Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

After the Belfast Project Fiasco, Time For Another Look At Time Capsule Crypto?

samzenpus posted about 4 months ago | from the time-after-time dept.

Encryption 170

JonZittrain (628028) writes "I'm curious whether there are good prospects for 'time capsule encryption,' one of several ways of storing information that renders it inaccessible to anyone until certain conditions — such as the passage of time — are met? Libraries and archives could offer such technology as part of accepting papers and manuscripts, especially in the wake of the 'Belfast Project' situation, where a library promised confidentiality for accounts of the Troubles in North Ireland, and then found itself amidst subpoenas from law enforcement looking to solve long-cold cases. But the principle could apply to any person or company thinking that there's a choice between leaving information exposed to leakage, or destroying it entirely. Some suggested solutions are very much out of the box."

cancel ×

170 comments

Sorry! There are no comments related to the filter you selected.

Time capsule or doomsday timer (0, Offtopic)

Trogre (513942) | about 4 months ago | (#47192241)

This is another form of DRM.

Of course content providers will salivate over making these devices do just the opposite - provide access to a given device or media for an "approved" period of time before rendering it unusable.

Re:Time capsule or doomsday timer (2)

peragrin (659227) | about 4 months ago | (#47192323)

They already do that. most DRM schemes aren't infinite. Streams aren't designed to be downloaded and stored. DRM authentication servers go dark after 5-10 years.

This would at least ensure those files could be made available after the DRM servers died.

Re:Time capsule or doomsday timer (1)

pepty (1976012) | about 4 months ago | (#47193017)

Safety through obscurity: Encrypt the time capsule and put it in a virus. One that is targeted at, say, machines in Southern China running Windows XP. Do the same with the key. The viruses do absolutely nothing until the targeted time/date, after which their only function is to attempt to send the encrypted data and the key to the gatekeeper and the keymaster or whoever is supposed to get them. Meanwhile, two things you can bet on: 1. There will be a few machines still running XP in southern China 10 years from now. 2. No one will be searching or subpoenaing those machines for your time capsule.

Re:Time capsule or doomsday timer (1)

lgw (121541) | about 4 months ago | (#47193321)

To quote MC Frontalot

You canâ(TM)t hide secrets from the future with math.
  You can try, but I bet that in the future they laugh
  at the half-assed schemes and algorithms amassed
  to enforce cryptographs in the past.

Not like DRM (1)

Anonymous Coward | about 4 months ago | (#47192359)

DRM is predicated on the ability to give someone the key or a key-equivalent (capable of producing the plaintext media), and then essentially *take it back from you* along with the decrypted plaintext, so you can't reuse the key or otherwise record the plaintext without asking for permission again. That's impossibly daft.

This case, though, just needs a smartcard that's programmed to only give up a key after a certain amount of time has passed (i.e. the same things you trust to keep a key safe from someone who steals your one-time-password key fob, or your chip+PIN credit/debit card). Once the key is out it's out, and anyone with the key is allowed to read the plaintext as often as they want forever and ever, by design.

Re:Not like DRM (2)

fuzzyfuzzyfungus (1223518) | about 4 months ago | (#47192567)

It is certainly less conceptually doomed than DRM; but your standard tamper-resistant hardware is unlikely to cut it for this situation:

The fundamental issue arises if data retention is a serious concern: for common uses of tamper-resistant hardware, it isn't. It's just being used as an access token of some kind, so the actual secret is largely irrelevant, so long as the attacker doesn't get it. If it gets wiped, IT/customer service will just issue you another one.

With some sort of library/archival project, there presumably is some value to the secret, possibly a large one, and there can't be a credential-issuer(or I wouldn't bother to compromise your token, I'd just mail them a subpoena...), so you can't just destroy the secret casually.

This is a problem because 'zero the secret!' is basically the only response that a tamper-resistant system has available if it detects tampering. If that option is on the table, the attacker must negotiate any sensors and failsafes the designer felt like adding, correctly, or irrevocably lose what he came for. If it isn't, the attacker just has to avoid destroying the storage himself.

Adding time as a requirement just makes things more annoying: RTCs need continuous power, and that's both an avenue for attack(especially if we are working on the scale of human lifetimes, forcing your oscillator away from its expected frequency could shave years off the delay, even in the absence of any other attack) and an area more likely than silicon to fail by accident (you don't want to lose your data just because somebody slipped a counterfeit CR-2032 into the supply chain and it had only 20% of the lifetime you expected, do you?).

Re:Not like DRM (0)

Anonymous Coward | about 4 months ago | (#47192721)

Protection against data loss (assuming the plaintext has significant value, which it likely does) is definitely a concern with existing tamper-resistant hardware; excellent point.

Re: Not like DRM (1)

user317 (656027) | about 4 months ago | (#47192723)

what about using a large enough private key such that brute forcing it is the amount of time you want the message to stay hidden. Obviously adjust for the strength of the attacker and moors law.

Re: Not like DRM (0)

Anonymous Coward | about 4 months ago | (#47192899)

The issue is that rogue governments can compel you to disclose such a key -- e.g. by "legal" means such as the US's "National Security Letters", or by more direct "rubber hose cryptanalysis".

Re: Not like DRM (0)

Anonymous Coward | about 4 months ago | (#47193289)

I guess the point is to lose the kay. Thnen the only way to reach the message is by brute force, which takes some time. ( Actually it might take only 2 minnutes if you are lucky, or double the desired time. Doesn't sound very good for me)

Re: Not like DRM (0)

Anonymous Coward | about 4 months ago | (#47193301)

That's not an issue at all, because you erase the private key immediately after you use it to encrypt your secret. There's no advantage here to using a private key over a symmetric key however.

What is an issue is that brute forcing crypto takes an unpredictable time, dependent on the location of the key in keyspace and the order that you permute your candidate key. All that can be said is that brute forcing a key takes a predictable average number of iterations.

If you pick a 128bit symmetric key at random, there is a 25% chance you happen to pick one that falls between 0 and 2**126, which will take less than 1/4 of the time if the attacker is searching upwards, to find than if your key was (2**128)-1.

Easy solution: (2**128)-1 is the most secure key. Nope, that's the first key an attacker will try if they count downwards. There is no way to force your attacker to use a specific candidate permutation order, so all you can reason about is averages, and an average doesn't make for a very good time-lock.

Additionally, if you assume Moore's Maxim (it's not a law) will hold true over the time taken to find the key, then you fail if any of these happen:

A) Moore's Maxim runs out of steam, computers fail to get faster, and people lose interest in trying to break your time capsule. The secret fades into obscurity.
B) Moore's Maxim is greatly accelerated by advances in technology, and your beans are spilled while you're still alive.
C) The crypto you decide to use is broken, rendering technological improvements superfluous.
D) Someone diverts far more resources to the problem than you anticipated, and your beans are spilled early.
E) Nobody bothers with your time capsule, and your secret fades into obscurity.

Re: Not like DRM (1)

Anonymous Coward | about 4 months ago | (#47193269)

Too much uncertainty. The strength of the attacker varies by several orders of magnitude depending on motivation and moore's law is just a rule of thumb that might hit a brick wall at any moment.

