Russell Nelson <[EMAIL PROTECTED]> writes:
>> Nobody's mentioned the possibility of an encryption system which
>> always encrypts two documents simultaneously, with two different keys:
>> one to retrieves the first (real) document, and the second one which
>> retrieves to the second (innocuous) document.
The coercer is likely to know you're using such a system (if nothing
else, ciphertext more than incrementally larger than plaintext is a
red flag), and will demand both documents. I could conceive of stego
which might permit this, since large expansion ratios are normal, but
if you're doing stego, and they're asking for keys, you've already
lost.
I'm curious how they plan on dealing with perfect forward secrecy.
Practically, it means they can't usefully demand session decryption,
which makes the law's usefulness somewhat questionable. Conveniently,
I can very likely *prove* that I no longer have the key, since the
software will delete it as soon as the session ends, and my wetware
never even knew the key.
Marc
