| Viewing Single Post From: Keys That Disappear, Forever? | |
|---|---|
| insecure | Jul 21 2006, 02:31 AM |
|
Elite member
  ![]](http://209.85.122.85/static/1/pip_r.png)
|
It is easy to think of a situation where you want keys to disappear immediately. Alice lives in the UK, where the Regulation of Investigatory Powers Act (RIPA) has been in force for the last six years or so. She wishes to communicate securely with Bob, but she suspects her communications are being tapped by Eve (who works for GCHQ). The problem Alice has is this: that at any moment, she might get PC Mallory knocking on the door with an order signed by an appropriate person (e.g. Eve's pet magistrate), requiring her to (a) hand over her crypto keys, and (b) decline to inform anyone that this has happened. Breaching either requirement can result in a long prison term. Alice is prepared to go to prison if necessary, but she is not prepared to compromise her security. Being an untrusting soul, she reckons that simply refusing to hand over her keys won't do the trick - if the keys are there to be found, PC Mallory will just handcuff her and go looking for the keys himself on her computer. So Alice and Bob work according to the following system: Alice's and Bob's computers pick some random numbers, without saving those numbers to disk and without informing their users of the numbers. The computers then do Diffie-Hellman sufficiently many times to generate a 256-bit shared key which, again, they don't inform their users about. This truly secret key - known to no humans whatsoever - is used to encrypt via, say, AES or TwoFish, and the encrypted data is transmitted and decrypted immediately. The computers then erase the keys from memory. The decrypted data is not written to disk; it is just shown on the screen, and a single keypress blows it away forever. When PC Mallory calls, Alice can honestly tell him that she doesn't know her crypto keys. It may well be that the judge takes the view that Alice should know her keys, and might imprison her anyway as a result - but GCHQ don't get to decrypt the message. |
 |
|
| Keys That Disappear, Forever? · Debates | |
7:46 PM Nov 28
