[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Weak stenography.



Phil Karn writes:
...
> etc). But if you ever want to be able to retrieve it, you have to leave
> yourself an Achilles Heel: somewhere you need to keep a computer
> program, in plaintext, that you can execute to extract and decrypt the
> hidden ciphertext.
> 
> You may be able to get away with claiming that the low order bits of
> your Doors tapes really *are* meaningless random bits picked up when you
> dubbed all your worn-out LPs to DAT, but if they find "readdat.exe" on
> your PC, disassemble it and discover that it's a program to extract and
> decrypt ciphertext from DAT tapes, you're in trouble. And if you encrypt
> your copy of "readdat.exe", well, you now need a plaintext decryption
> program to decrypt THAT.
> 
> Short of devising a scheme that's so simple that you don't mind recoding
> it from scratch (and from memory) every time you want to extract and
> decrypt something, what can be done?

Some solutions:

1. Make programs like "readdat.exe" ubiquitous...distribute them on
shareware disks, CD-ROMs, etc. Thus, many households and offices will
have "readdat.exe"-like programs, whether they use them or not. Mere
possession of such a program will thus not be unusual or
suspicion-provoking. (This is of course one of the strategies in
making PGP and related programs ubiquitous.)

(Note that the storage of the _key_ is another matter, and is a
problem with most crypto schemes. For data stored in low-order bits on
a DAT, and retrievable with "readdat.exe," a pass-phrase of sufficient
length can be used.)

2. The bit-reading program "readdat.exe" can be stored remotely,
perhaps at an ftp site, so the user can retrieve it only when he needs
to use it, then flush it.

(I favor the "ubiquitous" route, as frequent retrievals make
themselves known in other ways....and may even draw attention to a
user in the first place.)

-Tim May



-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
[email protected]       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^756839 | Public Key: PGP and MailSafe available.
Note: I put time and money into writing this posting. I hope you enjoy it.