Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Plausible Deniability From Rockstar Cryptographers

CmdrTaco posted more than 9 years ago | from the because-you-can dept.

Encryption 358

J. Karl Rove writes "Nikita Borisov and Ian Goldberg (of many, many other projects) have released Off the Record Messaging for Gaim. Encrypt an IM, prove (at the time) that it came from you, and deny it later. The authentication works only when the message is sent; anybody can forge all the messages he wants afterwards (toolkit included). Captured or archived messages prove nothing. And forward secrecy means Big Brother can't read your messages even if he wiretaps you AND grabs your computer later on. All the gooey goodness of crypto, with none of the consequences! They have a protocol spec, source code, and Debian and Fedora binaries."

cancel ×

358 comments

Sorry! There are no comments related to the filter you selected.

FP (-1)

Anonymous Coward | more than 9 years ago | (#11109134)

FP MOTHERFUCKERS

You win it, although... (1)

Fecal Troll Matter (445929) | more than 9 years ago | (#11109164)

Contrary to popular opinion, I AM the Head Nigger in Charge.

Re:FP (2, Funny)

DarkHelmet (120004) | more than 9 years ago | (#11109172)

Yes... but can you prove it with absolute certainty?

Or is your FP plausibly deniable? ;)

Re:FP (1)

nullvector (694435) | more than 9 years ago | (#11109208)

I never sent this message.

first post (-1, Offtopic)

ezekiel683 (739858) | more than 9 years ago | (#11109146)

first post

Re:first post (0)

Anonymous Coward | more than 9 years ago | (#11109175)

Dude you are SO COOL! How do you manage it?

Re:first post (0, Offtopic)

phizman (742537) | more than 9 years ago | (#11109209)

Awh...I wanted to be the first to make fun of his first post :)

Re: freak (0)

Anonymous Coward | more than 9 years ago | (#11109198)

Such a fucking retard. Please stop this fp nonsence.

My foolproof encryption method (4, Funny)

Anonymous Coward | more than 9 years ago | (#11109152)

Who needs any of this? Just try what I do: write your messages as GW Basic programs. This is so uncrackable that even I can't tell what is in it after I use it.

Re:My foolproof encryption method (0)

Anonymous Coward | more than 9 years ago | (#11109563)

Damn. You have me beat by using a much older programming language [sic]. My method? the write-only language: Perl.

re (0)

Anonymous Coward | more than 9 years ago | (#11109177)

Whoo! This is great! at last I can... do... um... something. It's nifty, but to what end?

Dammit! (0)

Anonymous Coward | more than 9 years ago | (#11109178)

They said "What happens in Vegas stays in Vegas"!

Re:Dammit! (0)

Anonymous Coward | more than 9 years ago | (#11109204)

WTF happened to my GD LINK [direwolf.com] ?!!!!

Re:Dammit! (0)

Anonymous Coward | more than 9 years ago | (#11109669)

I'm pretty sure that was kinda offtopic, but please tell me there was something in the cake to sterilize everyone! We need a final solution to the trekkie problem

Ooh... (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#11109180)

I know a certain American President who might have wanted to affirm-then-deny he said some stuff...

Re:Ooh... (0)

Anonymous Coward | more than 9 years ago | (#11109218)

LOL

U R FUNNEE

Re:Ooh... (0)

Anonymous Coward | more than 9 years ago | (#11109249)

Too late - Monica already spilled it to the press...

Monica (1, Funny)

Anonymous Coward | more than 9 years ago | (#11109279)

It wasn't Monica who got in trouble for spilling something.

Re:Ooh... (0)

Anonymous Coward | more than 9 years ago | (#11109300)

Kerry lost the election you know.

Just need one other thing (3, Funny)

raider_red (156642) | more than 9 years ago | (#11109192)

A way to deny some of the stupider posts I've made on Slashdot.

It's called Anonymous Coward (1)

i_r_sensitive (697893) | more than 9 years ago | (#11109324)

'Nuf said

Re:It's called Anonymous Coward (1)

CAIMLAS (41445) | more than 9 years ago | (#11109432)

the down side: you can't actually view posts you made as AC without scrolling through the morass of others' comments. There's no "comments posted as AC" section for you to view for yourself so you can see your collection of +5 Flaimbait comments...

