Re: [Cryptography] dead man switch [was: Re: Snowden "fabricated digital keys" to get access to NSA servers?]
for a novel treatment of a dead man switch, read _Daemon_ by Leinad Zeruas botnet that uses MainStreamMedia news feeds as a covert channel insofar as the MSM cannot help themselves but to publicize nasty events that the botnet is itself capable of causing, thus allowing the botnet to know collectively what each part of it is doing and that without a C&C channel other than the repurposed MSM; the fun begins when the botnet reads the obituary of a certain person --dan ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] dead man switch [was: Re: Snowden "fabricated digital keys" to get access to NSA servers?]
On Jul 5, 2013, at 12:07 PM, StealthMonger wrote: >> A lawyer or other (paid) confidant was given instructions that would >> disclose the key. "Do this if something happens to me." > > An adversary can verify an open source robot, but not such instructions. > > NSA cannot verify a claim that such instructions have been given (unless > they know the lawyer's identity, but in that case they can "interfere"). > (On the other hand, NSA cannot afford to assume that such a claim is a > bluff, and that's the strength of this idea.) > > The intended interpretation of the "open source" clause in the original > problem statement is that anyone could inspect the workings of the robot > and verify that it does indeed "harbor a secret" and that if the signed > messages stop coming it will indeed release that secret. A false dichotomy. If there were an actual physical robot, it could be "interfered with" even more easily than a lawyer. The point of the open source implementation is that it serves as a proof of context: It shows something that could have any number of physical manifestations in unknown locations, and any one of them would be an effective dead-man switch. However, the lawyer's instructions serve the same role: Since *this* lawyer has instructions that would lead to release, there could be others with exactly the same instructions. Software - and instructions to lawyers - on their own don't do anything. They have to be physically instantiated in the appropriate medium to affect the world. That's always the hard part to pull off in an adversarial environment. -- Jerry ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
[Cryptography] dead man switch [was: Re: Snowden "fabricated digital keys" to get access to NSA servers?]
Richard Salz writes: >> How could it be arranged that "if anything happens at all to Edward >> Snowden, he told me he has arranged for them to get access to the full >> archives"? > A lawyer or other (paid) confidant was given instructions that would > disclose the key. "Do this if something happens to me." An adversary can verify an open source robot, but not such instructions. NSA cannot verify a claim that such instructions have been given (unless they know the lawyer's identity, but in that case they can "interfere"). (On the other hand, NSA cannot afford to assume that such a claim is a bluff, and that's the strength of this idea.) The intended interpretation of the "open source" clause in the original problem statement is that anyone could inspect the workings of the robot and verify that it does indeed "harbor a secret" and that if the signed messages stop coming it will indeed release that secret. (For example, in one implementation -- NOT CRYPTOGRAPHICALLY STRONG -- a secret file's access permissions can only be granted by the robot.) -- -- StealthMonger Long, random latency is part of the price of Internet anonymity. anonget: Is this anonymous browsing, or what? http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?dmode=source&output=gplain stealthmail: Hide whether you're doing email, or when, or with whom. mailto:stealthsu...@nym.mixmin.net?subject=send%20index.html Key: mailto:stealthsu...@nym.mixmin.net?subject=send%20stealthmonger-key pgpCBTbveGDzX.pgp Description: PGP signature ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