Re:Not like DRM (1)

pupsocket (2853647) | about 4 months ago | (#47193325)

Alas, there will customers keen on destroying any hope of retrieving the historical record. Most of these will be government agencies.

Subpoena would lead to impounding the key-protection device. Then the "investigators" will either engage a lax hacker stooge to trigger the self-destruct or they will pretend to misplace it.

If your encryption is secure, the key is the secrt (1)

GoodNewsJimDotCom (2244874) | about 4 months ago | (#47192257)

Make the key two parts.

One part of the primary key is secretly delivered to the person. This is your standard PGP.

The other key is dispersed on a website after a certain time. Add the two keys together and you end up with a full key.

Re:If your encryption is secure, the key is the se (2)

Sarten-X (1102295) | about 4 months ago | (#47192275)

So who gets to keep the half that goes on the website? What's to stop them from getting subpoenaed, hacked, or otherwise compromised?

Re:If your encryption is secure, the key is the se (4, Insightful)

Ecuador (740021) | about 4 months ago | (#47192293)

Send it on an elliptical orbit around the sun. Depending how many years you want before the key is back in our neighborhood, you select the appropriate orbit. Hmm, perhaps SpaceX should look into it and start commercializing such a service ;)

Bloody brilliant (0)

Anonymous Coward | about 4 months ago | (#47192401)

n/t

Re: If your encryption is secure, the key is the s (0)

Anonymous Coward | about 4 months ago | (#47192875)

Better yet, send your time capsule into orbit around the sun. That'd make getting it back more exciting, too.

Re:If your encryption is secure, the key is the se (3, Interesting)

fuzzyfuzzyfungus (1223518) | about 4 months ago | (#47192427)

So who gets to keep the half that goes on the website? What's to stop them from getting subpoenaed, hacked, or otherwise compromised?

Nothing in principle. However, there are secret-sharing techniques that would make this more practical: it is possible to divide a secret into N parts; but construct the divided pieces such that anywhere from 1 to N of them are required to reconstruct the original secret.

This doesn't solve the problem in any fundamental way; but it does help. You can now control both the risk of the secret being permanently lost(increase the number of parties who have parts, possibly even providing a given part to more than one party) and control the risk of enough parties being compromised to reveal the secret(set the number of required parts equal to, or close to N, and distribute the parts among different jurisdictions, storage mechanisms, and so on).

No perfectly elegant solution; but at least you get to pick your poison.

Laws of Physics make it Impossible (1)

Roger W Moore (538166) | about 4 months ago | (#47193489)

This doesn't solve the problem in any fundamental way; but it does help.

Actually I don't think it is possible to solve it at a fundamental level. The laws of physics are invariant under time. In fact this symmetry is what gives us conservation of energy. What this means is that any physical system must work the same regardless of when it is operated. The result is that the only way to make such a temporal crypto algorithm would be to use a tamper-proof physical device which will measure the passage of time - you cannot develop a time lock algorithm which will only run when the time is X since no physical system can measure absolute time only a change in time.

Since making something like that would be exceedingly hard, if not impossible, to make tamper proof you are reliant on how securely the device is stored which is pretty much the system which already exists. All you can do, as you suggest, is make it hard to assemble the pieces before the correct time.

Re:If your encryption is secure, the key is the se (1)

currently_awake (1248758) | about 4 months ago | (#47192489)

Use an embedded computer, designed to self destruct if tampered with. When the clock runs down it uploads the secret code to the web site. You don't "have" the code, and any attempt to get it will "destroy evidence".

Re:If your encryption is secure, the key is the se (3, Interesting)

Rei (128717) | about 4 months ago | (#47192587)

I was thinking about this task a few weeks ago from the point of view of a real-world application: you're travelling in a war zone and want to ensure that your files are safe *even from yourself, your friends, your employer, and everyone who cares about you*. Because if you're taken prisoner, they're not going to use a 30 million dollar supercomputing cluster to crack the encryption on your laptop; they're going to work you over with a pair of pliers, perhaps taking off a few body parts, until you tell them. And if you don't have the key, they'll just threaten harm to you to people you care about who do - assuming they can't outright capture said people as well. Nobody you now can be responsible for the key. The key has to be held by someone who by nature of their contract doesn't give a rat's arse about you and won't change their terms even to save your life.

But of course, what if they were compromised - legally (subpoena), or extrajudicially (someone with a pair of pliers)? So we get into the sitution where a server for a service that controls giving out of keys needs to be safe even from its owners. While terms for key storage involving personal judgement calls (such as "did the person contracting with us successfully make it out of the country and is no longer under coersion?") can't be automated, simple time locks can, so the issue simply comes down to, "Can you keep reliable running key storage system that can't be compromised even by physical access"? A potential solution to reliability (since any system tht locked will be immune to maintenance as well!) would be to store the every key on multiple running systems in different locations in hopes that at least one of them lives long enough to yield the key at the correct time. As for security, for example, even with full memory encryption, ram is vulnerable to cold boot attacks and the key to decrypting memory has to be stored somewhere, but one solution to that is storing critical portions of data only in CPU cache. But that's only one possible attack vector among many. At least you could respond to a subpoena, "Hey, maybe you have a way to get at this data, but I sure don't. If you'd like to fund a multi-million dollar research project on how to get ahold of it, I won't stand in your way, I'll be fully cooperative..." You could also make it harder by having a multi-part key, with each part held by different entities in different jurisdictions. Though that could increase reliability challenges.

In short, at the very least you can make it very, very difficult to get keys. Maybe you can't stop a secret NSA raid on all physical servers taking part the world over, but you could stop pretty much anything else.

Re:If your encryption is secure, the key is the se (0)

Anonymous Coward | about 4 months ago | (#47193461)

Because if you're taken prisoner, they're not going to use a 30 million dollar supercomputing cluster to crack the encryption on your laptop; they're going to work you over with a pair of pliers, perhaps taking off a few body parts, until you tell them.

I spy a tiny weakness in your plan. The guys with pliers. Do you think that telling them that you don't have the key will stop them from taking off your body parts before you run out of convenient body parts to take off?

Re:If your encryption is secure, the key is the se (0)

Anonymous Coward | about 4 months ago | (#47192601)

So who gets to keep the half that goes on the website?

A hobbit. They can be trusted. Don't you know nothin'?

Re:If your encryption is secure, the key is the se (4, Funny)

AJWM (19027) | about 4 months ago | (#47193147)

A hobbit. They can be trusted. Don't you know nothin'?

No. Then it'd have to be a whole key ring.

Re:If your encryption is secure, the key is the se (0)

Anonymous Coward | about 4 months ago | (#47192339)

Make the key two parts.

One part of the primary key is secretly delivered to the person. This is your standard PGP.

The other key is dispersed on a website after a certain time. Add the two keys together and you end up with a full key.

