Re: Video Mules: (Was: Re: Psuedo-Private Key (eJazeera) )
At 10:23 AM 11/24/2002 -0600, Neil Johnson wrote: (Referring to previous thread about capturing video.) As I sit here looking at a 64 MB SD Card that I just picked up for $28 at my local Wally World, I was wondering why it (or it is larger capacity brethren) couldn't be used to record video and then (after appropriate protection) swallowed. Because there's no particularly good reason? :-) Because you can hide it well enough on your person, either hidden or else in plain sight disguised as a coat button or a fake police badge or a or "Off the Pigs" button? Because if you're in a situation where there's a real threat of this, you're probably much better off doing some kind of radio relay so that the surviving members of your cadre can upload the data, either plaintext, encrypted, or stegoed? Mules are trying to transmit atoms, not bits, and if you're trying to transmit bits, there are lots of ways to transmit bits. Some of the memory flake formats are really pretty thin and hidable, though the rotating disk versions aren't as easily concealed. But if you can do the mechanicals do make memory safely and recoverably swallowed, you can probably do the mechanicals to fit a backup storage system in your belt buckle or shoe-phone.
Re: Video Mules: (Was: Re: Psuedo-Private Key (eJazeera) )
At 10:12 PM 11/24/02 +0100, Eugen Leitl wrote: >On Sun, 24 Nov 2002, Tyler Durden wrote: > >> I believe Daniel Hillis (or was it Jaron Lanier?) inserted time-capsule >> information into a cockroach's DNA and released it into the Boston subways. >> He calculated that this would be the way to preserve information for the >> longest period of time. Sounds like a gedankenprank that neither are capable of doing without extra training. Especially since they probably haven't tested it by catching, grinding, and sequencing more roaches. >This assumes the insert doesn't result in negative fitness (could very >well be, if the insert kills a gene). > >Also, a fitness-neutral insert is likely to be lost, or severely garbled. >I hope very much he used a really good redundant encoding. Either the message is neutral, and encoded with lots of redundancy (because its going to be changed at the standard 1-in-a-thousand-base mutation rate, and not selected for) or the message is beneficial and is maintained by natural selection. The latter being tough to do, your best hope is an error correcting code. If the message is maladaptive (other than taking up space on the chromo, which for many critters isn't a big hassle) you're fucked.
Re: Video Mules: (Was: Re: Psuedo-Private Key (eJazeera) )
This assumes the insert doesn't result in negative fitness (could very well be, if the insert kills a gene). If the information is the history of human civilization, that may very well end up being information of great "negative fitness"! (We shall see...) Actually, from what I understand, there are huge swathes of every creature's genetic code made up of "useless" information. Some of these areas are apparently extremely old and do not change very often...as I remember Hillis (the guy who started "Thinking Machines" and is currently working on the Decamillineal clock) identified such an area in the cockroaches DNA and had the info inserted there. (Our own DNA has apparently a lot of junk also, as well as fragments of various encounters we've had over the aeons...there are apparently significant chunks of various viruses' DNA in there and other stuff...) Also, a fitness-neutral insert is likely to be lost, or severely garbled. I hope very much he used a really good redundant encoding. Although some things in a cockroach change pretty often (here in New York we are breeding a variety of extremely manueverable cockroaches), the DNA of the cockroach I think is extremely stable overall (aren't they like 100s of millions of years old?) _ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
Re: Video Mules: (Was: Re: Psuedo-Private Key (eJazeera) )
> couldn't be used to record video and then (after appropriate protection) > swallowed. Eventually this will happen. Maybe a video recorded into a DNA of a bacteria synthesized in a portable device ("diamond age", anyone ?) Ne protocols will be required ("if I infect this east coast girl, how long it will take for the message to get to south africa ?") Which will have interesting consequences. For the time being the state is comfortable sifting through wired internet (after winning the crypto war) and listening to airwaves. Maybe body-size state-inspected condoms will be required at all public places. = end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: Yahoo! Mail Plus Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
Re: Video Mules: (Was: Re: Psuedo-Private Key (eJazeera) )
> Lousy latency. Just put your DNA-encoded message in a microdot on your > dead tree letter, and PCR/sequence on arrival. Isn't all snail mail already irradiated ? Then soon. = end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: Yahoo! Mail Plus Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
Re: Video Mules: (Was: Re: Psuedo-Private Key (eJazeera) )
Not so science-fictiony... I believe Daniel Hillis (or was it Jaron Lanier?) inserted time-capsule information into a cockroach's DNA and released it into the Boston subways. He calculated that this would be the way to preserve information for the longest period of time. From: Morlock Elloi <[EMAIL PROTECTED]> To: Neil Johnson <[EMAIL PROTECTED]>, [EMAIL PROTECTED] Subject: Re: Video Mules: (Was: Re: Psuedo-Private Key (eJazeera) ) Date: Sun, 24 Nov 2002 12:03:39 -0800 (PST) > couldn't be used to record video and then (after appropriate protection) > swallowed. Eventually this will happen. Maybe a video recorded into a DNA of a bacteria synthesized in a portable device ("diamond age", anyone ?) Ne protocols will be required ("if I infect this east coast girl, how long it will take for the message to get to south africa ?") Which will have interesting consequences. For the time being the state is comfortable sifting through wired internet (after winning the crypto war) and listening to airwaves. Maybe body-size state-inspected condoms will be required at all public places. = end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: Yahoo! Mail Plus Powerful. Affordable. Sign up now. http://mailplus.yahoo.com _ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus
Re: Video Mules: (Was: Re: Psuedo-Private Key (eJazeera) )
On Sun, 24 Nov 2002, Morlock Elloi wrote: > Ne protocols will be required ("if I infect this east coast girl, how long it > will take for the message to get to south africa ?") Lousy latency. Just put your DNA-encoded message in a microdot on your dead tree letter, and PCR/sequence on arrival. > Which will have interesting consequences. For the time being the state is > comfortable sifting through wired internet (after winning the crypto war) and > listening to airwaves. Maybe body-size state-inspected condoms will be required > at all public places. Steganography looks way easier, though.
