Re: E-mail with deniable authentication

Good point. Note: You forgot to reply to list. On 02/09/17 22:11, Lachlan Gunn wrote: > Le 2017-09-03 à 11:48, Mario Castelán Castro a écrit : >> I am well aware of that. Although deniable encryption is not a panacea >> it is an improvement. It gives less power to the correspondent to blackmail.

Re: E-mail with deniable authentication

On 01/09/17 08:31, Andrew Gallagher wrote: > On 31/08/17 03:35, Mario Castelán Castro wrote: >> Writer and recipient have a Diffie-Hellman key over the same group and >> know each other's public key. >> >> The writer computers the shared secret per the DH algorithm > > This is the real trick

Re: E-mail with deniable authentication

On 31/08/17 03:35, Mario Castelán Castro wrote: > Writer and recipient have a Diffie-Hellman key over the same group and > know each other's public key. > > The writer computers the shared secret per the DH algorithm This is the real trick though - the DH algorithm requires two-way

Re: E-mail with deniable authentication

Hello. Thanks for your reply. I am aware of the first method as well as a variation of the second (it had not occurred to me that they both can use the same key!; I had thought that each correspondent used one key of his own with a meaningless ID and used only for communication with the other

Re: E-mail with deniable authentication

On 30/08/17 00:57, Stefan Claas wrote: > If your communication partners would use the same software, like opmsg. > > https://github.com/stealth/opmsg > > Or if you would use Bitmessage instead of classic email, then > you have authenticated/encrypted messages too and can later > nuke your keys,

Re: E-mail with deniable authentication

On 30/08/17 21:35, Mario Castelán Castro wrote: > (2) can be signed > without deniablity implications, but is not necessary. Apologies. The authentication code should not be signed either to keep full deniability. -- Do not eat animals; respect them as you respect people.

Re: E-mail with deniable authentication

On 30/08/17 12:39, Stefan Claas wrote: > But then it would be imho advisable that you use a different timestamp (time > in the future), because when verifying the published message the timestamp > would be earlier than the time the sec key would have appeared on the net, > right? Either the

Re: E-mail with deniable authentication

Am 30.08.2017 um 11:43 schrieb Peter Lebbing: With a little scripting, you could create a new ECC keypair (fast!) for each message, sign the keypair with your normal key, sign the message with the ECC keypair. And when you want to backpedal on a signed message, publish the private ECC key and

Re: E-mail with deniable authentication

On 30/08/17 11:34, Mario Figueiredo wrote: > Examples are > dictatorships, and many forms of human relationships, including job > relations. I don't think a repudiable message lets you off the hook in those examples either, least of all the dictatorship...! > If one wants to use deniability with

Re: E-mail with deniable authentication

On Tue, 29 Aug 2017 14:33:46 -0400 "Robert J. Hansen" wrote: > You can prove origination *only if* you can prove the originating PC > was not compromised. Given how common compromise is today -- a few > years ago Vint Cerf estimated one in four desktop PCs was compromised

Re: E-mail with deniable authentication

On Tue, 29 Aug 2017 13:21:58 -0500, Mario Castelán Castro wrote: > Is there any existing, convenient way to do deniable authentication > for e-mail? If your communication partners would use the same software, like opmsg. https://github.com/stealth/opmsg Or if you would use Bitmessage instead

Re: E-mail with deniable authentication

On 8/29/2017 at 2:26 PM, "Mario Castelán Castro" wrote:Is there any existing, convenient way to do deniable authentication for e-mail? = There are workarounds to accomplish this: [1] Sender 1 sends a signed and encrypted pgp e-mail to Receiver 1, giving Receiver 1 a 'passphrase' which

Re: E-mail with deniable authentication

> We have OpenPGP/MIME to sign and encrypt e-mail, thus securing the > communication. It is my understanding that the other party can > publish the signature and the unencrypted message and thus prove > that somebody in the possession of the private key wrote (or at > least signed) the message.