This is a start, but you can generalize + scale it beyond 2. Threshold encryption allows N of M key holders to decrypt something. You can have semi-trusted organizations have lists of public keys for which they will publish the private keys at various times. You can pick some of those, and any additional private parties you wish, and set N and M as appropriate for your particular situation. There are a couple details to work out to get it all working, but it should be practical.

Exponential time; 1/2 key != 1/2 security (0)

Anonymous Coward | about 4 months ago | (#47192439)

You do know this damages the security of the system by way more than half assuming a brute-force attack, right?

Re:If your encryption is secure, the key is the se (1)

Nogami_Saeko (466595) | about 4 months ago | (#47192827)

Use a key that's distributed and at least partially redundant. For example, break the key into 20 sections, and allow decryption with a minimum of at least 11 of those sections present.

Distribute the key sections to geographically diverse, trusted people, in different countries with different governments, with the instructions to keep them somewhere safe, and on a certain date (ie: Jan 1, 2020) publish them online in a known location.

Sure, some people might be jerks, or accidentally publish ahead of time (or not at all), but assuming that (in this case) 55% of the keys are available, the file can be unlocked. Of course, you could change the number of key sections required based on how critical secrecy is vs. security, etc.

Keep it simple (3, Interesting)

Camael (1048726) | about 4 months ago | (#47192853)

You guys are thinking too much into this. Any third party you entrust your secret to (bank authorities, lawyers, software etc) is a potential point of breach.

Just keep your information in hard copy (papers, journals etc), put it in a box, lock it up and bury it. Entrust the secret and key to a son/daughter with strict instructions it is not to be opened until you pass away, with the warning that the secrets revealed may destroy the family.

The less people know about it, the more secure it is.

I'd rather trust family who have an interest in protecting your secrets rather than some stranger or worse, impersonal unthinking code. And having a living, thinking secret keeper who can respond to challenges and situations you may not even forsee is far more effective.

Space (2)

ObsessiveMathsFreak (773371) | about 4 months ago | (#47192287)

Launch the data into oputer space on a satellite, programmed to transmit the data after a set time period. For best results, send the machine on a massive period orbit to the outer solar system, or in a pinch, crash land it it on the Moon or Mars.

Governments will either have to give up, or else fund massive space project. Either way, we win.

Re:Space (1)

davester666 (731373) | about 4 months ago | (#47192333)

Yeah, I can't imagine the gov't ever sending up secret military missions that would involve intercepting satellites to gain access to their data. That's just too unbelievable.

Re:Space (1)

Rei (128717) | about 4 months ago | (#47192613)

Governments willing to spend billions of dollars to get your data aren't the general use case for such a time lock service.

Re:Space (0)

Anonymous Coward | about 4 months ago | (#47193539)

My satellite goes around the sun in a huge arch. It will come back close when it's time to broadcast. Good luck getting to it.

Re:Space (1)

viperidaenz (2515578) | about 4 months ago | (#47192361)

You'll also need a reasonably large space project to build and launch a satellite.

Re:Space (1)

Dwedit (232252) | about 4 months ago | (#47192483)

If you can't have space, you can have international ping times. Generate keys, deploy one in one place, one in the other, and keep bouncing messages off of each other.

Ocean (5, Interesting)

Anonymous Coward | about 4 months ago | (#47192847)

Easier idea. Put the data in a tiny pressurized capsule and drop it deep in the ocean. After a set amount of time the capsule is designed to inflate an air bladder, rise to the surface and transmit via radio frequency.

There's no way to retrieve this ahead of time because:
1. The ocean is vast and the capsule is tiny.
2. The ocean is so deep that you would have to send a robotic submarine to find it and no one would know where to look. If you can lose a plane at the bottom of the ocean, you can lose a 1 foot capsule even more easily.

best in thread. (2)

raymorris (2726007) | about 4 months ago | (#47193179)

I think this post may be the best in the thread because it answers the question (time based, not coy power), it's somewhat practical unlike astronomical solutions, and recent events show it would be secure. If multiple motivated governments can't find an airliner, someone in a Snowden-like position could be reasonably confident that a small container dropped even just off the coast of California would remain there for quite a long time.

Well yeah (0)

Anonymous Coward | about 4 months ago | (#47192295)

There's no honor in this world so don't be an idiot in trusting people with your private junk.

Do nothing (3, Insightful)

Sarten-X (1102295) | about 4 months ago | (#47192301)

Most modern cryptography works because it's difficult to solve certain math problems, but the limits of "difficult" keep getting bigger. It should be possible to make a rough estimate of how much processing power will be available to break your encryption by what date, to the parties of interest. Make your keys that strong, and hope you're close.

To build off of the Belfast Project example from TFS, a 50-year timespan might be reasonable. What kind of decryption ability might we have in 50 years? I'm no expert in cryptography, but an elliptic curve algorithm with a fairly-strong key seems reasonable to me. Encrypt it, destroy the plaintext, and forget about it. Forty-five years from now, a government might have the ability to decrypt the material, but they'd have to care, first. It might take sixty years for a data-crunching powerhouse like Google to decrypt it, and perhaps in sixty-five years, they'll see fit to run a PR stunt by unlocking the time capsule.

There's a lot of guesswork and estimation involved, but such is the nature of all time capsules. You're assuming that the capsule will be intact and unlockable at a future time, which necessarily involves predicting future capabilities.

Re:Do nothing (3, Insightful)

ZeroPly (881915) | about 4 months ago | (#47192405)

This will not work. "Available power" is not the same for different people. If you devise your key so that you will be able to break it in 20 years on a fast (projected) computer, a distributed project might be able to break it in 3 years. Remember that in 20 years, you want to be able to decode the data relatively easily, you can't assume that you will have 20,000 distributed nodes available.

Re:Do nothing (1)

Sarten-X (1102295) | about 4 months ago | (#47192479)

This is where knowing your parameters is important.

If you want to protect against a government, assume they have a large number of powerful computers. If you want to protect against a large corporation, assume they have a small number of very powerful computers. If you want to protect against a local power, assume a small number of fairly weak computers. If you want to decode the data easily at a given time, consider how much power you will have available by then. Maybe your project is pressworthy enough to get 20,000 distributed nodes, or maybe it's enough to get a few universities to contribute, or as mentioned before, perhaps just a benevolent corporate donation.

Ultimately, anything encrypted today has a built-in expiration date, after which it will be worthwhile for a given party to break the encryption to access whatever's inside.

Re:Do nothing (0)

Anonymous Coward | about 4 months ago | (#47193059)

This is where knowing your parameters is important.

If you want to protect against a government, assume they have a large number of powerful computers. If you want to protect against a large corporation, assume they have a small number of very powerful computers. If you want to protect against a local power, assume a small number of fairly weak computers. If you want to decode the data easily at a given time, consider how much power you will have available by then. Maybe your project is pressworthy enough to get 20,000 distributed nodes, or maybe it's enough to get a few universities to contribute, or as mentioned before, perhaps just a benevolent corporate donation.

