[Cryptography] tamper-evident crypto?

John Denker jsd at av8n.com
Fri Sep 6 15:31:47 EDT 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/05/2013 06:48 PM, Richard Clayton wrote:
> so you'd probably fail to observe any background activity that tested
> whether this information was plausible or not .... and then some chance
> event would occur that caused someone from Law Enforcement (or even a
> furnace maintenance technician) to have to look in the basement.

Well, I'm sure /somebody/ on this list is clever enough to 
arrange countersurveillance and counterintrusion measures...
  a) especially given that detecting surveillance and/or
   intrusion is the whole point of the exercise;
  b) especially given that we have all the time in the world 
   to arrange boatloads of nanny-cams and silent alarms etc.,
   arranging everything in advance, before provoking the 
   opponent;
  c) especially given that we know it's a trap, and the
   opponent probably isn't expecting a trap;
  d) especially given that the opponent has a track record
   of being sometimes lazy ... for instance by swearing that 
   the fruits of illegal wiretaps came from a "confidential
   informant who has been reliable in the past" and using that
   as the basis for a search warrant, at which point you've
   got them for perjury as well as illegal wiretapping,
   *and* you know your information security is broken;
  e) especially given that we get to run this operation
   more than once.

> (assuming that the NSA considered this [kiddie porn]
>  important enough to pursue)
  *) If they don't like that flavor of bait, we can give
   them something else.  For example, it is known that 
   there is a large-diameter pipeline from the NSA to the
   DEA.
    http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/05/the-nsa-is-giving-your-phone-records-to-the-dea-and-the-dea-is-covering-it-up/
  *) Again:  We get to run this operation more than once.  

I repeat the question from the very beginning of this thread:
Shouldn't this be part of the /ongoing/ validation of any 
data security scheme?

There's a rule that says that you shouldn't claim a crypto
system is secure unless it has been subjected to serious
cryptanalysis.  I'm just taking the next step in this
direction.  If you want to know whether or not the system
is broken, /measure/ whether or not it is broken.

One of the rules in science, business, military planning,
et cetera is to consider /all/ the plausible hypotheses.
Once you consider the possibility that your data security
is broken, the obvious next step is to design an experiment
to /measure/ how much breakage there is.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iD8DBQFSKi2j2FOSJqrRXAoRAtJAAJ9zUubRz66YdcdRM3G3Wpx70TcDtgCgm9tE
xiI/Ikqt4PbbTDZeC0sK9vI=
=UYAV
-----END PGP SIGNATURE-----

More information about the cryptography mailing list