Video Mules: (Was: Re: Psuedo-Private Key (eJazeera) )
(Referring to previous thread about capturing video.) As I sit here looking at a 64 MB SD Card that I just picked up for $28 at my local Wally World, I was wondering why it (or it is larger capacity brethren) couldn't be used to record video and then (after appropriate protection) swallowed. Probably a lot safer than what most "mules" swallow (I see a Compact Flash card begin a little hard on the digestive track, but a SD or MMC card shouldn't been such a big deal). I can see it now , "The new prison diet for recently arrested demonstrators: ex-lax and bran muffins!" -Neil
Re: Video Mules: (Was: Re: Psuedo-Private Key (eJazeera) )
On Sun, 24 Nov 2002, Morlock Elloi wrote: > Isn't all snail mail already irradiated ? Then soon. It's not, because electron accelerators are a) expensive b) tend to damage mail. Besides, the few ug or ng dry DNA in the microdot is not a living being. It can remain readable at ridiculously high dosages.
Re: Video Mules: (Was: Re: Psuedo-Private Key (eJazeera) )
On Sun, 24 Nov 2002, Tyler Durden wrote: > I believe Daniel Hillis (or was it Jaron Lanier?) inserted time-capsule > information into a cockroach's DNA and released it into the Boston subways. > He calculated that this would be the way to preserve information for the > longest period of time. This assumes the insert doesn't result in negative fitness (could very well be, if the insert kills a gene). Also, a fitness-neutral insert is likely to be lost, or severely garbled. I hope very much he used a really good redundant encoding.
Re: Psuedo-Private Key (eJazeera)
hi, I had suggested the same for an encryption product called digisecret,this is what they had to say. >Here is an example where hiding cipher text in cipher text is ideal.. DigiSecret currently does not use assymmetric algorithms. Besides this the introduction of this technique will mean that the secret police will also know about this fact, so the person's harrowing experience with the secret police will just be doubled: first they will obtain the fake password and then the real one. Also it would not be hard to track it on the algorithm diciphering level and to understand that the message is not real. Regards Data. __ Do you Yahoo!? Yahoo! Mail Plus Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
RE: Psuedo-Private Key (eJazeera)
> And depending on the situation, the key-holder will decide > whether to give > them a key that destroys the real data, or that doesn't (and > hides it). Don't even bother trying to destroy the original. Chances are they will make a backup of everything before attempting anything. And destroying something is likely to be very obvious, and very damning. Best bet is to hide a second thing, which is kind of incriminating, but not much. And hide it less well that the real thing. People who think they understood the trick won't look any further, because they think they understood it. So, be sure to wail and complain when they discover the fake data, and not bear a knowing smile :) -- Vincent Penquerc'h
Re: Psuedo-Private Key (eJazeera)
Variola wrote... What's missing? What part of your threat model didn't they consider? Well, that the recipient of the message may not be on their own machine (not running "Rubberhose"), etc... Stego your activist photos into kiddie porn which is stegoed into >random plaintext cover images. When they discover your thoughtcrime, >they stop looking. I thought about this, but it has some problems in some cases. For one, if I know "they" are looking for (say) a simple text list, and I want them to get their list (so to speak), I will need to "hide" the list in a simple text list, and this doesn't sound very stego-friendly. In addition, they may not know that there's some stego in that photo NOW, but they'll hold on to the evidence for later. And one day they may have reason to check for more. It's better, then, to have the option of having the data be destroyed if the fake key is used. Gotta hide the tools, too, BTW, since you can assume They know how they are used. I don't know if the CIA advised the chinese underground on this re Pink Triangle or whatever. Else mere possession of the thing (like owning a one-hole glass flute with a faucet screen occluding the hole) makes you doubleplus unperson. Yes, this I think is the rub. Of course, the encrypt and decrypt programs could be different, with the decryption program showing no hint of the fact that two keys could be used for the same message (one of which leading to the false data). But that's only good for non-savvy typesimages smuggled out of banana republics and so on. I need to dig into my theory, but of course it would be nice if some messages so encrypted were reverse-compatible with existing systems (in other words, if I sent a message so encrypted to old PGP software, both keys will work just fine to decrypt that message). I don't consider this too likely, but I'll have to dig into the nitty-gritty of PGP to see. But if this were possible, it would solve that issue. Nobody would ever know if the user were even aware of this dual encryption. --- Got Aerosil? What the heck is Aerosil? Is that like UBIK? _ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail
Re: Psuedo-Private Key (eJazeera)
Tyler Durden wrote: [...] > Let's say I've been coerced into revealing the private key to a certain > encrypted message. And now, of course, the authorities use that key and open > the message, and see the contents (let's assume they are picture of a > demonstration or whatever). > > WOULDN'T IT BE NICE...If the original encrypted message actually had TWO > messages inside it, both very similar. In this example, one of the messages > is the "incriminating" pictures of the demonstration, the other is pictures > of Pam Anderson or whatever. > > AND, this double message has two private keys associated with it: one > corresponds to the Pam Anderson photos, the other corresponds to the > Demonstration photos. When coerced, I give up the key that opens the Pam > Anderson photos (while hopefully annhilating the Incriminating photos). > > Of course, there's no way the authorities know that there was another > message (not if done very cleverly...Pam Anderson photos might be a little > obvious) that they destroyed when they used the fake Private Key. > > Does this exist? Would it be difficult? Yes it exists. It's called deniable encryption. Two-level deniable encryption is not hard, but it usually involves increases in data size. There is some stuff about this in Crypto and Eurocrypt reports. Steganography and steganogaphic filing systems can do something similar, but the increase in message size tends to be larger. I am developing a form of deniable encryption (as part of m-o-o-t) that works slightly differently and does not involve message-size increases - in fact it it decreases message size. It's grammer-based and works a bit like this: A sentence is parsed, and eg a noun is encoded as a number relating to one of a publicly shared dictionary of nouns. This number is then encrypted. Decrypting with a random key will give a noun in that position in the sentence in all possible decryptions, and a good proportion of all randomly keyed decryptions will apparently make sense. There is a lot more involved, so eg both parties can give out the same false key, and so eg the same nouns used more than once in a message will decrypt to identical nouns in decryptions, as well as notions of closeness in the words used in a typical message, but I have done both the theoretical unicity calculations and some practical tests, and it works for email-length messages. The main implementation problems I have are coding time and that the only parser that works well enough is proprietary. If anyone else is working on something similar I would like to know. I'm probably not a cypherpunk, more a privacy avocate, but I do write code. :) -- Peter Fairbrother
Re: Psuedo-Private Key (eJazeera)
At 02:19 PM 11/20/02 -0500, Tyler Durden wrote: >From what I can grok this is not what I was looking for, but it IS a >valuable tool. What's missing? What part of your threat model didn't they consider? >What I'm talking about, I think, would be better in certain scenarios, as a >rubber-hose-holder can be made to THINK they have the real data, whereas in >reality they have a clever fake. (eg, instead of the real Cypherpunks wanted >list, they have Tim May's fake one...of course, another possibility would be >to have a big jpg of a hand with middle finger extended...) More than this, >they will have unknowingly destroyed the real data. (Perhaps a 3rd key is >needed that DOESN'T destroy the original data, just 'hides' it a la >Rubberhose.) Stego your activist photos into kiddie porn which is stegoed into random plaintext cover images. When they discover your thoughtcrime, they stop looking. Gotta hide the tools, too, BTW, since you can assume They know how they are used. I don't know if the CIA advised the chinese underground on this re Pink Triangle or whatever. Else mere possession of the thing (like owning a one-hole glass flute with a faucet screen occluding the hole) makes you doubleplus unperson. --- Got Aerosil?
