with a key that someone else had put in your pocket. And you better withstand some 'social engineering' tactics with hot coals or pincers. I hope most of us have their notebook harddisks encrypted for example. But how long can you stand if someone is beating you with a watschboing? IMHO this is one of the problems we are facing.

#1 hmw on 2009-02-23 18:38 (Reply)

When you aren´t named as the receipient there is no hint pointing to you having the knowledge of the key, so it gets less probable that they warm the coals for you.

#2 Joerg+M. (Homepage) on 2009-02-23 20:15 (Reply)

It is possible to find out the recipient's public key ID from looking at the ciphertext. Just try to decrypt it without having any secret keys in your keyring:

GNUPGHOME=/tmp gpg --no-default-keyring foo.gpg

Use "--throw-keyids" during encryption to avoid this.

#2.1 martin (Homepage) on 2009-02-24 07:21 (Reply)

This would be one of the issues someone would have to solve in the case she or he wants to implment this outside a hack.

#2.1.1 Joerg+M. (Homepage) on 2009-02-24 08:28 (Reply)

So you're writing up an article about deniability and then choose to ignore the major flaw in your architecture? That's just plain irresponsible. What you have here is not a "hack" but a stupid recipe for trouble.

#2.1.1.1 martin (Homepage) on 2009-02-24 09:30 (Reply)

Hi,

even if the identity of the participants is obscured by an approach it's sometimes enough to be suspected to be the owner of the key. According to a police chief from Frankfurt IIRC it's OK to hurt people to bring them to a point where they confess everything you want. The police chiefs statement led to far less opposition from our democratic parties than desired. Again, IMHO this is the way we are going. Maybe we can find technical solutions for this problems (Some people don't name this a problem, but I do), but I guess we need some other sharper tool.

#2.2 hmw on 2009-02-24 10:36 (Reply)

The deniablity was just an add-on and not part of the original idea. Just an afterthought.

To fix this, i just have to add some gpg options .... the code isn´t meant for production, thus flagged as proof-of-concept ...

#3 Joerg+M. (Homepage) on 2009-02-24 09:40 (Reply)

You can encrypt in shared secret key, optionally sign with a public key. Now, the person who posts such a message on a dead drop is always susceptible to the hot coal treatment, and if they know the recipient or any clues to finding the recipient, then the recipient is in trouble.

Also, ciphertext is pretty obvious. Steganography is not going to help you in Twitter, so you'll be limited to very small, coded-but-not-encrypted messages. For bulk espionage this just won't do. More nefarious uses are another story; for those the number of dead drops that could be used abound.

#4 Anon on 2009-02-25 01:15 (Reply)

Add Comment

Name
Email
Homepage
In reply to
Comment	E-Mail addresses will not be displayed and will only be used for E-Mail notifications. To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above: Standard emoticons like :-) and ;-) are converted to images. Enclosing asterisks marks text as bold (word), underscore are made via _word_.
	Remember Information? Subscribe to this entry

View as PDF: This entry | This month | Full blog

Competition entry by David Cummins powered by Serendipity v1.0

Links in this article

The LKSF book

The book with the consolidated Less known Solaris Tutorials is available for download here

Twitterfeeds

twitter.com/c0t0d0s0
just blogged: Reengining: I've learned in the last few weeks that a simple design decision can make your life much... http://bit.ly/d9luy8

twitter.com/codenews
6935782 need to manually increment build number one more time http://bit.ly/aMqEbX

twitter.com/SunPatches
128365-04 - Sun Crypto Accelerator 6000 1.1: Driver Patch. Available for SPARC since Mar/19/10. http://bit.ly/agl9Nw

twitter.com/SolPatchesX86
118192-04 - SunOS 5.9_x86: gtar patch. Available since Mar/19/10. http://bit.ly/cbnoJ7

twitter.com/SolPatchesSPARC
118191-04 - SunOS 5.9: gtar patch. Available since Mar/19/10. http://bit.ly/cb2Drj