The desired scenario, based on the suggestions in the summary of what this would be useful for: allow an individual to protect against law enforcement access over the next (say) 10 years, but regain access on an individual level at some reasonably near point in the future (lets make it easy and say 30 years). There's no public interest in the data, so it's not going to be subject to a massive distributed computing or research-level project. But also, to make it easy, lets assume that the data isn't *particularly* interesting to the government (so you only need to deal with resources available to local police and not, say, the NSA). How do you calculate your parameters for this scenario?

Re:Do nothing (0)

Anonymous Coward | about 4 months ago | (#47192635)

The goal is to keep a secret a certain number of years and not to force people to start to decrypt the secret today with a large number of computers in order to be done by some future date. You want a method to cost some large sum of money to be overcome but you also want it to be inexpensive to use as it was meant to be used.

safe deposit box? (1)

Psychofreak (17440) | about 4 months ago | (#47192705)

A safe deposit box with the data stored in it. A key in the possession of a time keeper, such as a suitable law firm, and a third party to receive the information.

But what format to use that will remain useable after 50 years...

Phil

safe deposit box? (0)

Anonymous Coward | about 4 months ago | (#47193555)

"But what format to use that will remain useable after 50 years..."

Yeah man. How could you possibly write something down for 50 years? I mean, I wish we had the technology, would be so nice to hear those sinfonies mozart wrote, or read some ancient books, or see some illustrations of old times. Too bad it's impossible.

Ok, I know you meant "digital rot". Easy to circumvent. Just describe formats used on paper, then burn data to silicon, steel, clay, or any other "lasts more than 50 years in dry conditions" media with laser or drill or something.

Nope (2, Interesting)

Anonymous Coward | about 4 months ago | (#47192309)

There is no way to do this purely in software, because there is no way for software to verify its inputs.

It ought to be conceptually possible to implement your "passage of time" example in tamper-proofed hardware, where the clock is part of the tamper-proofed payload.

Fundamental problem . . . (1)

mmell (832646) | about 4 months ago | (#47192313)

Regardless of the complexity, no cryptographic system yet known or theorized can be made absolutely secure.

Perhaps a "smart card" -like device (0)

Anonymous Coward | about 4 months ago | (#47192329)

You could envision a chip that's tamper-resistant at the hardware level (similar to the widely-used chip+PIN or one-time-password devices), contains a real-time or duration clock, is self-powered, holds an encrypted secret key, and will only give up that key in the presence of a passphrase AND after a certain amount of time has passed since it was turned on.

Lawyer up (3, Informative)

jbeaupre (752124) | about 4 months ago | (#47192337)

Communications with your lawyer are privileged. Give them your information with instructions on when and how to release it. Make sure to pay them in advance.

This is standard stuff in may novels because it kind of works.

Is it 100% effective? Maybe not. But it's a layer of protection. If you are especially paranoid, give one lawyer a 1-time pad encrypted hardcopy file. Give another the key.

Re:Lawyer up (4, Insightful)

Bill, Shooter of Bul (629286) | about 4 months ago | (#47192573)

This is ,of course, the right answer: laws, not encryption. The smartest people are the ones that examine the entire premise, instead of going along with the implied boundaries of a task.

Re:Lawyer up (1)

Anonymous Coward | about 4 months ago | (#47192645)

Laws can be used to punish people but don't secure your secrets.

Re:Lawyer up (1)

Rei (128717) | about 4 months ago | (#47192625)

Fine, if you're afraid of the government in your lawyer's jurisdiction. What if you're afraid of a foreign intelligence service, or simply a local thug who's not above manhandling lawyer?

Re:Lawyer up (0)

Anonymous Coward | about 4 months ago | (#47192897)

That's why you keep it secret. If you pay the attorney with cash and don't see them again before it's time to get the code, the likelihood of anybody figuring it out is quite remote. Even if you don't pay with cash, the likelihood of anybody even knowing there's something they might be interested in is remote.

Ultimately, you're better off worrying about them procuring a $10 wrench and just beating you until you reveal whatever information is necessary to open the file.

Re:Lawyer up (0)

Anonymous Coward | about 4 months ago | (#47193083)

Communications with your lawyer are privileged. Give them your information with instructions on when and how to release it. Make sure to pay them in advance.

This is standard stuff in may novels because it kind of works.

Is it 100% effective? Maybe not. But it's a layer of protection. If you are especially paranoid, give one lawyer a 1-time pad encrypted hardcopy file. Give another the key.

Doesn't work. At least in the US and the UK, legal privilege only applies to information provided for the purpose of obtaining legal advice. You can't ask your lawyer to hold information for you just to keep it safe, you have to have a valid reason for giving the information to the lawyer in the first place (e.g. disclosing what happened during an event you are being prosecuted for, so the lawyer can advise you how best to defend yourself).

See: http://en.wikipedia.org/wiki/Attorney%E2%80%93client_privilege and http://en.wikipedia.org/wiki/Legal_professional_privilege_in_England_and_Wales

Re:Lawyer up (1)

gl4ss (559668) | about 4 months ago | (#47193185)

well, it would work for the belfast project then. just make the library claim that they're a lawyer...

Re:Lawyer up (0)

Anonymous Coward | about 4 months ago | (#47193291)

Or a priest. Or doctor. Or a doctor/lawyer/priest.

"Lawyer up" doesn't work at all (0)

Anonymous Coward | about 4 months ago | (#47193165)

Two flaws:

1) Communications with lawyers are currently privileged, but laws can be changed so that they are not. Assuming we're talking about 21st Century America, that's even pretty reasonably possible.

2) Give me the lawyer tied to a chair, and a few simple tools, and I can obtain the information. If the lawyer explains that kidnapping and torture are violations of the law, blah blah something about confidentiality, I can reply with "I was asking you about the secret, not your laws," as I snip off one of his fingers. He won't try that distraction from the relevant issue, again!

Re:"Lawyer up" doesn't work at all (1)

pupsocket (2853647) | about 4 months ago | (#47193345)

Lawyers violate client confidentiality every day. They can't be compelled to do so -- except by their larger clients. There has to be something in it for the attorney. I've seen ample numbers of confidential documents from an attorney soliciting business from me. I think that showing off and acting like an industry kingmaker is the predominant motive, but I don't get to see the horse-trading among legal professionals.

Re:Lawyer up (0)

Anonymous Coward | about 4 months ago | (#47193465)

> Communications with your lawyer are privileged.
It's not that simple.

There are 3 requirements for attorney-client privilege to apply.

1. One party must be a lawyer.
2. The other party must be a client (or prospective client)
3. The communication must be for the purpose of obtaining legal advice.

The third one doesn't apply if you're just asking a lawyer to store documents for you. If it did, every cloud storage service would be set up as a law firm.

Fundamentally flawed (1)

viperidaenz (2515578) | about 4 months ago | (#47192353)

Computers don't know what time it is. They'll accept what ever time is set.

The only way to have something encrypted for a period of time is to not publish the encryption key for that period of time.

The first two links in the summary are basically "make it easy enough to crack based on an assumption of the computational power available in the future"
The 3rd is publishing a key on a network at a given time.