Re: Psuedo-Private Key (eJazeera)
Well, the basic idea is to co-encrypt some "fake" data that looks like the real data, so that when they find it (using the key to the fake data of course) they'll figure you gave them the real key, because they won't know that there ever was a fake key leading to fake data. (And I suppose there's no reason not to allow for mutliple batches of fake data that get encrypted along with the real data.) And depending on the situation, the key-holder will decide whether to give them a key that destroys the real data, or that doesn't (and hides it). In some situations, the fake data could be something completely innocuous and unrelated to what "they" were looking for, or in other cases it could look like what they were looking for albeit with doctored information. From: dmolnar <[EMAIL PROTECTED]> To: Tyler Durden <[EMAIL PROTECTED]> CC: [EMAIL PROTECTED], <[EMAIL PROTECTED]> Subject: Re: Psuedo-Private Key (eJazeera) Date: Wed, 20 Nov 2002 15:49:55 -0500 (EST) On Wed, 20 Nov 2002, Tyler Durden wrote: > to have a big jpg of a hand with middle finger extended...) More than this, > they will have unknowingly destroyed the real data. (Perhaps a 3rd key is > needed that DOESN'T destroy the original data, just 'hides' it a la > Rubberhose.) The question I've seen asked about this is then -- how do you get them to stop beating you? If they know you might have some number of duress keys, one of which might undetectably hide the data, what stops them from beating you until 1) you give them a key that shows them what they want to see 2) you die Maybe this isn't that different from the ordinary unencrypted case, where if they don't find it on your HD they can accuse you of burying disks in the backyard or something. Or is the goal protecting the data and not protecting your life? -David _ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail
Re: Psuedo-Private Key (eJazeera)
On Wed, 20 Nov 2002, Tyler Durden wrote: > to have a big jpg of a hand with middle finger extended...) More than this, > they will have unknowingly destroyed the real data. (Perhaps a 3rd key is > needed that DOESN'T destroy the original data, just 'hides' it a la > Rubberhose.) The question I've seen asked about this is then -- how do you get them to stop beating you? If they know you might have some number of duress keys, one of which might undetectably hide the data, what stops them from beating you until 1) you give them a key that shows them what they want to see 2) you die Maybe this isn't that different from the ordinary unencrypted case, where if they don't find it on your HD they can accuse you of burying disks in the backyard or something. Or is the goal protecting the data and not protecting your life? -David
Re: Psuedo-Private Key (eJazeera)
From what I can grok this is not what I was looking for, but it IS a valuable tool. What I'm talking about, I think, would be better in certain scenarios, as a rubber-hose-holder can be made to THINK they have the real data, whereas in reality they have a clever fake. (eg, instead of the real Cypherpunks wanted list, they have Tim May's fake one...of course, another possibility would be to have a big jpg of a hand with middle finger extended...) More than this, they will have unknowingly destroyed the real data. (Perhaps a 3rd key is needed that DOESN'T destroy the original data, just 'hides' it a la Rubberhose.) And of course, we'd like to be able to do this on a message-by-message basis. From: Keith Ray <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: Psuedo-Private Key (eJazeera) Date: Wed, 20 Nov 2002 10:49:43 -0600 Quoting Tyler Durden <[EMAIL PROTECTED]>: > WOULDN'T IT BE NICE...If the original encrypted message actually had TWO > messages inside it, both very similar. In this example, one of the messages > is the "incriminating" pictures of the demonstration, the other is pictures > of Pam Anderson or whatever. > > Does this exist? Would it be difficult? Rubberhose by Julian Assange, Ralf P. Weinmann and Suelette Dreyfus http://www.rubberhose.org/ Rubberhose transparently and deniably encrypts disk data, minimising the effectiveness of warrants, coersive interrogations and other compulsive mechanims, such as U.K RIP legislation. Rubberhose differs from conventional disk encryption systems in that it has an advanced modular architecture, self-test suite, is more secure, portable, utilises information hiding (steganography / deniable cryptography), works with any file system and has source freely available. Currently supported ciphers are DES, 3DES, IDEA, RC5, RC6, Blowfish, Twofish and CAST. -- Keith Ray <[EMAIL PROTECTED]> -- OpenPGP Key: 0x79269A12 _ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail
Re: Psuedo-Private Key (eJazeera)
Quoting Tyler Durden <[EMAIL PROTECTED]>: > WOULDN'T IT BE NICE...If the original encrypted message actually had TWO > messages inside it, both very similar. In this example, one of the messages > is the "incriminating" pictures of the demonstration, the other is pictures > of Pam Anderson or whatever. > > Does this exist? Would it be difficult? Rubberhose by Julian Assange, Ralf P. Weinmann and Suelette Dreyfus http://www.rubberhose.org/ Rubberhose transparently and deniably encrypts disk data, minimising the effectiveness of warrants, coersive interrogations and other compulsive mechanims, such as U.K RIP legislation. Rubberhose differs from conventional disk encryption systems in that it has an advanced modular architecture, self-test suite, is more secure, portable, utilises information hiding (steganography / deniable cryptography), works with any file system and has source freely available. Currently supported ciphers are DES, 3DES, IDEA, RC5, RC6, Blowfish, Twofish and CAST. -- Keith Ray <[EMAIL PROTECTED]> -- OpenPGP Key: 0x79269A12