Re:It's called Anonymous Coward (1)

i_r_sensitive (697893) | more than 9 years ago | (#11109576)

Ahh, but the original request was to be able to deny the stupid posts made on /.

Or at least no mention of being able to anything but deny them, in the parent^3 post.

But, that is a neat idea, having /. keep the posts you ticked to post anonymously under your list of posts...

Now if you can figure out a way to submit such a request without it being summarily rejected...

Or maybe I'm just bitter...

I hope the distros will do their part (4, Interesting)

MikeCapone (693319) | more than 9 years ago | (#11109195)

This thing sounds great, but before it is really useful it needs to be out there in sufficient numbers. I hope that distros will start installing it by default on their default gaim version.

Re:I hope the distros will do their part (2, Interesting)

kippy (416183) | more than 9 years ago | (#11109325)

It shouldn't even be a matter of lots of people using it. After all, if you write something and get busted for it, you can use Plausible Deniability in court.

"Your honor, there is no way to prove that this message came from my client or was forged by the investigators who used to beat him up in gym class."

I guess then it would just turn into a matter of your word vs. theirs.

Any lawyers out there?

Re:I hope the distros will do their part (1, Interesting)

drspliff (652992) | more than 9 years ago | (#11109340)

Oh geat, then I can trade warez, cracks, credit-cards, underage porn, sate secrets, [name something highly illegal here] and nobody will be able to prove that i've done it.

I must say the mathmatical theory behind it seems fairly sound, kudos to them for a truly innovative idea.

No doubt every paranoid delusional security consultant out there will be saying 'Ah Hah! But __THEY__ have a backdoor...' Akin to the secret 'NSA' keys distributed with Microsoft(r)(tm) Windows(r)(tm)(we break thumbs). But I see this as a great advance in personal security that will (possibly) spawn a whole new era in security services and applications.

What we have to think seriously about is, what happens when this becomes widespread? We all know that spammers follow new technology and trends, so then they will (possibly) be able to send you hundereds of spam emails a day, and then deny that they ever did..?

--
Have you ever left your cluster on overnight to generate 1073741824bit RSA keys.. If so - your officially a paranoid geek :)

I wonder (4, Funny)

ab384 (810021) | more than 9 years ago | (#11109212)

How much later is "later"?

"Did I just say that I'd walk the dog?"
"Yes!"
"Nobody can prove that I just said that."

Re:I wonder (5, Informative)

Entrope (68843) | more than 9 years ago | (#11109282)

"Later" is after the speaker decides that conversation is over. You pick a signing key for your messages, sign it with your normal public key, send messages using the first key, and your correspondent can confirm you are who you claim. When you want to finish the conversation, you publish (at least to your correspondent) the temporary signing key, and anyone who has it can then forge messages that are as trustable as what you said.

Re:I wonder (5, Interesting)

roystgnr (4015) | more than 9 years ago | (#11109468)

What stops your correspondent from sending your messages to something like Stamper [itconsult.co.uk] before you publish the temporary key? After the temporary key is published it will be possible to forge messages signed by that key, but it won't be possible without the collaboration of the timestamping service to forge messages signed by that key and dated before it's publication.

Re:I wonder (1)

Lodragandraoidh (639696) | more than 9 years ago | (#11109562)

There is only one gotcha: if you are corresponding with those you are ostensibly trying to cloak your communications from.

They could then collect the plain-text and log the IP address from whence it came.

rah rah ree (0)

Anonymous Coward | more than 9 years ago | (#11109229)

down with big brother down with big brother down with big brother

remember the ministry of love does not care if they have proof if you did it or not. (they have proof, and have always had proof)

great work though, dont make it easy for th' bastards!

Rockstar Cryptographers? (3, Funny)

Chris Mattern (191822) | more than 9 years ago | (#11109275)

Does this mean it's going to feature in the next edition of GTA?

Chris Mattern

a little information would be nice (1)

frovingslosh (582462) | more than 9 years ago | (#11109277)

OK, I've followed the link and read, but the bottom line is, how does this supposedly do what it claims to be able to do?

Re:a little information would be nice (1)

andrewjhall (773595) | more than 9 years ago | (#11109315)

Erm, there's a reasonably detailed presentation there and a protocol description on the OTR homepage link provided. What more do you want?

