[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: steganography
Bill Stewart <[email protected]> said:
>I think Kragen's definition of "Steganographically Strong" is a bit overstrong.
>He suggests that the cyphertext should not be recognizeable by its own program,
>with no checksums or program-specific delimiters, headers, etc.
>If checksums become widely used in other data formats (e.g. MIME or whatever),
>having them used in "innocent-looking-format" is ok.
>And having a checksum that only checks out if you have the correct key
>for decrypting the file is relatively ok, assuming you use strong encryption;
>it's really no more of a giveaway than having the correctly-decrypted
>plaintext have other recognizeable format, such as all-ascii or MIME or GIF.
What you want to avoid is giving any spooks/agents the ability to:
A> Quickly scan GIFs (or whatever) on your hard disk (or .binary.
newsgroups) for files that are "likely" to be hiding something.
B> Be able to prove that you have an encrypted file. If they get that proof
they can apply pressure to you to get the key.
Anything that allows either of the above is only providing moderate security.