Re: [cryptography] Can there be a cryptographic "dead man switch"?

[mhey...@gmail.com]

On Wed, Sep 19, 2012 at 5:33 PM, Tim Dierks  wrote:
>
> If the "trustee" doesn't have access to the "safe" until after you're
> dead, then the encryption is unimportant: just keep your secrets
> in the safe unencrypted. If they can access the encrypted
> message before your dead, they can decrypt it in a few months
>
On Wed, Sep 19, 2012 at 5:08 PM, The Fungi  wrote:
>
> And how does the trustee get access to the encrypted form of the
> secret? If he has a copy of it encrypted with the old key, how do
> you ensure he throws it out when you reencrypt with the new key? If
> he doesn't get access to the encrypted secret until you die, then
> why not simply rely on that access mechanism and forget about
> encrypting it in the first place?
>
These are all good questions and correct because I didn't explain the
scheme well enough.

The trustee gets access to the encrypted secret as part of the estate.
If anybody, including the trustee, gets access to the encrypted secret
before death, the secret must be made worthless.

I was assuming the decrypted secret was similar to "locations of his
caches of gold" example from the original posting. When the grantor
detects that somebody may have gained access to the encrypted secret,
they have time to move the caches of gold. After moving the caches,
revealing the old secret no longer has any value.

Note, the encryption is still important because provides time to the
grantor to move the "caches of gold", thus keeping the valuables from
discovery. To enforce a reasonable amount of time to move the "caches
of gold", the encrypted secret sitting in the grantor's "safe" should
actually be onion-wrapped in weak keys. Just getting access to the
encrypted secret with the now revealed key delivered to the trustee
isn't enough. The onion-wrapping of the secret means one must still
break a number of day-strong keys before gaining access to the
"locations of caches of gold".

Yes, this scheme is pretty far from a crypto-only solution because it
requires the ability to move the "caches of gold" around in the
physical world - with the possibility of surveillance completely
bypassing the crypto altogether. As, such, it is not very clean and
elegant but it does satisfy the motivating application.

Michael Heyman
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Can there be a cryptographic "dead man switch"?

[Natanael]

In this case I definitely prefer my version that requires no activity at
all of this kind, unless somebody manages to hack a majority of the servers
you hired. None need at all to move something continuously, just wipe
enough of your servers so that the threshold can't be reached by the
hacker. Then you get new ones. You don't have to worry they have a massive
botnet or similiar decrypting it on their side. In your case they need to
hack just one computer, in mine that's at least two, or even twenty.

- Sent from my tablet
Den 22 sep 2012 14:13 skrev "mhey...@gmail.com" :

> On Wed, Sep 19, 2012 at 5:33 PM, Tim Dierks  wrote:
> >
> > If the "trustee" doesn't have access to the "safe" until after you're
> > dead, then the encryption is unimportant: just keep your secrets
> > in the safe unencrypted. If they can access the encrypted
> > message before your dead, they can decrypt it in a few months
> >
> On Wed, Sep 19, 2012 at 5:08 PM, The Fungi  wrote:
> >
> > And how does the trustee get access to the encrypted form of the
> > secret? If he has a copy of it encrypted with the old key, how do
> > you ensure he throws it out when you reencrypt with the new key? If
> > he doesn't get access to the encrypted secret until you die, then
> > why not simply rely on that access mechanism and forget about
> > encrypting it in the first place?
> >
> These are all good questions and correct because I didn't explain the
> scheme well enough.
>
> The trustee gets access to the encrypted secret as part of the estate.
> If anybody, including the trustee, gets access to the encrypted secret
> before death, the secret must be made worthless.
>
> I was assuming the decrypted secret was similar to "locations of his
> caches of gold" example from the original posting. When the grantor
> detects that somebody may have gained access to the encrypted secret,
> they have time to move the caches of gold. After moving the caches,
> revealing the old secret no longer has any value.
>
> Note, the encryption is still important because provides time to the
> grantor to move the "caches of gold", thus keeping the valuables from
> discovery. To enforce a reasonable amount of time to move the "caches
> of gold", the encrypted secret sitting in the grantor's "safe" should
> actually be onion-wrapped in weak keys. Just getting access to the
> encrypted secret with the now revealed key delivered to the trustee
> isn't enough. The onion-wrapping of the secret means one must still
> break a number of day-strong keys before gaining access to the
> "locations of caches of gold".
>
> Yes, this scheme is pretty far from a crypto-only solution because it
> requires the ability to move the "caches of gold" around in the
> physical world - with the possibility of surveillance completely
> bypassing the crypto altogether. As, such, it is not very clean and
> elegant but it does satisfy the motivating application.
> 
> Michael Heyman
> ___
> cryptography mailing list
> cryptography@randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
>
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Can there be a cryptographic "dead man switch"?