From a cursory glance it looks like it'd work (yes, I realise that's not exactly a rigorous proof). Pretty cool stuff.

Re:a little information would be nice (1)

frovingslosh (582462) | more than 9 years ago | (#11109393)

Erm, there's a reasonably detailed presentation there and a protocol description on the OTR homepage link provided. What more do you want?

Well, there were a bunch of links, honestly I didn't follow them all. I was looking for a "how does it work" explination, not a protocol document. Now I've looked at the protocol document and all I can say is: How does it work? I'm hoping for one or two short paragraphs that can get across the basic concept, not a dozen or more screens of protocol information to try to digest.

Re:a little information would be nice (4, Informative)

farnz (625056) | more than 9 years ago | (#11109540)

It uses PGP to share a key between two or more people; it then uses that key to authenticate the conversation. The difference between this and OpenPGP is that OpenPGP authenticates that the owner of a given OpenPGP key sent a message. This scheme proves that someone with the shared key sent the message.

Thus, I can create a key that I send to my friend. He and I discuss things, both using that key for encryption. When we've finished, we publish the key used for the conversation, and anyone can now add to the conversation. Thus, while we keep the key secret between us, we're assured of a private conversation; when we publish the key, anyone can add to it, thus giving the denability

Re:a little information would be nice (4, Informative)

chill (34294) | more than 9 years ago | (#11109333)

It authenticates and creates a "conversation". This allows you to be certain the person on the other end is who you think it is. DH key exchange is performed.

Then, messages sent during that conversation are encrypted using disposable session keys. (128-bit AES w/SHA-1 HMAC).

Think of it as an authentication tunnel down which you send encrypted messages. The message encryption is in no way related to the authentication, and the disposable session keys mean they have no re-use value.

-Charles

Re:a little information would be nice (1)

frovingslosh (582462) | more than 9 years ago | (#11109455)

Thanks. That helps some, and makes it a bit clearer than jusr reading the protocol document. But I'm not clear on how this acomplishes Big Brother can't read your messages even if he wiretaps you AND grabs your computer later on.

I presume this has something to do with that authentication tunnel , but I'm not really following it. Do you understand it?

Re:a little information would be nice (1)

chill (34294) | more than 9 years ago | (#11109594)

The idea is the keys are disposed of when the tunnel is torn down.

If big brother gets your MAIN key, he has no way of recreating the SESSION keys. Those are created using key info from the person you are chatting with as well. Without those, the messages are now subject to brute-force.

NOTHING is perfect. If your machine is compromised BEFORE you start the conversation, it would be possible to get everything and crack it nicely.

Hmmm...I do wonder about how hard it is comparitively to cryptanalyze ultra-short messages like chats.

"LOL" and "whats up" is only going to encrypt so many ways. I did't see a provision for refreshing session keys, but I only glanced thru the code and docs and didn't read it in depth.

If it only uses ONE session key per session... that could be a major weakness. [Could be. I'm not a professional cryptographer, but it looks like a potential hole.]

-Charles

Re:a little information would be nice (3, Informative)

stolen.identity (804896) | more than 9 years ago | (#11109628)

The key seems to be the "disposable key" part.

With normal public-key crypto, you sign with your actual private key, and you encrypt with the recipients actual public key. This means that if someone gets hold of the recipients private key, then can decrypt the messages, and because your public key is, well, public, they can prove that you wrote the message.

In this system, you generate throw-away keys, and exchange them securely when you start communicating. After you are done communicating, you can just throw away the keys, or you can publish them if you want. They are of no use, really. Someone can decrypt your communication, but they can't prove that it was you that wrote it, and once you publish the key, anyone else can forge messages that look like they were part of the conversation.

During the conversation, you have the security, authentication and non-repudiation that you are looking for - you can be sure that the other party is who they say that they are, that all messages are actually from them, and that only you can read those messages.

As soon as the conversation is over, you give away the keys and all bets are off - there is no longer a way to prove the identity of the person who sent the message since anyone can now forge messages that appear to be part of the conversation.

Re:a little information would be nice (0)

Anonymous Coward | more than 9 years ago | (#11109647)

If you assume big brother to have perfect knowledge of the conversation (i.e. all relevant packets) and perfect knowledge of one of the parties (by grabbing their computer) than no bit-manipulating encryption scheme will protect the privacy of the content - They can do whatever the party whose computer was grabbed could have done to read it.

