m-o-o-t Security Page

m-o-o-t is for everybody, including the cryptographically ignorant. One of the major design goals of m-o-o-t is to make it almost impossible for anyone to do anything insecure with it.

If Plod seizes your computer, there's nothing on it.

If Plod intercepts you and demands keys to the interceptions, you can't give them deleted keys.

If they demand plaintext to interceptions - "I can't identify that interception/I've deleted the data in the data haven/It was a random message/it was a housekeeping message I don't understand/I don't know what it was". Sending random data helps this and mostly defeats traffic analysis. It's been said that "you can't tell Plod that you're sending random data", but if your cryptosuite does it for you anyway...

If they demand access to your data haven accounts if necessary you can give a false key which will decode sensibly, but not to your secrets. If they somehow get the raw contents of your accounts you can do the same, or you can deny that there is anything in the random data. Ultimately you can take the hit rather than give away your secrets.

Of course, if they outlaw unaccessable-by-them crypto we'll have to write a stego version... as an undetectable program... but someone is doing that already.

security notes


main page . product . code . cryptography . security . FAQ

You can contact us here
You can join our mailing list m-o-o-t here. It's low volume and technical.