Re:Fundamentally flawed (1)

mysidia (191772) | about 4 months ago | (#47192377)

The only way to have something encrypted for a period of time is to not publish the encryption key for that period of time.

You can divide the secret key up into numerous pieces where M of N pieces need to be presented to reconstruct the secret key.

Then make sure the actors are sworn to keep their key share vaulted in a safe place and neither release their share of the key NOR reveal/disclose that they have a share of the key, until the release date, and M actors will not reside within the same legal jurisdiction.

In effect... nobody can be subpoena'd for the materials.

Re:Fundamentally flawed (1)

fnj (64210) | about 4 months ago | (#47192619)

In effect... nobody can be subpoena'd for the materials.

OK, let's assume all the actors are peers and there is no central actor "in charge". That implies the actors are not unknown to each other. Otherwise, to whom do they swear - how do they know they are not swearing to the wolf[*]? The first problem you've got is that your entire organization of actors is exponentially exposed by the conspiracy's mutual knowledge of the identities of the others.

The case where you have one chief, and none of the others knows anybody's identity except the chief, presents its own obvious weak spot. That chief is going to be seeing wolves in his sleep, if he can get any sleep.

In the fully distributed case, through customary detective work, the wolf identifies one of them, subpoenas him and forces him to give up his piece and the identities of all the others (more likely the wolf is able to identify a number of them and attack them in parallel to find all of them). Perhaps the wolf even identifies all of them using customary detective work.

The wolf has vast resources, including a gigantic wolf pack.

There is also the inverse weakness, where enough of the actors to prevent M from acting die or have a stroke before the time bomb is set to go off. Or they could have second thoughts about the whole thing. So then the secret in your time bomb is never exposed, but on the other hand the time bomb never goes off.