[StealthMonger]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

"mhey...@gmail.com"  writes:

> ... and the trustee (that I never really trusted) ...

Actually, Trustee may prefer to have no access to the secret so as to
be above suspicion if some of the gold should disappear.

- -- 


 -- StealthMonger 
Long, random latency is part of the price of Internet anonymity.

   anonget: Is this anonymous browsing, or what?
   
http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?dmode=source&output=gplain

   stealthmail: Hide whether you're doing email, or when, or with whom.
   mailto:stealthsu...@nym.mixmin.net?subject=send%20index.html


Key: mailto:stealthsu...@nym.mixmin.net?subject=send%20stealthmonger-key

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.9 

iEUEARECAAYFAlBd6UEACgkQDkU5rhlDCl5GZgCeIScQG+YT+FnX4swb9VpoA3r6
rLUAl1Yw38Zt7A+5ULNfbjSfYfZWN8A=
=08BZ
-END PGP SIGNATURE-

___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Can there be a cryptographic "dead man switch"?

[StealthMonger]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

"James A. Donald"  writes:

> On 2012-09-05 11:51 PM, StealthMonger wrote:

>> Can there be a cryptographic "dead man switch"?  A secret is to be
>> revealed only if/when signed messages stop appearing.  It is to be
>> cryptographically strong and not rely on a trusted other party.

> Such a system cannot exist:

> Obviously the messages have to appear on the system that contains the 
> secret.  Pull the internet connection.

Counter-measures to Donald's dilemma have so far involved servers too
hidden or numerous to simply "pull the internet connection".

Another approach is for the server to be "too big to fail", i.e.
public and widely used, so that a whole business would be destroyed if
the Internet connection were pulled.

It wouldn't take much capability in such a server to allow Grantor to
create a robot there which gives Trustee access to the secret, but
only if it doesn't hear from the Grantor for some time.  With suitable
permissions, the Trustee can even be given read-only access the whole
while to everything except to the secret itself, so that Trustee can
assure herself that it's all actually there.

Are there existing public servers that can provide this functionality?
Google mail?  Zooko's Tahoe?


- -- 


 -- StealthMonger 
Long, random latency is part of the price of Internet anonymity.

   anonget: Is this anonymous browsing, or what?
   
http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?dmode=source&output=gplain

   stealthmail: Hide whether you're doing email, or when, or with whom.
   mailto:stealthsu...@nym.mixmin.net?subject=send%20index.html


Key: mailto:stealthsu...@nym.mixmin.net?subject=send%20stealthmonger-key

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.9 

iEYEARECAAYFAlBd+C8ACgkQDkU5rhlDCl4gmQCeNRJga4jKwFecbsYWi1LgUSv6
eYsAniTaSeZ8raCBfENb9H+hgdfZ+bxB
=rty8
-END PGP SIGNATURE-

___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Can there be a cryptographic "dead man switch"?

[Natanael]

I can not imagine anything inherently trustable. I do not want to trust
that single server won't be hacked, tapped by NSA or raided by FBI.
Den 22 sep 2012 22:49 skrev "StealthMonger" :

