Good point.
Note: You forgot to reply to list.
On 02/09/17 22:11, Lachlan Gunn wrote:
> Le 2017-09-03 à 11:48, Mario Castelán Castro a écrit :
>> I am well aware of that. Although deniable encryption is not a panacea
>> it is an improvement. It gives less power to the correspondent to blackmail.
On 01/09/17 08:31, Andrew Gallagher wrote:
> On 31/08/17 03:35, Mario Castelán Castro wrote:
>> Writer and recipient have a Diffie-Hellman key over the same group and
>> know each other's public key.
>>
>> The writer computers the shared secret per the DH algorithm
>
> This is the real trick
On 31/08/17 03:35, Mario Castelán Castro wrote:
> Writer and recipient have a Diffie-Hellman key over the same group and
> know each other's public key.
>
> The writer computers the shared secret per the DH algorithm
This is the real trick though - the DH algorithm requires two-way
Hello. Thanks for your reply. I am aware of the first method as well as
a variation of the second (it had not occurred to me that they both can
use the same key!; I had thought that each correspondent used one key of
his own with a meaningless ID and used only for communication with the
other
On 30/08/17 00:57, Stefan Claas wrote:
> If your communication partners would use the same software, like opmsg.
>
> https://github.com/stealth/opmsg
>
> Or if you would use Bitmessage instead of classic email, then
> you have authenticated/encrypted messages too and can later
> nuke your keys,
On 30/08/17 21:35, Mario Castelán Castro wrote:
> (2) can be signed
> without deniablity implications, but is not necessary.
Apologies. The authentication code should not be signed either to keep
full deniability.
--
Do not eat animals; respect them as you respect people.
On 30/08/17 12:39, Stefan Claas wrote:
> But then it would be imho advisable that you use a different timestamp (time
> in the future), because when verifying the published message the timestamp
> would be earlier than the time the sec key would have appeared on the net,
> right?
Either the
Am 30.08.2017 um 11:43 schrieb Peter Lebbing:
With a little scripting, you could create a new ECC keypair (fast!)
for each
message, sign the keypair with your normal key, sign the message with the ECC
keypair. And when you want to backpedal on a signed message, publish the private
ECC key and
On 30/08/17 11:34, Mario Figueiredo wrote:
> Examples are
> dictatorships, and many forms of human relationships, including job
> relations.
I don't think a repudiable message lets you off the hook in those examples
either, least of all the dictatorship...!
> If one wants to use deniability with
On Tue, 29 Aug 2017 14:33:46 -0400
"Robert J. Hansen" wrote:
> You can prove origination *only if* you can prove the originating PC
> was not compromised. Given how common compromise is today -- a few
> years ago Vint Cerf estimated one in four desktop PCs was compromised
On Tue, 29 Aug 2017 13:21:58 -0500, Mario Castelán Castro wrote:
> Is there any existing, convenient way to do deniable authentication
> for e-mail?
If your communication partners would use the same software, like opmsg.
https://github.com/stealth/opmsg
Or if you would use Bitmessage i
On 8/29/2017 at 2:26 PM, "Mario Castelán Castro" wrote:Is there any
existing, convenient way to do deniable authentication for
e-mail?
=
There are workarounds to accomplish this:
[1] Sender 1 sends a signed and encrypted pgp e-mail to Receiver 1,
giving Receiver 1 a 'passphra
way to do deniable authentication is to take a shared secret.and use
that as the key to a MAC function. However, this does not seem to be
implemented in OpenPGP, although it could be done as an additional layer.
Is there any existing, convenient way to do deniable authentication for
e-mail
> We have OpenPGP/MIME to sign and encrypt e-mail, thus securing the
> communication. It is my understanding that the other party can
> publish the signature and the unencrypted message and thus prove
> that somebody in the possession of the private key wrote (or at
> least signed) the message.
14 matches
Mail list logo