Now I will concede you have the germ of a good plan here. The jurisdictional distribution is particularly wise, but it is inexorably getting progressively weaker. Jurisdictions will tunnel into other jurisdictions unseen and accomplish abductions or attacks unseen, and the one world movement which openly subverts jurisdictional compartmentation marches stronger and stronger all the time. There may be ways to get around every one of my objections (and those I haven't thought of yet), but in the end cryptanalysis ALWAYS beats cryptography - principle of evolution. You encypt any particular piece of knowledge once, but the assaults never stop.

~~~~~~~~~~

[*] Actually they can never know that to a certainty. The scheme can be a false flag from the beginning. You can never find anyone whom you can trust to the same order as yourself. Yes, everyone trusts his brother, but on the other hand, as Yevgraf says, "... bothers will betray a brother. Indeed, as a policeman, I would say, get hold of a man's brother and you're halfway home."

Re:Fundamentally flawed (1)

viperidaenz (2515578) | about 4 months ago | (#47192937)

So basically it's "hide the key until you want to public"
You've just taken the 3rd link in the summary and used people instead of computers.

Re:Fundamentally flawed (0)

Anonymous Coward | about 4 months ago | (#47192385)

The 4th is threshold cryptography, where multiple parties together hold the decryption key, and it requires N of M to decrypt the file. As long as you can trust N of M people not to cheat, then the secret is safe.

Since when is SOLVING CRIME a fiasco slashdot? (1, Interesting)

Anonymous Coward | about 4 months ago | (#47192369)

Freaking weirdos around here skew what everyone else considers good and decent, as if they're twisted perception of reality is anything other than what it is: peverse, deranged, and psychotic.

Re:Since when is SOLVING CRIME a fiasco slashdot? (2)

Bill, Shooter of Bul (629286) | about 4 months ago | (#47192585)

This also. Crimes should be solved. Its not a fiasco. They gave written testimony to a third party that was not their lawyer, that is admissible in court.

However, I think the particulars of this situation are such ( the troubles were a terrible thing that I don't want to see reignited ), that I would not have advised the Brittish/Northern Ireland authorities to have pursued it. They're risking the peace that was very hard fought. The only innocent parties in the conflict were the innocent civilians that were killed by all of the fighting. Certainly none of the combatants, including the British government, were.

Re: Since when is SOLVING CRIME a fiasco slashdot? (0)

Anonymous Coward | about 4 months ago | (#47192883)

There are exceptions for spouses, medical professionals, and religious confessors.

In all of these narrow cases it's accepted that the social value of privacy exceeds the benefit of solving particular crimes.

There's merit to the argument that the Belfast confessions should likewise have been protected. In fact, most people, I think, would agree. OTOH it would be hard to fashion a rule here. In all the other cases its very clear cut when an admission is protected, because there's a clear status relationship. You either have a medical degree and were treating the patient, or you weren't. You were either married or you weren't. What would be the simple and clear rule for such sociological projects which didn't also protect admissions everybody agrees shouldn't be protected?

Re:Since when is SOLVING CRIME a fiasco slashdot? (1)

sonamchauhan (587356) | about 4 months ago | (#47193057)

Murder is murder. You either bring justice to the situation, or a higher party holds you to account.

In this case, 'You' being the British/Northern Ireland Govt., and 'higher party' being God.

Re:Since when is SOLVING CRIME a fiasco slashdot? (0)

Anonymous Coward | about 4 months ago | (#47193349)

Son. Do not bring me into this.

Your Lord,
GOD dammit you're all gonna die! You know that right? My little thing I've got over you. Makes you run scared. FEAR ME!

Re:Since when is SOLVING CRIME a fiasco slashdot? (1)

Anonymous Coward | about 4 months ago | (#47193581)

There is no God. So as a higher party that's kinda irrevelant. There is also no justice. Just things that happen or things that don't. There are things such as right, wrong, and morality, but they are different every time, and different for different actors. The best we can do is to force the surrounding societys idea of right and wrong to every actor. This is where mixing multiple cultures too fast fails. If the "law enforcement" differs from the view of the population it starts to fail. People will force their morals on others through violence. They always have.

Re:Since when is SOLVING CRIME a fiasco slashdot? (0)

Anonymous Coward | about 4 months ago | (#47193297)

This is because these freaking weirdos think that there would be no such projects if their integrity got systematically breached. No project - no evidence - nobody wins.

Assumes 'fiasco' (1)

Anonymous Coward | about 4 months ago | (#47192419)

Is anyone so sure that this is a 'fiasco'?

It might be seen as some abstract fiaso of ethics in the USA, but that shit happened to people for real. Boston College screwed up, for sure, with a rather naive and slightly patronising project, but the rest is the law at work, in a way that it should work; uncovering truth and exposing wrongdoers to prosecution.

I was a kid living in the south east of england, at the time, and the closest things really came was a bomb in a railway station at rush hour on a line my dad used; not very close at all. But to me it's more like a revelation than a fiasco.

I am of the view that the best solution is a truth and reconciliation commission. The story is extraordinarily complex (even down to the perhaps surprising reason the army were sent in the first place), but bad things happened on both sides through terrible reasoning. Nevertheless, progress has been astonishing, and it seems to me to be a failure of the full potential for human development that lessons for other similar struggles shouldn't be learned because some participants made some peculiar deals with entities who were outside the system.

The premise of this article is broken. (1)

tlambert (566799) | about 4 months ago | (#47192813)

Is anyone so sure that this is a 'fiasco'?

It might be seen as some abstract fiaso of ethics in the USA, but that shit happened to people for real. Boston College screwed up, for sure, with a rather naive and slightly patronising project, but the rest is the law at work, in a way that it should work; uncovering truth and exposing wrongdoers to prosecution.

People have a right against self-incrimination. At least they do in the U.S.. I've heard what passes for "Miranda Rights" in the U.K., and you are effectively forced to incriminate yourself to assert an affirmative defense later. Basically, you have to make a decision up front, often without legal counsel, in order to be able to rely on the information in court later, should you choose that method of defense later.

The real question is whether or not Boston University was (A) capable of offering such guarantees, and (B) failed in honoring its obligations, and (C) was legally in the right to honor said obligations in the first place, when the information in question involved criminal matters.

The premise of this article is broken. Time locked crypto would not have prevented the disclosure, since the point of the disclosure was to allow the study of the situation now, not after everyone is dead. Even had all reverences to specific individuals been struck, the remaining documents, if disclosed, would have been enough to conduct traffic analysis, and haul in the major players for interviews.

Clearly, by sealing the records from the Warren Commission until 2039 (a term which was reduced based on the FOIA), but then redacting sections of the report, and then keeping the rest under seal until 2017 (it's not clear the redacted portions will be made public at that time, or remain redacted), the government has acknowledged that there are cases where obtaining, and then judicially time sealing it until a later date, serves the public interest.

The question in this case is why, given a similarly sensitive political subject, the information was not treated the same way.

The only difference seems to be that they didn't specifically have apriori involvement of judicial authority.

Re:The premise of this article is broken. (0)

Anonymous Coward | about 4 months ago | (#47193303)

The premise of this article is broken. Time locked crypto would not have prevented the disclosure, since the point of the disclosure was to allow the study of the situation now, not after everyone is dead.

Funny how no-one else here has figured this out :)

A model based on social covenants (2)

heretic108 (454817) | about 4 months ago | (#47192421)

There is a social scheme to provide a level of relative security for an encrypted time capsule:
  1. Choose n separate trusted individuals or organisations, ideally scattered around the world and unaware of who each other are
  2. Gain promises from these entities that they will each send a block of data to the time capsule at a given time, and not before
  3. Decide by policy how many of these entities (m) should be required to do their part, for the time capsule to be decrypted
  4. For every combination of m entities, generate m strings, where the XOR of all these m strings arrives at the decryption key
  5. For each of the n entities, issue the required number of strings (n-1)C(r-1) required to contribute to every combination of m entities of which this entity is a part
  6. Each string is prefixed with a binary string of n bits, indicating by true/false values whether the string is part of a group of each of the n respective keepers
  7. The whole set of strings given to each entity would be prefixed by a 'keeper number' and then encrypted
  8. The time capsule curator destroys all record of who these trusted agents are, and relies on them to send their keys at the appointed time

Example - 10 keepers chosen, 4 in UK, 1 in Iceland, 2 in Australia, 1 in USA, 1 in Uruguay and 1 in Morocco. Policy chosen so that the cooperation of 7 is required to decrypt. Each keeper then is thus issued 84 strings. 1 agent dies, another agent gets busted, and a third agent becomes opposed to the decryption. This leaves 7 agents. They each send their key packages in to the time capsule curator, who decrypts each package, identifies which string within each package is need to form the key, XORs these strings, then arrives at a final decryption key. Even if an intelligence organisation manages to extract keys from 6 of the agents, they won't be able to decrypt. If on the other hand, they kill up to 3 of the agents and stop them returning their keys, the decryption can still go ahead. Ideally, you would want to set n and m according to perceived risk, plus the size of the data set. For example, 36 agents and 20 required would produce a key set which would fit into a cheap 8GB USB stick.