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> "James A. Donald"  writes:
>
> > On 2012-09-05 11:51 PM, StealthMonger wrote:
>
> >> Can there be a cryptographic "dead man switch"?  A secret is to be
> >> revealed only if/when signed messages stop appearing.  It is to be
> >> cryptographically strong and not rely on a trusted other party.
>
> > Such a system cannot exist:
>
> > Obviously the messages have to appear on the system that contains the
> > secret.  Pull the internet connection.
>
> Counter-measures to Donald's dilemma have so far involved servers too
> hidden or numerous to simply "pull the internet connection".
>
> Another approach is for the server to be "too big to fail", i.e.
> public and widely used, so that a whole business would be destroyed if
> the Internet connection were pulled.
>
> It wouldn't take much capability in such a server to allow Grantor to
> create a robot there which gives Trustee access to the secret, but
> only if it doesn't hear from the Grantor for some time.  With suitable
> permissions, the Trustee can even be given read-only access the whole
> while to everything except to the secret itself, so that Trustee can
> assure herself that it's all actually there.
>
> Are there existing public servers that can provide this functionality?
> Google mail?  Zooko's Tahoe?
>
>
> - --
>
>
>  -- StealthMonger 
> Long, random latency is part of the price of Internet anonymity.
>
>anonget: Is this anonymous browsing, or what?
>
> http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?dmode=source&output=gplain
>
>stealthmail: Hide whether you're doing email, or when, or with whom.
>mailto:stealthsu...@nym.mixmin.net?subject=send%20index.html
>
>
> Key: mailto:stealthsu...@nym.mixmin.net?subject=send%20stealthmonger-key
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.10 (GNU/Linux)
> Comment: Processed by Mailcrypt 3.5.9 
>
> iEYEARECAAYFAlBd+C8ACgkQDkU5rhlDCl4gmQCeNRJga4jKwFecbsYWi1LgUSv6
> eYsAniTaSeZ8raCBfENb9H+hgdfZ+bxB
> =rty8
> -END PGP SIGNATURE-
>
> ___
> cryptography mailing list
> cryptography@randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
>
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Can there be a cryptographic "dead man switch"?

[StealthMonger]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Natanael  writes:

> I do not want to trust that single server won't be hacked, tapped by
> NSA or raided by FBI.

I absolutely agree.  But the adversary here is nothing like NSA or
FBI, and the stakes are nowhere near threats to any State, and nobody
has reason to believe otherwise.  Remember, this is basically a
friendly agreement between Grantor and Trustee and in the category of
"good fences make good neighbors".  Of course, the Trustee, to whose
key the secret is encrypted the whole while, has to use a strong key
to keep third parties out.

- -- 


 -- StealthMonger 
Long, random latency is part of the price of Internet anonymity.

   anonget: Is this anonymous browsing, or what?
   
http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?dmode=source&output=gplain

   stealthmail: Hide whether you're doing email, or when, or with whom.
   mailto:stealthsu...@nym.mixmin.net?subject=send%20index.html


Key: mailto:stealthsu...@nym.mixmin.net?subject=send%20stealthmonger-key

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.9 

iEYEARECAAYFAlBeLwgACgkQDkU5rhlDCl6z4wCdFwSXhSi1FarU53U/mlJelwKX
MN4AnA93gcQ5AnepfiFMq4S5l2K6KGq1
=L1pU
-END PGP SIGNATURE-

___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Can there be a cryptographic "dead man switch"?

[Natanael]

In that case Anonymous and other hacker groups is your problem.
Den 23 sep 2012 01:37 skrev "StealthMonger" :

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Natanael  writes:
>
> > I do not want to trust that single server won't be hacked, tapped by
> > NSA or raided by FBI.
>
> I absolutely agree.  But the adversary here is nothing like NSA or
> FBI, and the stakes are nowhere near threats to any State, and nobody
> has reason to believe otherwise.  Remember, this is basically a
> friendly agreement between Grantor and Trustee and in the category of
> "good fences make good neighbors".  Of course, the Trustee, to whose
> key the secret is encrypted the whole while, has to use a strong key
> to keep third parties out.
>
> - --
>
>
>  -- StealthMonger 
> Long, random latency is part of the price of Internet anonymity.
>
>anonget: Is this anonymous browsing, or what?
>
> http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?dmode=source&output=gplain
>
>stealthmail: Hide whether you're doing email, or when, or with whom.
>mailto:stealthsu...@nym.mixmin.net?subject=send%20index.html
>
>
> Key: mailto:stealthsu...@nym.mixmin.net?subject=send%20stealthmonger-key
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.10 (GNU/Linux)
> Comment: Processed by Mailcrypt 3.5.9 
>
> iEYEARECAAYFAlBeLwgACgkQDkU5rhlDCl6z4wCdFwSXhSi1FarU53U/mlJelwKX
> MN4AnA93gcQ5AnepfiFMq4S5l2K6KGq1
> =L1pU
> -END PGP SIGNATURE-
>
> ___
> cryptography mailing list
> cryptography@randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
>
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography