[SGVLUG] Security "riddle"

[Emerson, Tom (*IC)]

> -----Original Message----- Of bb.odenthal at gmail.com
>
> Hmmm.   You meet each other in person, verify who you are
> with two forms of I'd and exchange locks to which only the
> other party has the key.  I send the box to the other party
> locked with their lock and secret message inside.  The other
> party unlocks the lock to which they only have the key and
> responds by sending the box locked my lock.

This pre-supposes that you CAN meet in person in advance of the exchange, and if that were the case, why bother with boxes and locks?  Why not exchange the item in question at that time?

This is also (classically) how PGP/GPG and other "PKI" systems work [which, of course, is why I thought of it as an example for security talks]

So, cutting to the chase, and I think you'll see this is essentially the same thing without the need for a face-to-face meeting, the actual answer given is as follows:

  1) place the item in the box and lock it with your lock
  2) send the item to the recipient.
  3) the recipient ADDS his own lock to the box and RETURNS it
  4) when you receive the box back, you REMOVE your lock and send it again

  5) [this is where my "insidious" comment comes in]
     the postal service, notices this exchange of multiply-locked boxes back in forth in quick succession and becomes suspicious, and simply cuts the lock off to "inspect" the contents [brute force removal] - they do this "because they are the government and believe they have the right to know what you're up to..."  they will use arguments to the effect that they are (a) protecting innocent folks from potentially hazardous shipments, and (b) you've empowered them to do so in the first place [whether or not those arguments are valid would take it's own thread to discuss...]

  6) the recipient can remove his own lock and retrieve the contents.  If the lock was cut, they know the integrity of the shipment has been compromised [i.e., a gpg signature "failure"]