However, under this scheme, since they can authenticate the messages, they can also forge them - Therefore the other party has deniability (unless linked to through IP addresses and such).

It's not perfect, but it is much better than anything else that I know of... And it is very close to perfect if you can make the initial exchange off the tapping grid - exchange the share secret of the net, etc.

I, ehrm, (-1, Offtopic)

Joe Enduser (527199) | more than 9 years ago | (#11109292)

I, for one, welcome our new overLOTR!

If you want some mad hacker credz... (1)

Anonymous Coward | more than 9 years ago | (#11109310)

...port this to Miranda [miranda-im.org] .

Gaim should support standard compliant encryption (2)

Lorphos (194963) | more than 9 years ago | (#11109313)

I think cross-client compatible encryption is more important at the moment. Jabber offers OpenPGP, but the development of the gaim plugin that also does this has stalled a while ago. Bummer. As long as only gaim talks to gaim with a particular encryption, it won't get used on a wide scale.

Re:Gaim should support standard compliant encrypti (0)

Anonymous Coward | more than 9 years ago | (#11109655)

YES, please please please.
And also make this a standard.

I wonder (2, Funny)

WormholeFiend (674934) | more than 9 years ago | (#11109321)

Is there an Internet Cafe at Guantanamo?

Re:I wonder (0)

Anonymous Coward | more than 9 years ago | (#11109641)

Uhm, wild guess..yeah? For the soldiers..

Big brother doesn't need proof (5, Insightful)

Anonymous Coward | more than 9 years ago | (#11109328)

Sometimes Big Brother can 'prove' anything by force. Why do you think he's called Big? Small people need stuff like evidence, proof, and proper legal process. There are many recent examples of Big Brother having his way, proof and fact be damned.

Re:Big brother doesn't need proof (1)

confusion (14388) | more than 9 years ago | (#11109516)

ie. who cares what they can or can't prove after they burn your house down :)

Jerry
http://www.syslog.org/ [syslog.org]

Deniable until they look at your swap partition (5, Insightful)

G4from128k (686170) | more than 9 years ago | (#11109329)

If you create a message, chances are that fragments of the plain text will be in various caches and VM pages on your harddisk. It may not last for very long -- being overwritten by subsequent paging -- but if someone takes your computer soon after, they may find incriminating junk on the HD.

Re:Deniable until they look at your swap partition (1)

CAIMLAS (41445) | more than 9 years ago | (#11109403)

So don't use a swap partition. If it's a concern of your's, at least. What are you, a criminal? :P

If you're using gaim, chances are high that you're also using linux. There's no rational reason to be using a swap partition on a linux desktop, what with the price of RAM these days.

Re:Deniable until they look at your swap partition (1)

burns210 (572621) | more than 9 years ago | (#11109600)

How about using SELinux (plus extensions?) to setup Access Control Lists and encrypt/strong wipe the swap drive?

Mac OS X 10.4(i believe) will support encrypting the swap file, and is going to use ACLs to boot. Linux is surely capable, I would assume.

Re:Deniable until they look at your swap partition (1)

MightyMartian (840721) | more than 9 years ago | (#11109407)

> If you create a message, chances are that fragments of the plain text
> will be in various caches and VM pages on your harddisk. It may not last
> for very long -- being overwritten by subsequent paging -- but if someone
> takes your computer soon after, they may find incriminating junk on the
> HD.

FBI Agent: Sir, we found this on the hard drive: "Bin Laden... good... airplanes... Cheezies"

Supervisor: Obviously this man is talking about what a good job Bin Laden's doing, and clearly he's talking about overpowering the flight crew with a bag of delicious yet deadly Cheezies. Bring this swine in, and phone the FAA, and get them ban all corn puff-like snacks. Oh, and stick all dark-skinned women through X-ray machines for good measure.

FBI Agent: By God, I love America!

Re:Deniable until they look at your swap partition (0)

Anonymous Coward | more than 9 years ago | (#11109412)

It would be trivial for them to avoid this problem. At least in Windows you can use VirtualAlloc to allocate non-swapable pages, and I'm sure you can do something similar in Linux as well.

You do raise an interesting point, though. Did they remember to allocate the memory this way?

Re:Deniable until they look at your swap partition (0)

Anonymous Coward | more than 9 years ago | (#11109413)

I only use physical RAM, you insensitive clod!

Re:Deniable until they look at your swap partition (1)

sqlrob (173498) | more than 9 years ago | (#11109419)

Aren't encrypted swap partitions possible?

Re:Deniable until they look at your swap partition (0)

Anonymous Coward | more than 9 years ago | (#11109566)

With OpenBSD, anything can be encrypted (swap, usual partitions) with a flag in a config file.

Re:Deniable until they look at your swap partition (4, Informative)

Mr.Ned (79679) | more than 9 years ago | (#11109429)

That's why you have encrypted swap. On OpenBSD it's as simple as setting the sysctl 'vm.swapencrypt.enable=1'; there are HOWTOs for other operating systems. Look for the device mapper on Linux, for example.

Re:Deniable until they look at your swap partition (0)

Anonymous Coward | more than 9 years ago | (#11109493)

That's okay..I have my Swap set to a ramdisk...used to have it Swap to tape but it was a little slow.

If you create a message, chances are that fragments of the plain text will be in various caches and VM pages on your harddisk. It may not last for very long -- being overwritten by subsequent paging -- but if someone takes your computer soon after, they may find incriminating junk on the HD.

how about dual-plaintext messages? (4, Interesting)

man_ls (248470) | more than 9 years ago | (#11109397)

I really want a cryptosystem where I can enter, say, two different plaintexts (of similar length, I imagine) and then there are two keys: the private key, and the decoy key.

If required to give up "your private key" then give up the decoy key. The decoy plaintexts decrypts, and you're done. The real plaintext is still hidden away.

Does anything like this exist?

Re:how about dual-plaintext messages? (3, Interesting)

myowntrueself (607117) | more than 9 years ago | (#11109463)

"Does anything like this exist?"

Its called 'steganography'

What you do is you have a huge stash of embarassing hardcore porn, say 'bukkake bloopers 2000'

You use steganography to hide your real naughtyness inside those images and encrypt the image archive.

When someone insists that you decrypt it, you naturally get really embarassed but finally relent.

They see what you are 'hiding' and maybe laugh in your face; but they don't detect the stegged content (which would, presumably, be *far* worse than 'bukkake bloopers 2000' but what *that* could be I cannot imagine).

Re:how about dual-plaintext messages? (1, Interesting)

Anonymous Coward | more than 9 years ago | (#11109552)

While your idea is good, look into Phonebook Encryption, this is more of what the grandparent wanted.

Re:how about dual-plaintext messages? (3, Funny)

corbettw (214229) | more than 9 years ago | (#11109587)

What you do is you have a huge stash of embarassing hardcore porn, say 'bukkake bloopers 2000'

They see what you are 'hiding' and maybe laugh in your face

There's a joke in there somewhere, I just know it...

Re:how about dual-plaintext messages? (0)

Anonymous Coward | more than 9 years ago | (#11109505)

A one-time pad? Any sequence of bytes can be decoded into any other sequence of the same length by xoring it with the right key. One key decrypts to the Book of Mormon, another decrypts to a picture of Cowboy Neal with a goat. You can make up keys after the fact to perform alternate decryptions!
But you really, really, need to hide the encryption key.

Re:how about dual-plaintext messages? (3, Interesting)

Speare (84249) | more than 9 years ago | (#11109547)

I thought of the duress keyphrase, too. While we're randomly thinking, I once imagined that a good keyphrase (decoy or otherwise) would be the full text to the Fourth Amendment. Then recite the keyphrase only under oath before a Judge. Worth a shot, anyway.

Re:how about dual-plaintext messages? (1, Interesting)

wronskyMan (676763) | more than 9 years ago | (#11109671)

Don't you mean the fifth?

Re:how about dual-plaintext messages? (3, Interesting)

Qzukk (229616) | more than 9 years ago | (#11109581)

Yes, its called "Phonebook Encryption". Not sure why. It's written by familiar faces [freenet.org.nz] though.

Re:how about dual-plaintext messages? (1)

Qzukk (229616) | more than 9 years ago | (#11109616)

As an aside, the steganography idea mentioned by another poster above is probably the one I'd use.