Re:A model based on social covenants (0)

Anonymous Coward | about 4 months ago | (#47192727)

You have one capsule curator, what happens if he dies? What happens if he is flooded with false keys on the appointed date because one agent was compromised and the date/time to send keys is revealed? If the date is 40 years in the future it is unreasonable to assume that the agents will still be alive in sufficient numbers or won't have lost their keys over the many years or will even remember that they are supposed to do something. Even the method of delivery could be changed sufficiently to make it difficult. For example, what method would a curator have selected in 1974? A telegram? What method would be reasonable for returning the information to a curator in 2054? How about in 2089 (75 years from now)? Email? WhatsApp message? Post to a website? Mail a USB key? Burn a CD and send it via FedEx?

If you wanted to make a note to yourself in 1974 to do something in 2014 how would you have done it and preserved that to-do task?

You've created something that might work but is so complex and requires so many participants over decades that it is likely to fail.

Re:A model based on social covenants (1)

complete loony (663508) | about 4 months ago | (#47192739)

To break up the key, you could just use Reed Solomon error correction. N bits of key + M extra bits for error correction. Then you break it into numbered pieces. Any combination of pieces that provide N bits can be used for recovery. If you assemble more bits, you can even correct some amount of bit rot.

Re:A model based on social covenants (1)

fnj (64210) | about 4 months ago | (#47192833)

Choose n separate trusted individuals or organisations ... Gain promises from these entities ...

Who is the implied subject here? Who is the one who knows the identities of all these actors and knows ("believes" being more accurate strictly) that they can be trusted? The subject is the single point of failure in the sense that he has the knowledge to give up the entire conspiracy. Then the wolves in the various jurisdictions can start to make deals with each other until all the actors are in the hands of the biggest baddest wolf. The wolves can also surreptitiously operate in each other's jurisdiction. See Mossad, 1972 Olympics aftermath.

In this general vein, I believe I can come up with a more promising conspiracy strategy. It involves an anonymous ring of n separate encryptions passing through n nodes, circling back to the origin. Intermediate decryption keys are all separately delivered to originator, but only at expiration time. On receipt of the result at the desired time in the future, originator can decrypt all the stages using all the decryption keys separately in the correct order, and verify that his original cleartext message is intact.

Strength: nobody anywhere has to have knowledge of the complete chain. The originator only needs to know the route to the first node of the ring, and so on. Each node can choose his own next node. If anybody but the originator picks a wolf to forward to, either by accident or by design, it does not do the wolf any good. The only thing that has to be published to all (published to world is assumed) is the target date for completion. Only the originator ever has all the pieces necessary to decrypt to the original plaintext, but he does not have the pieces until the appointed time. There is never any reason to hold the originator in custody or to think he can possibly be coerced.

Weakness: any individual node can break the chain, either by mistake or on purpose, or by dying or having a stroke before he can provide his decryption key to the originator at the end.

Caveat: the originator is evidently the single point of attack. So let him destroy both the original and the encrypted form of it, after he sends it on its first leg. All he saves is a hash of the original cleartext. So yes, he can be attacked, but unless the wolves intercept the encrypted transmission on that first leg, they will not possess anything the originator has the ABILITY to decrypt until the appointed time comes up. The wolves can intercept any or all of the other legs which have been traversed to date, and it won't do them a bit of good unless they crack the separate decryption keys of all the separate actors at every single traversed node. The longer the ring has become, the harder it's going to be to crack everybody.

You can readily think of all the implied weaknesses. They are all weaknesses of failed delivery, not subversion by the wolves. This can be countered by originator sending to multiple first nodes, and all nodes forwarding to multiple destinations. You could end up with many rings; at least one of them would be pretty certain to complete successfully.

Time release escrow (2)

whois (27479) | about 4 months ago | (#47192435)

I started working on software to do this a few years back. I concluded that all the software is already written if you have a need and the problems are all regarding the way the user wants to protect the information, how much money they have to spend and how careful they are. In other words, it's a social/societal problem and you could setup a consulting service to help people do it, but software probably wouldn't be much benefit.

Here is an example:

First encrypt all the things. Then give the encrypted file to anyone since you're going to assume for the sake of this slashdot post that the crypto is unbreakable (if you're unwilling to accept this assumption then feel free to divide the data the same way the key is outlaid).

Next establish some trusts in your name and appoint a number of people as trust managers. This should probably be more than one trust and definitely more than one person. You may even need to obscure who creates the trust depending on what you're hiding and who might want to get it. Try to make some of the trust managers overseas might be good if you're worried about long term survivability of your data, since stability of a country might be in question in 100 years or so.

Now, cut your key into two halfs (or more), write out instructions that the managers are to meet at some location at a certain date. None of the managers should know any of the other managers. For survivability you might give a duplicate copy of parts of the key to multiple people so if one person doesn't show up there is still a chance to recover from it.

Ultimately nobody has knowledge of anything. On the date in question the responsible people show up only with the knowledge they are supposed to arrive with their bit of information. It could be that they don't arrive anywhere at all and their instructions are to publish the information. Without having context only the receiver would know what the completed key was for, and even they might have only been instructed to hold on to data for 100 years then accept the key when it arrives.

This scheme works best if there are multiple companies around the world formed with the purpose of doing this for people, or if it was a common service asked for at banks/law offices/etc. If the lawyer is holding on to only one key for 100 years they might become curious and try to figure out what it's for. If it's one key amongst thousands then it's nothing more than a tiny amount of data they're paid to deal with. They would also be less likely to publish the information out of turn because it could be they're storing it for something worth less than the amount they're paid to escrow it.

Re:Time release escrow (1)

shoor (33382) | about 4 months ago | (#47192499)

Could the encryption be in the form of a one time pad? Then it would be 'unbreakable'. Perhaps there could be several one time pads, and only when all of them were brought together would the data be decodable.

Ultimately, the only suggestion I saw, including suggestions on the site, that would be as inviolable as the laws of physics, is sending the message in to space as electromagnetic radiation to a place where it would be echoed back. But first you would have to have something in position to do the echoing, so that won't be practical for a long time.

All the other methods depend on the world not changing too much. Governments, laws, and institutions remaining stable, Encryption methods not being cracked. Using a satellite in a far elliptical orbit would work with present technology, but if the message is supposed to be kept for 50 or 100 years, technology might catch up and the satellite be retrieved sooner than the originators wanted.

Re:Time release escrow (2)

currently_awake (1248758) | about 4 months ago | (#47192513)

The NSA monitors all communications, they might (probably) figure out everyone you gave keys to. I doubt they care about nationality, they will just break into the offices (or infiltrate the office) and take the keys. The device the key is stored in probably won't last 100 years, it will need to be copied onto new media periodically. Ultimately you can't trust people to keep secrets.

I thought this was a solved problem (0)

Anonymous Coward | about 4 months ago | (#47192485)

Say I have a piece of clear text I don't want you to read. I can encrypt it with a password. Now for you to read it you would need to brute force the password. This takes time. The strength of the password I pick will alter the speed at with you can read my message (somewhere between milliseconds and the heat death of the universe).

This however is not very practical because there is no way to know that you can read or will read after a fixed period of time. Too many variables. So Here is one way to make it a bit better. On my machine I take a salt and hash and rehash it for a minute. Then I use the output to encrypt my message and give you the salt and the number of hash operations I performed. Assuming you used the same hardware you could only read it after the time period it took to do the hashing (1 minute).

This still isn't very practical because hardware is always improving and I would not like to spend a large amount of time if I want to have a long delay for the message to be read. This to can be fixed. Since I have a multi-core cpu I make a salt for each core and start hashing. Then I use the output of the first to encrypt the salt and hash count of the second. I repeat this for all other cores, using the last hash output for the key to the message. Once again I give you the first salt and the first hash count. You are forced to perform the decryption in serial, while I was able to encrypt it in parallel. This allows us to make larger time delays and outperform new faster hardware with older slow hardware.

No DRM style trust or obfuscation is required. But if a weakness is found in the hashing algorithm before the read delay is met it will fall down. You also need to establish that your message (that could be fake) is worth the cpu cycles trying to unlock.

Mission impossible (1)

Charliemopps (1157495) | about 4 months ago | (#47192491)

Mission impossible figured this out it the 60s.

"This tape will self destruct in 5 seconds" *POOF*

