Friday, February 11, 2011

encrypted message passing with plausible deniability

so, RedPhone is encrypted VoIP with an intermediary to pass the connection off. with this it's possible for a foreign power to force you to reveal the nature of the call. their other product, TextSecure, offers little in the way of "encrypted SMS" because they use OTR which is effectively pointless with a man in the middle. however, if you wanted to transmit a message with plausible deniability, you could do it like this.

create a store-and-forward service for anonymous message pushing and pulling. make all messages encrypted and have a set size. something decent enough for a small compressed media file. every time you connect you push an encrypted message of this size and you pull one of the same size. every single time. time between each successful communication should be something like every half hour or every hour.

the result should be that nobody can tell if you were actually sending or receiving anything because it always sends and receives something, all the time, regardless of whether you needed to do anything. you could also have it encrypt like a matroska file so you can encode multiple files, and possibly even an encryption package which only decrypts parts of the payload as determined by the encryption term used, so if you used one decryption term it decrypts an MP3 file, and another decryption term reveals secret documents. plausible deniability!

No comments:

Post a Comment