With this thing on your computer, you could give them the fake key, and in a couple of days they'd figure out that you've got the phonebook userspace tools on there and realize they've been had.

Re:how about dual-plaintext messages? (2, Interesting)

stud9920 (236753) | more than 9 years ago | (#11109608)

Disclaimer : IANBS (I am not Bruce Schneier)

1. use the decoy D plaintext as a One Time Pad (yes, OTPs are inconvenient and need to be transmitted secretely too) and encrypt your plaintext P with it. This gives ciphertext C. C = f(P,D)=f(D,P)

2. when "they" require you to give up your key, give them the message you wanted to hide from them. Cross your fingers they don't look at that OTP. When they decrypt the ciphertext with the key, they will get the decoy message. Just hope for them not to look at the key you gave them. Social engineer them to just decrypt without looking at it. P=f^-1(C,D); but also D=f^-1(C,P), (cipher algo f was chosen to respond to this law, and must be given to the authorities.

Apart from this very dangerous method, I don't think there is a way to create a cipher that would transmit a innocent and a less innocent message together without getting a ciphertext with an Quantity of Information not higher than either messages. In fact, OTP methods *do* transmit more information than the payload, ie the OTP has to be transmitted too.

Rubberhose Cryptanalysis (1)

sleepingsquirrel (587025) | more than 9 years ago | (#11109657)

I really want a cryptosystem where I can enter, say, two different plaintexts (of similar length, I imagine) and then there are two keys: the private key, and the decoy key.
You're searching for a system that isn't vunerable to 'rubberhose cryptanalysis'. See also this slashdot thread [slashdot.org] .

Excellent! (4, Interesting)

boodaman (791877) | more than 9 years ago | (#11109401)

Wonderful stuff if it does everything it is supposed to do. I can't wait to check it out.

I've often wondered about this when it comes to forensics testimony. For example, even if you have my computer with some incriminating evidence on there, how can you prove beyond reasonable doubt that I put it there? I would think that unless you have a video tape of me typing the incriminating evidence on the keyboard, and can prove that the tape was made at the time in question and is unaltered, is the only way to prove anything.

Computers can be programmed to do anything at anytime, including carrying on a "conversation". You can also easily create an incriminating e-mail message that looks like it was sent, but it never was. Ditto log files, etc. For example, Apache log files are text: it would be trivial to create a script that spoofed a log file with your IP address as the incriminating info...but then how does the plaintiff prove that isn't how it was created?

Re:Excellent! (4, Interesting)

liquidpele (663430) | more than 9 years ago | (#11109449)

Many a person has been framed by smart assholes putting porn on their computer and then anonymously turning them in. In other words, they assume that if it's on your computer, you put it there. As for log files, I would think alibis would come into effect. If it says you attacked server X on Jan 4th at 2pm, but you were at the beach all day with friends, then you'll probably get off the hook (maybe).

Re:Excellent! (0)

Anonymous Coward | more than 9 years ago | (#11109583)

If it says you attacked server X on Jan 4th at 2pm, but you were at the beach all day with friends, then you'll probably get off the hook (maybe).

What if I took my laptop? Am I fucked?

Re:Excellent! (0)

Anonymous Coward | more than 9 years ago | (#11109520)

For example, even if you have my computer with some incriminating evidence on there, how can you prove beyond reasonable doubt that I put it there?

If a jury can convict a man for murder of his wife based solely on things like having an extramarital affair or even just how his face looked during trial, then don't expect you'll be able to weasel out of owning a computer with incriminating evidence on it.

it's called REASONABLE doubt for a reason (1)

davidwr (791652) | more than 9 years ago | (#11109622)

Criminal cases are prosecuted "beyond a reasonable doubt" not "beyond an absolute doubt" for a reason.

In most cases, there's always the outside chance that the person is being framed, there is a case of mistaken identity, or the evidence is mis-interpreted. Prosecutors go with the most-likely scenario, and juries are supposed to aquitt when the level of doubt is >= "reasonable."

With crimes involving computers, it's really bad for you if you are the only one who uses the computer or who has access to that computer account. It's almost as bad if everyone but you has a good reason why they did not do it, leaving you as the only plausable suspect. Sure, the kid next door might have picked your lock and snuck into your house while you were asleep and downloaded k1dd13-p0rn, but you probably won't even think to raise that as a defense.

As far as proving things, if there's a high-profile, long-term investigation, cops are going to get wiretap and survellance warrants and install keystroke loggers if they think they won't get caught doing so.

Re:Excellent! (1)

the_rev_matt (239420) | more than 9 years ago | (#11109676)

There are logs all over the place. Your isp/employer will have logs of when you connected, checked mail, etc. I've done forensics on hack attempts on web sites and had to compare our logs with those of the ISP for the attacker in order to have what was considered meaningful evidence. An IP address is meaningless without context, as you say. A preponderance of evidence from multiple unrelated sources gives sufficient context.

Slashdot is criminally irresponsible posting this. (-1, Troll)

Anonymous Coward | more than 9 years ago | (#11109404)

But I suppose I should expect that from slashdot, it has never really cared about the bigger picture. We are AT WAR in case anyone had forgotten.

Re:Slashdot is criminally irresponsible posting th (0)

Anonymous Coward | more than 9 years ago | (#11109542)

may be YOU are, but WE are not...

Re:Slashdot is criminally irresponsible posting th (-1, Flamebait)

hesiod (111176) | more than 9 years ago | (#11109681)

I am not at war. Yes, I am an American citizen. I do not support the war, I do not "support our troops." IOW, YOU need to look at the bigger picture: not everyone agrees with your politics.

You are criminally irresponsible for voting for Bush. Did you? Doesn't matter, if you can call me a criminal for no reason, I can call you a criminal for no reason.

This is great... (3, Interesting)

Duncan3 (10537) | more than 9 years ago | (#11109406)

Not sure for _who_, but it's great.

I can see some people having huge use for this, drug dealers, chat room stalkers, and of course all communications between an executive and their broker ;) Any place you need to be able to say "I didn't say that" later - where woulkd that be except a courtroom???

I can't think of any good reason for _me_ to use it tho. Maybe I'm just not shadey enough.

Re:This is great... (1)

PornMaster (749461) | more than 9 years ago | (#11109461)

Some things are Right(tm) but not legal.

If you assume a benevolent government, then you don't need it. There are plenty of people who don't.

Re:This is great... (0)

Anonymous Coward | more than 9 years ago | (#11109533)


Some things are Right(tm) but not legal.


Some people would say that these are exactly the things about which citizens need to stand up and be counted, not look for plausable deniability.

Of course, if by "Right(tm)" you mean "WAAAH, but I WANT it!!!" I understand your point.

Re:This is great... (0)

Anonymous Coward | more than 9 years ago | (#11109558)

You're missing the point. Lets talk about the way that a global elite has you bent over the barrel, let's discuss Haliburton, Enron and the Bilderberg group, let's do it so that the enemy can't evesdrop ;-)

I thought they meant the game company... (0)

Anonymous Coward | more than 9 years ago | (#11109414)

...and I was thinking, coming soon: Grand Theft Crypto!

Time to drag out this old chestnut: (1)

This Old Chestnut (759273) | more than 9 years ago | (#11109427)

If encryption is outlawed only 99fe3301efbe195773b82b116f9cfb0b1de7b5bbc610b76f.

Plausible "yeah right" (4, Insightful)

Bronster (13157) | more than 9 years ago | (#11109444)

Let me get this straight - it can be proved that you

a) created a plausible deniability capable link; and

b) intentionally released the key to said link so that someone else could impersonate you later.

Frequently all that's needed is the fact that you communicated with somebody for evidence - not the specifics of what you said. Sure maybe you just called them up and did some heavy breathing down the line - there's no proof you actually _spoke_, but any jury in the world would convict you.

Of course you work around that by creating a new link every hour to the same person, and maybe or maybe not using it - but it still shows you're in communication with them. There's no way around that.

Nice idea, but don't think your child pornography dealing down this link is going to somehow get you off the hook.

Perl-ize this with that 25 line P2P (4, Funny)

fuzzy12345 (745891) | more than 9 years ago | (#11109458)

Quick, someone, anyone. Combine this with yesterday's P2P In 15 Lines of Perl: http://developers.slashdot.org/article.pl?sid=04/1 2/15/1953227&tid=95&tid=156&tid=1

Widespread adoption essential for plausibility (0)

Anonymous Coward | more than 9 years ago | (#11109462)

If you were the ONLY person actually using the system who could have written a message in question, then deniability would be far less plausible.

Ah... so that explains this IM conversation... (3, Funny)

Anonymous Coward | more than 9 years ago | (#11109475)

BillG: So, did the donation to the SCO fund to kill Linux go through?

SBallmer: Yep, sure did. And we even explained the need for us to buy one of their licenses for unlimited computers. You know, for our in-house independent benchmarking company. You know, the whole "Get the Facts" campaign?

BillG: I see... but this SCO thing doesn't look like it's going to work. We need to go after them in even more indirect ways to avoid more antitrust sanctions. With Ashcroft gone, we may get a harder wrist-slap than last time.

SBallmer: We're already getting the puppet companies set up now. They have applied for tons of patents that could destroy Linux. We simply buy a perpetual license to all patents for a cool billion, and we're set.

BillG: How can companies apply for patents that already exist in Linux? What about prior art?

SBallmer: Don't worry, there's plenty of critical new or rewritten code since the patent applications that violates them. We've even guessed what Linux might add in the future, and patented that as well!

BillG: But if those lawsuits fail.. then what?

SBallmer: Well, we're working on getting the GPL ruled illegal. We're also going to deal a blow to all open source operating systems by our deals with bios manufacturers to only run operating systems who have paid their license to get the code signed. (Don't worry, they listen to our piles of money - if they obey us, they money keeps coming)

BillG: So, you want the computer to be like an xbox, then? We might want to start drafting legislation for mod chips to prevent people from using linux.. er.. pirated copies of windows longhorn without the subscription/expiration feature. After all, we don't want people to use windows without paying their subscriptions...

SBallmer: Already in the works. Prebought PCs will include a 3 year subscription to Longhorn Home/Crippled Edition. After this 3 years is up, the people buy a new computer rather than renewing their license (for an old computer, mind you) for another 3 years. The money from Intel and Dell is already pouring in. We can't allow mod chips because people would just use that to load the Corporate Edition.

One Really Good Use (3, Interesting)

Thunderstruck (210399) | more than 9 years ago | (#11109486)

Is for folks in Law Firms. An option like this can permit a lawyer to communicate over the internet with a client in a secure way (because getting my client to go through the process of encrypting stuff with GPG is unlikely at best) ... but where intercepted be useless as evidence in court.

I gotta have it.

Re:One Really Good Use (0)

Anonymous Coward | more than 9 years ago | (#11109510)

Pfft Lawyers!

holy grail of file sharing (3, Funny)

Mantorp (142371) | more than 9 years ago | (#11109509)

a while back there was a story up here about a gaim plugin as a p2p app, couple it with this and you can say "It wasn't me" that downloaded that Shaggy album.

This is great! (3, Interesting)

lawpoop (604919) | more than 9 years ago | (#11109541)

What I would like to see is some kind of encrypted, p2p, email/IM replacement that doesn't rely on centralized servers. I realise what I've said is redundant -- P2P that doesn't rely on servers, but I'm trying to be clear. Messages would get routed through webs of trust, and if you lose your keys, you can have your new keys signed by people you know in real life. This would totally eliminate spam and ensure privacy and authentication for communcations.

Muaha (1, Funny)

Anonymous Coward | more than 9 years ago | (#11109579)

Kid: Hey, Mister Policeman! I just got an OTR message from Michael Jackson! He said he really did molest those kids, and he's really sorry about it. Of course, I can't prove he said it any more, but it authenticated as him originally! You believe me, right?
Police: You bet we do! We haven't forgotten that guy used to be black!

*sirens*

Hacked in 1 minute (1, Interesting)

Anonymous Coward | more than 9 years ago | (#11109630)

This is weak for the following reason:
The 'feature' of allowing numerous forgeries after the first packet is proved authentic is a weakness. All you need to do is intercept a packet, hold it and analyze it, forge your own message and send it first, then send the old packet, which will bounce as a forgery.

try again.

Shi7!! (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#11109645)

BE NIGGER! BE gAY!

So is this like... (1)

TheAwfulTruth (325623) | more than 9 years ago | (#11109660)

1) Charge up a bunch of stuff on line on your CC.
2) Immidiately post your CC number to the net.
3) In amongst other potential charges, deny that you made any of them.
4) Profit!
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>