Re: E-mail with deniable authentication

2017-09-05 Thread Mario Castelán Castro
Good point. Note: You forgot to reply to list. On 02/09/17 22:11, Lachlan Gunn wrote: > Le 2017-09-03 à 11:48, Mario Castelán Castro a écrit : >> I am well aware of that. Although deniable encryption is not a panacea >> it is an improvement. It gives less power to the correspondent to blackmail.

Re: E-mail with deniable authentication

2017-09-02 Thread Mario Castelán Castro
On 01/09/17 08:31, Andrew Gallagher wrote: > On 31/08/17 03:35, Mario Castelán Castro wrote: >> Writer and recipient have a Diffie-Hellman key over the same group and >> know each other's public key. >> >> The writer computers the shared secret per the DH algorithm > > This is the real trick

Re: E-mail with deniable authentication

2017-09-01 Thread Andrew Gallagher
On 31/08/17 03:35, Mario Castelán Castro wrote: > Writer and recipient have a Diffie-Hellman key over the same group and > know each other's public key. > > The writer computers the shared secret per the DH algorithm This is the real trick though - the DH algorithm requires two-way

Re: E-mail with deniable authentication

2017-08-30 Thread Mario Castelán Castro
Hello. Thanks for your reply. I am aware of the first method as well as a variation of the second (it had not occurred to me that they both can use the same key!; I had thought that each correspondent used one key of his own with a meaningless ID and used only for communication with the other

Re: E-mail with deniable authentication

2017-08-30 Thread Mario Castelán Castro
On 30/08/17 00:57, Stefan Claas wrote: > If your communication partners would use the same software, like opmsg. > > https://github.com/stealth/opmsg > > Or if you would use Bitmessage instead of classic email, then > you have authenticated/encrypted messages too and can later > nuke your keys,

Re: E-mail with deniable authentication

2017-08-30 Thread Mario Castelán Castro
On 30/08/17 21:35, Mario Castelán Castro wrote: > (2) can be signed > without deniablity implications, but is not necessary. Apologies. The authentication code should not be signed either to keep full deniability. -- Do not eat animals; respect them as you respect people.

Re: E-mail with deniable authentication

2017-08-30 Thread Peter Lebbing
On 30/08/17 12:39, Stefan Claas wrote: > But then it would be imho advisable that you use a different timestamp (time > in the future), because when verifying the published message the timestamp > would be earlier than the time the sec key would have appeared on the net, > right? Either the

Re: E-mail with deniable authentication

2017-08-30 Thread Stefan Claas
Am 30.08.2017 um 11:43 schrieb Peter Lebbing: With a little scripting, you could create a new ECC keypair (fast!) for each message, sign the keypair with your normal key, sign the message with the ECC keypair. And when you want to backpedal on a signed message, publish the private ECC key and

Re: E-mail with deniable authentication

2017-08-30 Thread Peter Lebbing
On 30/08/17 11:34, Mario Figueiredo wrote: > Examples are > dictatorships, and many forms of human relationships, including job > relations. I don't think a repudiable message lets you off the hook in those examples either, least of all the dictatorship...! > If one wants to use deniability with

Re: E-mail with deniable authentication

2017-08-30 Thread Mario Figueiredo
On Tue, 29 Aug 2017 14:33:46 -0400 "Robert J. Hansen" wrote: > You can prove origination *only if* you can prove the originating PC > was not compromised. Given how common compromise is today -- a few > years ago Vint Cerf estimated one in four desktop PCs was compromised

Re: E-mail with deniable authentication

2017-08-30 Thread Stefan Claas
On Tue, 29 Aug 2017 13:21:58 -0500, Mario Castelán Castro wrote: > Is there any existing, convenient way to do deniable authentication > for e-mail? If your communication partners would use the same software, like opmsg. https://github.com/stealth/opmsg Or if you would use Bitmessage i

Re: E-mail with deniable authentication

2017-08-29 Thread vedaal
On 8/29/2017 at 2:26 PM, "Mario Castelán Castro" wrote:Is there any existing, convenient way to do deniable authentication for e-mail? = There are workarounds to accomplish this: [1] Sender 1 sends a signed and encrypted pgp e-mail to Receiver 1, giving Receiver 1 a 'passphra

E-mail with deniable authentication

2017-08-29 Thread Mario Castelán Castro
way to do deniable authentication is to take a shared secret.and use that as the key to a MAC function. However, this does not seem to be implemented in OpenPGP, although it could be done as an additional layer. Is there any existing, convenient way to do deniable authentication for e-mail

Re: E-mail with deniable authentication

2017-08-29 Thread Robert J. Hansen
> We have OpenPGP/MIME to sign and encrypt e-mail, thus securing the > communication. It is my understanding that the other party can > publish the signature and the unencrypted message and thus prove > that somebody in the possession of the private key wrote (or at > least signed) the message.