But seriously, any truly secure system will have to take several things into account:

1. Any data transmitted in any way is vulnerable to interception.
2. Systems can be hacked using security vulnerabilities you're not even aware of.
3. Given enough time, all systems become circumventable with new technology.

So, so account for #1, you can't allow the data to be transmitted. So the data must be stored physically and locally. For #2, you must limit the readers ability to access the data. The more rudimentary the better. For #3 you need to prevent the physical storage device from making it into the future.

So, what I'd propose is a box that's at least an inch thick and made of lead (or other very dense material.) Access to the data on the device would be through a single serial port. You could only connect via telnet, and your security would remain internal. Power would need to be provided by an internal battery. The entire device would need to be lined with white phosphorous/oxidizer or other chemical igniter. The rules for setting off the phosphorous would need to be relatively simply so it couldn't be gamed. Any shock, rapid heat change, or attempt to open the device should set it off. And an attempt to drill a hole into the device would expose the phosphorous to air and likewise set it off. Also, after a certain period of time had elapsed OR the battery started to run low, it should go off. Attempts to hack the serial interface should set it off.

Viola, hackproof.

Re:Mission impossible (1)

gl4ss (559668) | about 4 months ago | (#47193235)

umm the problem for discussion is the opposite, how to bury the information so that it will be readable and found after certain time but not before.

for history preservation reasons, you know. destroying the information is pretty easy.

Mission impossible (0)

Anonymous Coward | about 4 months ago | (#47193601)

" And an attempt to drill a hole into the device would expose the phosphorous to air and likewise set it off."

I could drill it in a vacuum. Or inside protective gas. Wouldn't burn if it didn't have it's own oxidiser.

Base the Key on a Natural Periodic System (1)

JCaptainP (2702995) | about 4 months ago | (#47192541)

I think you'll need to generate a key based on some sort of natural system that's periodic. Let's suppose you have a noisy object in space that's consistent over time and visible only once a year. So create the key on day one, loose the key, then replicate the key the following year once visible. You'll have to select something where the noise is not already being recorded, but you get the idea. Maybe you'll need a series of objects to increase the strength of the key and maybe there's something else out there that is better but captures the spirit of the solution.

Just brainstorming. Sound reasonable? Is there any other natural systems such as the one I posed? I'm no cosmologist!

Over-thinking it? (1)

Nidi62 (1525137) | about 4 months ago | (#47192555)

Why not just get a safety-deposit box and a lawyer. Pay the lawyer to open the box up and distribute the contents after x-number of years. If you are expecting to die before that date put a clause in your will to continue paying the lawyer's fees. Worried the lawyer will retire before then? Word the contract so that the lawyer has to transfer it to another lawyer who keeps getting paid by you.

Re:Over-thinking it? (0)

Anonymous Coward | about 4 months ago | (#47192607)

You might as well put the secret in a box that says "Do not open until Nov 12, 2045". If a person controls the secret then the person can be compelled to reveal the secret. Read the article for why it is important to have a method that can't be overcome by force.

Re:Over-thinking it? (0)

Anonymous Coward | about 4 months ago | (#47192909)

Such a method isn't possible. The closest thing is probably just creating a key of N bits long and assume that it will be brute forceable at some point in the future. Then throw the key away. Computers don't know what time it is unless you tell them an accurate time. Attorneys and yourself can always be beaten into providing the information if they have it. Splitting the key amongst people works as long as they're willing to keep your secret.

Ultimately, there's no way of ensuring that a file won't be readable until a certain date that isn't vulnerable to this sort of thing.

clay tablets and benthic muck (0)

Anonymous Coward | about 4 months ago | (#47192623)

clay tablets and drop them into the benthic muck.

Delete Part of the Key (0)

Anonymous Coward | about 4 months ago | (#47192673)

I had an idea for how to do this one time, I never actually implemented it. You could simply delete part of the encryption key and make the rest of the key public. Then people would have to guess the missing bits which would require time exponential in the number of key bits you deleted. You could estimate the amount of time that would be required by your target audience to break the cypher by brute force (accounting for you favorite version of Moore's law) and delete an amount of key that was appropriate to your application.

I saw the movie (2)

drmofe (523606) | about 4 months ago | (#47192691)

"Promise me, Red. If you ever get out... find that spot. At the base of that wall, you'll find a rock that has no earthly business in a Maine hayfield. Piece of black, volcanic glass. There's something buried under it I want you to have."

Security by burying things under rocks seems as good a technique as any, in geological time.

Time delay storage. (1)

deimtee (762122) | about 4 months ago | (#47192967)

Write it out on archival paper, put it in a sealed ceramic pot and bury it on the lee side of a travelling sand dune.
- Ceramic so metal detectors won't find it.
- how high up on the dune is determined by how fast the dune is travelling, and how long you want it to stay buried.
- make the average density of the pot plus contents the same as the sand, so it neither sinks nor floats.

Why I'm doubtful a software/encryption method. (1)

meerling (1487879) | about 4 months ago | (#47192989)

The only way I can see files being kept inaccessible without putting them in a long orbit is to use hardware that is too much of a pain to compromise, possibly with a deadman destruction system to make tampering very risky.
If there's any form of encryption that has an existing key, all they need is the key. Of course, if they can't find it, it's no use for them, but it's pretty obvious that's not going to cut it since they are legally required to turn it over if given the proper paperwork. Going to jail for not giving it to them is not a viable solution to this dilemma.

They are after a way to make files safe for a predetermined period of time in such a fashion that it can NOT be accessed prematurely, it CAN be accessed after that period of time, and can't be easily circumvented by legal or other means.

Again, I don't see any way of fulfilling that without some hardware equivalent of a time lock safe. Obviously the 'clock' would have to be inside the protection system since if it wasn't that would be an easy way to pop it early.

It would be fantastic if someone can think of a perverse method of making this work just with encryption. I don't see it happening, but one in a million chances happen every day.

Solution (0)

Anonymous Coward | about 4 months ago | (#47192993)

Take a secure hashing function.

Hash some iv

Take the resulting hash and hash it.

Keep going for some time X.

At the end of X you have a key to use for your block cipher...

Encrypt your data..

Hang on to the iv

After you release the iv the data still has X at a minimum before being unlocked.

Forget it (2)

gweihir (88907) | about 4 months ago | (#47193157)

Just destroy the data reliably. There is enough vision-less scum around that anything else will be far too risky.

Ocean (0)

Anonymous Coward | about 4 months ago | (#47193215)

Put the data in a tiny pressurized capsule and drop it deep in the ocean. After a set amount of time the capsule is designed to inflate an air bladder, rise to the surface and transmit via radio frequency.

There's no way to retrieve this ahead of time because:
1. The ocean is vast and the capsule is tiny.
2. The ocean is so deep that you would have to send a robotic submarine to find it and no one would know where to look. If you can lose a plane at the bottom of the ocean, you can lose a 1 foot capsule even more easily.

forget digital (1)

swell (195815) | about 4 months ago | (#47193323)

""I'm curious whether there are good prospects for 'time capsule encryption,' one of several ways of storing information that renders it inaccessible to anyone until certain conditions â" such as the passage of time â" are met?"

The motivation for this question is vague. It could be that the OP has information about a criminal element that she wants released if she suffers an untimely death. It could be that the OP has solved the problem of nuclear fusion but is not ready to share it yet. The motivation is so vague that there is no way to address the question coherently - let's assume it's just for releasing info at a much later time.

'Time capsule' - I attended a time capsule burial a while back. Someone will dig it up in 100 years. It contains a variety of stuff- printed text, objects & some digital material. The digital stuff will probably be indecipherable with equipment available in the year 2108. The 'time capsule' concept might still be best despite our gravitation to digital and the 'cloud'. Encryption will not be necessary.

Printed text on quality paper should be good for well over 100 years. Physical materials might be the best way to preserve the message. A physical location might be the best place. A simple timer that sets off a weak explosion that exposes the trove might be ideal. Locate the capsule thoughtfully- not in downtown London, not in Antarctica, not in the Mariana Trench. Protect the payload from the elements. The timer & explosives need to survive the time you set. You might offer hints to potentially interested parties about the locale and timing of the release of your important capsule.

But before you go to all this trouble you should ask yourself- what information do you have that might matter to people in the future? Is this just an ego stunt or something that might really benefit someone in that time?

Not my solution, but I thought it was clever (0)

Anonymous Coward | about 4 months ago | (#47193335)

Shoot a laser at Alpha Centauri with your encrypted message. It should only be recoverable when the signal bounces back to us.

Quantum encryption (1)

sberge (2725113) | about 4 months ago | (#47193419)

So you make a quantum mechanical system which evolves over time and which only reveals the correct key if observed at the correct time. Observing it at any other time erases (parts of) the required information. Practically difficult to make if we're talking about delays longer than picoseconds probably, but the problem specification didn't include a timescale.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?