[messaging] Value of deniability

Alex Kropivny alex.kropivny at gmail.com
Fri Dec 19 01:34:35 PST 2014


As entertaining and awesome as this discussion has been, it does seen that there are two goals lying on opposite sides of the status quo of plain text evidence. Any weird crypto stuff (network logs + long term keys?) added to the plain text evidence can have two properties:

1. Signature deniability, to not provide more evidence than status quo.
2. Plaintext deniability, to provide less evidence than status quo.

2 is stronger than 1.

OTR tries to give 1. 

IANAL, but technology is witchcraft so 1 is probably the case in courts for now, regardless of whether it's OTR or cryptocat. Maybe that will change in the future?

Logs off by default gives 2. 

Mixing messages with Markov chain garbage ala @thegrgq_ebooks and using a covert channel in nonces (with an  ephemeral key) to hide the garbage in conversations but not long term logs gives some 2. 

Giving remote parties an easy to use API to write to your logs as you gives 2, but also gives remote parties the chance to wire illegal material to your logs.

Dumping logs to a public key with the private key protected by a separate password gives 2, and is less extreme than no logs at all.


This doesn't feel groundbreaking or exciting the way forward secrecy, or short public keys, or password-based private key derivation feel.

Does anyone see a cool possibility I don't?

On December 18, 2014 3:56:57 PM PST, Sam Lanning <sam at samlanning.com> wrote:
>For those that are interested, I wrote a summary blog post on this
>whole
>thing.
>
>http://samlanning.com/blog/deniability/
>
></shameless_plug>
>
>Feedback would be welcomed. =)
>
>Cheers,
>Sam.
>
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Messaging mailing list
>Messaging at moderncrypto.org
>https://moderncrypto.org/mailman/listinfo/messaging



More information about the Messaging mailing list