more Toto keys... so what's it all mean
Martin Minow
minow at pobox.com
Wed Oct 14 11:28:36 PDT 1998
Adam Back <aba at dcs.ex.ac.uk> summarizes the Toto-files by noting
>
>As to what it means -- it means that one or more others could have
>been the author of the message the IRS claim Carl Johnson wrote. Heck
>anyone could sign posts with that key now.
>
This suggests that a cynical, paranoid, person could create a
"deniable" signature key by doing what "Toto" did:
1. Choosing a key length that a "very competent attacker" (i.e.
a TLA), and only a "very competent attacker", could factor.
2. Signing a message and leaving the public key that signed
that message on a public site.
Now, when you are accused of signing a message, you can raise
a "reasonable doubt" defence by claiming that the TLA may have
reconstructed the private key that signed the message in question.
Martin Minow
minow at pobox.com
More information about the Testlist
mailing list